XML: It is a markup language for transmitting data.

JSON: A Lightweight Data Exchange Format

APP interface is mainly JSON output format.

Three elements of APP interface output format:

1. code:: error code

2. Message: Description corresponding to the error code.

3. Data: data returned by the interface.

Who has the right to call the APP interface, the client needs to bring credentials to call the APP interface.

JWT's principles are:

After the server is authenticated, a JSON object will be generated and returned to the user. All subsequent client requests will carry this JSON object. The server relies on this JSON object to identify the user.

Composition: header, payload, signature

1. Header

Tell me what I am.

The header usually contains two parts: type and encryption algorithm.

{

" alg": "HS256 "，

Typical: JWT

}

The header needs to be encoded by Base64Url as the first part of IWT.

2. Payload

Payload includes three types: declaration, reservation, public and private.

The retention of these claims is predefined by JWT and is not mandatory. Commonly used are:

1).iss: Issuer.

2).exp: Expiration timestamp

3). Sub: User-oriented

4). AUD: Receiver

5).iat: release time

{

“sub”:" 1234567890",

Name: anonymous,

Management: true

}

Payload needs to be encoded by Base64Url as the second part of JWT.

Step 3 sign

Create a signature with the encoded header, payload and key, and sign with the signature algorithm specified in the header.

HMACSHA256(

base64UrlEncode(header) +"。 +

Base64UrlEncode (payload),

secret

)

The signature is done on the server side, and the client does not know it, so it is safe.