API interface, similar to/refund/order _ ID =123&; Mch_id= 123, and my refund order number is merchant mch_id= 123. It will be extremely dangerous if the server does not recognize the identity of the initiator of the request.

Generally speaking, on the PC side, we identify members and maintain conversations by encrypting cookie; But cookie belong to the browser's local storage function. APP can't be used, so we have to identify members through token parameters; What should I do with this token?

To extend, the security of the interface is mainly designed around three mechanisms: token, timestamp and sign to ensure that the data of the interface will not be tampered with and repeatedly called.

Generally speaking, it is unrealistic to encrypt or pre-load data at the front end. When the front-end and the back-end use the HTTP protocol to interact, because the HTTP message is plaintext, usually sensitive information can be encrypted at the front-end and decrypted at the back-end to achieve the effect of "confusion", thus avoiding the disclosure of sensitive information (such as passwords, certificate information, etc.). ) in the process of transmission. However, front-end encryption can only ensure that information is' confused' during transmission. It is not safe for experts to get data through the debugger. The so-called front-end encryption only slightly increases the attacker's cost and cannot guarantee real security. Even if you say that RSA public key encryption is done at the front end, it is very likely that the master gets the public key and uses it to encrypt data and send it to the server, so we must think that the data at the front end is unreliable and the server should distinguish it. Sensitive information is suggested on /wiki/doc/api/jsapi.php? Chapter 4 _3

In point 1, the most important step of its signature algorithm is to splice the private API key of the merchant at the end, and then generate a signature through md5. At this time, even if the amount is clear, it is safe. If someone obtains and modifies the amount, he can't forge the signature field because he can't know the API key of the merchant. Of course, in addition to the signature generation method of WeChat payment stitching API, we can also sign the private key through the security package that comes with java. Among them, nonce random string and WeChat payment should be verified to prevent replay attacks and ensure that a request is valid. If nonce already exists on WeChat payment, it means that the request has been executed and refused to be executed.

Teacher Ruan Yifeng's blog-RSA algorithm principle:/blog/2013/07/RSA _ algorithm _ part _ two.html.

Wikipedia: https://zh.wikipedia.org/wiki/RSA% E5% 8a% A0% E5% AF% 86% E6% BC% 94% E7% AE% 97% E6% B3% 95.