一键登录与业务风控 API
最近更新:2024-01-12
一键登录与业务风控 API
功能说明
提交 loginToken,验证后返回手机号码,同时识别手机号的业务风险分值。
调用地址
Android 和 iOS 使用
POST https://api.verification.jpush.cn/v2/web/loginTokenVerify
Web 使用
POST https://api.verification.jpush.cn/v2/web/h5/loginTokenVerify
调用验证
详情参见 REST API 概述的 鉴权方式 说明。
请求示例
curl --insecure -X POST -v https://api.verification.jpush.cn/v2/web/loginTokenVerify -H "Content-Type: application/json" -u "7d431e42dfa6a6d693ac2d04:5e987ac6d2e04d95a9d8f0d1" -d '{
"loginToken": "STsid0000001542695429579Ob28vB7b0cYTI9w0GGZrv8ujUu05qZvw",
"exID": "1234566",
"ip": "127.0.0.1"
}'
curl --insecure -X POST -v https://api.verification.jpush.cn/v2/web/loginTokenVerify -H "Content-Type: application/json" -u "7d431e42dfa6a6d693ac2d04:5e987ac6d2e04d95a9d8f0d1" -d '{
"loginToken": "STsid0000001542695429579Ob28vB7b0cYTI9w0GGZrv8ujUu05qZvw",
"exID": "1234566",
"ip": "127.0.0.1"
}'
此代码块在浮窗中显示
请求参数
关键字 | 类型 | 选项 | 含义 |
---|---|---|---|
loginToken | String | 必填 | 认证SDK获取到的 loginToken |
ip | String | 可选 | sdk 端 ip |
exID | String | 可选 | 开发者自定义的 id,非必填 |
响应示例
请求成功
{
"id": 117270465679982592,
"code": 8000,
"content": "get phone success",
"exID": "1234566",
"phone": "HpBLIQ/6SkFl0pAq0LMdw1aZ8RHoofgWmaY//LE+0ahkSdHC5oTCnjrR8Tj8y5naKVI03torFU+EzAQnwtVqAoQyYckT0S3Q02TKuAal3VRGiR5Lmp4g2A5Mh4/W5A4o6QFviHuBVJZE/WV0AzU5w4NGhpyQntOeF0UyovYATy4=",
"score": 0
}
{
"id": 117270465679982592,
"code": 8000,
"content": "get phone success",
"exID": "1234566",
"phone": "HpBLIQ/6SkFl0pAq0LMdw1aZ8RHoofgWmaY//LE+0ahkSdHC5oTCnjrR8Tj8y5naKVI03torFU+EzAQnwtVqAoQyYckT0S3Q02TKuAal3VRGiR5Lmp4g2A5Mh4/W5A4o6QFviHuBVJZE/WV0AzU5w4NGhpyQntOeF0UyovYATy4=",
"score": 0
}
此代码块在浮窗中显示
请求失败
{
"code": 8001,
"content": "get phone fail"
}
{
"code": 8001,
"content": "get phone fail"
}
此代码块在浮窗中显示
响应参数
关键字 | 类型 | 含义 |
---|---|---|
id | Long | 流水号,请求出错时可能为空 |
exID | String | 开发者自定义的 id,若请求时为空返回为空 |
code | Integer | 返回码 |
content | String | 返回码说明 |
score | Integer | 风险评分 |
phone | String | 加密后的手机号码,需用配置在极光的公钥对应的私钥解密 |
返回 score 说明
- score 字段表示当前号码的风险,分数越高,风险越大,取值范围为:[0, 900]。
- 根据极光安全认证团队经验,score 字段值的业务含义如下(仅供参考,可根据实际场景调配):
值 | 风险等级 | 含义描述 |
---|---|---|
0 | 低风险 | 正常放行 |
300 | 中风险 | 可标记观察用户后续行为再进一步决策 |
600 | 中高风险 | 可采取进一步安全验证,或直接进行业务限制 |
900 | 高风险 | 可直接进行业务限制 |
RSA 私钥解密示例
Java
import javax.crypto.Cipher;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
public class RSADecrypt {
public static void main(String[] args) throws Exception {
String encrypted = args[0];
String prikey = args[1];
String result = decrypt(encrypted, prikey);
System.out.println(result);
}
public static String decrypt(String cryptograph, String prikey) throws Exception {
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(prikey));
PrivateKey privateKey = KeyFactory.getInstance("RSA").generatePrivate(keySpec);
Cipher cipher=Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte [] b = Base64.getDecoder().decode(cryptograph);
return new String(cipher.doFinal(b));
}
}
import javax.crypto.Cipher;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
public class RSADecrypt {
public static void main(String[] args) throws Exception {
String encrypted = args[0];
String prikey = args[1];
String result = decrypt(encrypted, prikey);
System.out.println(result);
}
public static String decrypt(String cryptograph, String prikey) throws Exception {
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(prikey));
PrivateKey privateKey = KeyFactory.getInstance("RSA").generatePrivate(keySpec);
Cipher cipher=Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte [] b = Base64.getDecoder().decode(cryptograph);
return new String(cipher.doFinal(b));
}
}
此代码块在浮窗中显示
Python
#!/usr/bin/env python3
# 需要先安装 pycryptodome,直接使用 pip 安装即可,仅在 python3 环境下测试通过
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
import base64
PREFIX = '-----BEGIN RSA PRIVATE KEY-----'
SUFFIX = '-----END RSA PRIVATE KEY-----'
encrypted = None
prikey = None
key = "{}\n{}\n{}".format(PREFIX, prikey, SUFFIX)
cipher = PKCS1_v1_5.new(RSA.import_key(key))
result = cipher.decrypt(base64.b64decode(encrypted.encode()), None).decode()
print(result)
#!/usr/bin/env python3
# 需要先安装 pycryptodome,直接使用 pip 安装即可,仅在 python3 环境下测试通过
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
import base64
PREFIX = '-----BEGIN RSA PRIVATE KEY-----'
SUFFIX = '-----END RSA PRIVATE KEY-----'
encrypted = None
prikey = None
key = "{}\n{}\n{}".format(PREFIX, prikey, SUFFIX)
cipher = PKCS1_v1_5.new(RSA.import_key(key))
result = cipher.decrypt(base64.b64decode(encrypted.encode()), None).decode()
print(result)
此代码块在浮窗中显示
PHP
// https://www.php.net/manual/en/function.openssl-private-decrypt.php
$prefix = '-----BEGIN PRIVATE KEY-----';
$suffix = '-----END PRIVATE KEY-----';
$result = '';
$encrypted = null;
$prikey = null;
$key = $prefix . "\n" . $prikey . "\n" . $suffix;
$r = openssl_private_decrypt(base64_decode($encrypted), $result, openssl_pkey_get_private($key));
echo $result . "\n";
// https://www.php.net/manual/en/function.openssl-private-decrypt.php
$prefix = '-----BEGIN PRIVATE KEY-----';
$suffix = '-----END PRIVATE KEY-----';
$result = '';
$encrypted = null;
$prikey = null;
$key = $prefix . "\n" . $prikey . "\n" . $suffix;
$r = openssl_private_decrypt(base64_decode($encrypted), $result, openssl_pkey_get_private($key));
echo $result . "\n";
此代码块在浮窗中显示
package main
import ( "crypto/rand" "crypto/rsa" "crypto/x509" "encoding/base64" "encoding/pem" "errors" "log" )
Go
func main() {
PREFIX := "-----BEGIN RSA PRIVATE KEY-----"
SUFFIX := "-----END RSA PRIVATE KEY-----"
prikey := ""
encrypted := ""
encryptedB, err := base64.StdEncoding.DecodeString(encrypted)
if err != nil {
log.Println("invalid encrypted")
return
}
key := PREFIX + "\n" + prikey + "\n" + SUFFIX
result, err := RsaDecrypt(encryptedB, []byte(key))
if err != nil {
log.Println("err: ", err)
return
}
log.Println("result: ", string(result))
}
// 私钥解密
func RsaDecrypt(encrypted, prikey []byte) ([]byte, error) {
var data []byte
block, _ := pem.Decode(prikey)
if block == nil {
return data, errors.New("private key error")
}
rsaKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return data, err
}
key, ok := rsaKey.(*rsa.PrivateKey)
if !ok {
return data, errors.New("invalid private key")
}
data, err = rsa.DecryptPKCS1v15(rand.Reader, key, encrypted)
return data, err
}
func main() {
PREFIX := "-----BEGIN RSA PRIVATE KEY-----"
SUFFIX := "-----END RSA PRIVATE KEY-----"
prikey := ""
encrypted := ""
encryptedB, err := base64.StdEncoding.DecodeString(encrypted)
if err != nil {
log.Println("invalid encrypted")
return
}
key := PREFIX + "\n" + prikey + "\n" + SUFFIX
result, err := RsaDecrypt(encryptedB, []byte(key))
if err != nil {
log.Println("err: ", err)
return
}
log.Println("result: ", string(result))
}
// 私钥解密
func RsaDecrypt(encrypted, prikey []byte) ([]byte, error) {
var data []byte
block, _ := pem.Decode(prikey)
if block == nil {
return data, errors.New("private key error")
}
rsaKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return data, err
}
key, ok := rsaKey.(*rsa.PrivateKey)
if !ok {
return data, errors.New("invalid private key")
}
data, err = rsa.DecryptPKCS1v15(rand.Reader, key, encrypted)
return data, err
}
此代码块在浮窗中显示
文档内容是否对您有帮助?