文档中心 合规指南 开发者社区
极光文档 > 极光安全认证 > REST API > 业务风控 API > 一键登录和业务风控 API
极光文档 > 极光安全认证 > REST API > 业务风控 API > 一键登录和业务风控 API
一键登录与业务风控 API
最近更新:2024-01-12

一键登录与业务风控 API

功能说明

提交 loginToken,验证后返回手机号码,同时识别手机号的业务风险分值。

调用地址

Android 和 iOS 使用

POST https://api.verification.jpush.cn/v2/web/loginTokenVerify

Web 使用

POST https://api.verification.jpush.cn/v2/web/h5/loginTokenVerify

调用验证

详情参见 REST API 概述的 鉴权方式 说明。

请求示例

curl --insecure -X POST -v https://api.verification.jpush.cn/v2/web/loginTokenVerify -H "Content-Type: application/json" -u "7d431e42dfa6a6d693ac2d04:5e987ac6d2e04d95a9d8f0d1" -d '{ "loginToken": "STsid0000001542695429579Ob28vB7b0cYTI9w0GGZrv8ujUu05qZvw", "exID": "1234566", "ip": "127.0.0.1" }'
          curl --insecure -X POST -v https://api.verification.jpush.cn/v2/web/loginTokenVerify -H "Content-Type: application/json" -u "7d431e42dfa6a6d693ac2d04:5e987ac6d2e04d95a9d8f0d1" -d '{
    "loginToken": "STsid0000001542695429579Ob28vB7b0cYTI9w0GGZrv8ujUu05qZvw",
    "exID": "1234566",
    "ip": "127.0.0.1"
}'
此代码块在浮窗中显示

请求参数

关键字 类型 选项 含义
loginToken String 必填 认证SDK获取到的 loginToken
ip String 可选 sdk 端 ip
exID String 可选 开发者自定义的 id,非必填

响应示例

请求成功

{ "id": 117270465679982592, "code": 8000, "content": "get phone success", "exID": "1234566", "phone": "HpBLIQ/6SkFl0pAq0LMdw1aZ8RHoofgWmaY//LE+0ahkSdHC5oTCnjrR8Tj8y5naKVI03torFU+EzAQnwtVqAoQyYckT0S3Q02TKuAal3VRGiR5Lmp4g2A5Mh4/W5A4o6QFviHuBVJZE/WV0AzU5w4NGhpyQntOeF0UyovYATy4=", "score": 0 }
          {
    "id": 117270465679982592,
    "code": 8000,
    "content": "get phone success",
    "exID": "1234566",
    "phone": "HpBLIQ/6SkFl0pAq0LMdw1aZ8RHoofgWmaY//LE+0ahkSdHC5oTCnjrR8Tj8y5naKVI03torFU+EzAQnwtVqAoQyYckT0S3Q02TKuAal3VRGiR5Lmp4g2A5Mh4/W5A4o6QFviHuBVJZE/WV0AzU5w4NGhpyQntOeF0UyovYATy4=",
    "score": 0
}
此代码块在浮窗中显示

请求失败

{ "code": 8001, "content": "get phone fail" }
          {
    "code": 8001,
    "content": "get phone fail"
}
此代码块在浮窗中显示

响应参数

关键字 类型 含义
id Long 流水号,请求出错时可能为空
exID String 开发者自定义的 id,若请求时为空返回为空
code Integer 返回码
content String 返回码说明
score Integer 风险评分
phone String 加密后的手机号码,需用配置在极光的公钥对应的私钥解密

返回 score 说明

  • score 字段表示当前号码的风险,分数越高,风险越大,取值范围为:[0, 900]。
  • 根据极光安全认证团队经验,score 字段值的业务含义如下(仅供参考,可根据实际场景调配):
风险等级 含义描述
0 低风险 正常放行
300 中风险 可标记观察用户后续行为再进一步决策
600 中高风险 可采取进一步安全验证,或直接进行业务限制
900 高风险 可直接进行业务限制

RSA 私钥解密示例

Java

import javax.crypto.Cipher; import java.security.KeyFactory; import java.security.PrivateKey; import java.security.spec.PKCS8EncodedKeySpec; import java.util.Base64; public class RSADecrypt { public static void main(String[] args) throws Exception { String encrypted = args[0]; String prikey = args[1]; String result = decrypt(encrypted, prikey); System.out.println(result); } public static String decrypt(String cryptograph, String prikey) throws Exception { PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(prikey)); PrivateKey privateKey = KeyFactory.getInstance("RSA").generatePrivate(keySpec); Cipher cipher=Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, privateKey); byte [] b = Base64.getDecoder().decode(cryptograph); return new String(cipher.doFinal(b)); } }
             import javax.crypto.Cipher;
   import java.security.KeyFactory;
   import java.security.PrivateKey;
   import java.security.spec.PKCS8EncodedKeySpec;
   import java.util.Base64;

   public class RSADecrypt {
       public static void main(String[] args) throws Exception {
           String encrypted = args[0];
           String prikey = args[1];

           String result = decrypt(encrypted, prikey);
           System.out.println(result);
       }

       public static String decrypt(String cryptograph, String prikey) throws Exception {
           PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(prikey));
           PrivateKey privateKey = KeyFactory.getInstance("RSA").generatePrivate(keySpec);

           Cipher cipher=Cipher.getInstance("RSA");
           cipher.init(Cipher.DECRYPT_MODE, privateKey);

           byte [] b = Base64.getDecoder().decode(cryptograph);
           return new String(cipher.doFinal(b));
       }
   }
此代码块在浮窗中显示

Python

#!/usr/bin/env python3 # 需要先安装 pycryptodome,直接使用 pip 安装即可,仅在 python3 环境下测试通过 from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_v1_5 import base64 PREFIX = '-----BEGIN RSA PRIVATE KEY-----' SUFFIX = '-----END RSA PRIVATE KEY-----' encrypted = None prikey = None key = "{}\n{}\n{}".format(PREFIX, prikey, SUFFIX) cipher = PKCS1_v1_5.new(RSA.import_key(key)) result = cipher.decrypt(base64.b64decode(encrypted.encode()), None).decode() print(result)
             #!/usr/bin/env python3

   # 需要先安装 pycryptodome,直接使用 pip 安装即可,仅在 python3 环境下测试通过

   from Crypto.PublicKey import RSA
   from Crypto.Cipher import PKCS1_v1_5
   import base64

   PREFIX = '-----BEGIN RSA PRIVATE KEY-----'
   SUFFIX = '-----END RSA PRIVATE KEY-----'

   encrypted = None
   prikey = None

   key = "{}\n{}\n{}".format(PREFIX, prikey, SUFFIX)
   cipher = PKCS1_v1_5.new(RSA.import_key(key))
   result = cipher.decrypt(base64.b64decode(encrypted.encode()), None).decode()

   print(result)
此代码块在浮窗中显示

PHP

// https://www.php.net/manual/en/function.openssl-private-decrypt.php $prefix = '-----BEGIN PRIVATE KEY-----'; $suffix = '-----END PRIVATE KEY-----'; $result = ''; $encrypted = null; $prikey = null; $key = $prefix . "\n" . $prikey . "\n" . $suffix; $r = openssl_private_decrypt(base64_decode($encrypted), $result, openssl_pkey_get_private($key)); echo $result . "\n";
             // https://www.php.net/manual/en/function.openssl-private-decrypt.php

   $prefix = '-----BEGIN PRIVATE KEY-----';
   $suffix = '-----END PRIVATE KEY-----';
   $result = '';

   $encrypted = null;
   $prikey = null;

   $key = $prefix . "\n" . $prikey . "\n" . $suffix;
   $r = openssl_private_decrypt(base64_decode($encrypted), $result, openssl_pkey_get_private($key));

   echo $result . "\n";
此代码块在浮窗中显示

package main

import ( "crypto/rand" "crypto/rsa" "crypto/x509" "encoding/base64" "encoding/pem" "errors" "log" )

Go

func main() { PREFIX := "-----BEGIN RSA PRIVATE KEY-----" SUFFIX := "-----END RSA PRIVATE KEY-----" prikey := "" encrypted := "" encryptedB, err := base64.StdEncoding.DecodeString(encrypted) if err != nil { log.Println("invalid encrypted") return } key := PREFIX + "\n" + prikey + "\n" + SUFFIX result, err := RsaDecrypt(encryptedB, []byte(key)) if err != nil { log.Println("err: ", err) return } log.Println("result: ", string(result)) } // 私钥解密 func RsaDecrypt(encrypted, prikey []byte) ([]byte, error) { var data []byte block, _ := pem.Decode(prikey) if block == nil { return data, errors.New("private key error") } rsaKey, err := x509.ParsePKCS8PrivateKey(block.Bytes) if err != nil { return data, err } key, ok := rsaKey.(*rsa.PrivateKey) if !ok { return data, errors.New("invalid private key") } data, err = rsa.DecryptPKCS1v15(rand.Reader, key, encrypted) return data, err }
          func main() {
    PREFIX := "-----BEGIN RSA PRIVATE KEY-----"
    SUFFIX := "-----END RSA PRIVATE KEY-----"
    prikey := ""
    encrypted := ""

    encryptedB, err := base64.StdEncoding.DecodeString(encrypted)
    if err != nil {
        log.Println("invalid encrypted")
        return
    }
    key := PREFIX + "\n" + prikey + "\n" + SUFFIX
    result, err := RsaDecrypt(encryptedB, []byte(key))
    if err != nil {
        log.Println("err: ", err)
        return
    }
    log.Println("result: ", string(result))
}

// 私钥解密
func RsaDecrypt(encrypted, prikey []byte) ([]byte, error) {
    var data []byte
    block, _ := pem.Decode(prikey)
    if block == nil {
        return data, errors.New("private key error")
    }
    rsaKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
    if err != nil {
        return data, err
    }
    key, ok := rsaKey.(*rsa.PrivateKey)
    if !ok {
        return data, errors.New("invalid private key")
    }
    data, err = rsa.DecryptPKCS1v15(rand.Reader, key, encrypted)
    return data, err
}
此代码块在浮窗中显示
文档内容是否对您有帮助?

Copyright 2011-2022, jiguang.cn, All Rights Reserved. 粤ICP备12056275号-13 深圳市和讯华谷信息技术有限公司

在文档中心打开