Among various services provided using the Internet, an external reference-type API (application programming interface) service has been known by which, when a client accesses a web server, the contents thereof include a code to call an API server and an application referred to in the API server is executed to return the result to the client.
According to a specific example thereof, in the case of the API of Google Maps®, a code for displaying a map is embedded in web contents to thereby allow a client web browser to display web contents and map contents can be displayed that are a result of the return from the API service.
Such an API service has been widely used and has been used also for a service requiring high security such as the Internet banking system.
As described above, returning the execution result from the API server to the client is of course a general processing. However, it is not generally carried out to determine at the web server side whether or not the client has correctly called the API server and has received the result. This is presumably due to that the necessity of allowing the web server side to recognize the use of a conventional API service has not been recognized and that detecting the use while excluding masquerades has been difficult.
Related patent publications include Patent Publication 1 that discloses that a Web system is provided by which, even under an environment in which the direct control from the Web system to an instruction target system cannot be achieved, the client does not need an instruction target system application and a data transfer operation from the instruction target system is also easily performed. To realize this, the Web system includes: a function of allowing a Web server to receive specified information specifying an instruction target system from a client Web browser; a reception means including a function of receiving a processing request from the Web browser; an acquisition means of acquiring contents data corresponding to the processing request from a contents data storage section; an editing means of editing the contents data as contents data including a processing instruction to send a processing instruction corresponding to the processing request to the instruction target system specified by the specified information; and a transmission means of sending the contents data to the Web browser.
The above Patent Publication 1 also fails to provide a technique to send some result from the instruction target system to the Web server.
Patent Publication 2 discloses service monitoring system and method for avoiding a problem that the procedure for a service component cannot be completed in the middle of a web service system in which a plurality of web component servers or service components cooperate one another. To realize this, a technique is provided for example by which a web service monitoring server periodically monitors a web component server to update, when the monitoring result shows a problem, a service execution server so that no execution request is transferred to a stopped service component. A service state storage server is updated so that the server cannot be searched by a search engine or an alarm notification is sent to a stopped service component provider.
Patent Publication 2 provides a technique to monitor the web component. However, this technique is similar to that of Patent Publication 1 in that the web component server is not notified.
Patent Publication 3 discloses a technique to notify when a Web application error is detected, an administrator of the error. To realize this, a program for analyzing, monitoring, and detecting the state of the Web application is configured to include three function sections of a packet acquisition function section, a packet analysis function section, and an analysis result notification function section. The packet acquisition function section acquires a packet that is sent from a Web application of a Web server machine to a Web browser of a Web client machine. The packet analysis function section determines whether or not the acquired packet includes a specific character string, an error status code, and an error message to send, when the packet includes them, the analysis result to an analysis result notification function section. The analysis result notification function section prepares an electronic mail to which the received analysis result is notified based on sender mail address information and destination mail address information set in advance and the received analysis result to send the electronic mail to a mail server.
This Patent Publication 3 discloses the technique to remotely monitor the Web application. However, this technique is to monitor a packet in a Web server to detect an error of the Web application to notify the error by a mail and is not originally intended to be applied to the API service as described above.
According to Patent Publication 4 by the inventor or the like of this case, a technique is provided by which a web server is allowed to include an authorization file set to confirm the server authenticity so that an authorization file calculated in advance based on an algorithm provided in the client is compared with an authorization file received from the web server to determine whether the former matches with the latter to thereby prevent the server from being masqueraded. However, this technique is also not applied to a system using two or more servers.