Open API is a common application interface under the Software as a Service (SaaS) model. An Internet Service Provider (ISP) embeds its available website services as a series of APIs and opens them to a third party developer, for example an Independent Software Vendor (ISV), and the ISV employs the corresponding business through its ISV server. Such a method is called an Open-website API, and the opened API is referred to as Open API.
More and more, ISVs intend to develop applications based on Open API provided by the ISP which in turn receive more network traffic flows and market shares. For ISVs, a great amount of investment in hardware and techniques is not necessary to meet the requirements of its business, and hence the investment cost is reduced. Accordingly, as the development base of internet online services, Open API has become a good choice for more and more internet enterprises to develop services and has potential for further development.
Due to the application prospects of Open API, the ISPs of international and domestic websites release their own Open API websites (i.e., the websites of online business based on Open API). Currently, the popular Open API is Representational State Transfer (REST) API, which is based on the REST interface. While implementing online business through the REST API, REST services are sent to business implementation servers by adopting HTTP GET through the Internet. Business implementation servers respond to REST services by adopting POST. The business implementation servers take the structural data, such as XML, Jason, etc., as the returned result to respond to REST services.
The above solution of implementing online business based on the REST API has some disadvantages. First, the structural data, as the returned result, is easy to read for ISVs. However, it is not desirable that the business data provided by general business implementation servers be obtained by any third party (e.g., the ISVs) other than the users. Thus, concerning the business implementation servers, security of data related to an online business implemented by the above solution is low. Second, most of the current online businesses involve complicated business logic operations which require multiple interactions between the user and the service provider. In the conventional method of implementing online business, a REST API can only implement one single interaction between the user and the service provider, such as inquiry, data update, etc. For complicated online business, an ISV needs to construct multiple REST APIs to implement a complete flow, which requires the ISV to analyze the business logics among multiple API invocations. However, this makes the method hard to use. This, coupled with the differences of analysis capability between different ISVs, renders it difficult to achieve guaranteed consistency in business. Consequently, the controllability of business is poor for business implementation servers.
Given the above, for online business based on existing API, the security of business data is not guaranteed and the controllability is poor.