Hi Folks,
I have a new
problem.
Actually, I'm
managing a service to submit purchase orders (OMS - orders management service).
Many 3rd parties
clients submit requests to OMS, in the last months I noticed many double
requests (two requests with the same charateristics) from some types of
client.
This type of dynamic
create some problem to the back office operation beacuse many of these requests
aren't correct request.
My idea is to add a
token to order submit request in order to:
- Track the request
- Block erronous requests
The idea is based on
the concept OTP (One-Time Password): https://en.wikipedia.org/wiki/One-time_password
and to create a Token LifeCycle
Manangement Service (TLCMS)
Unfortunately, I
don't use an API Gateway (eg, use a BEARER token) and the service uses a
stateful approach so I need to construct all elements to create the
requirement.
First step: Token
Generation
I like something li
firebase token generator: https://github.com/firebase/firebase-token-generator-java
Adding an encription
phase based on DES or other: it's easy to find some resources:
The flow is this:
- TLCMS receives a request from a client, the reuqest can contain some information on order or other information related to the request to protect with the token
- TLCMS generates a JSON payload from information
- TLCMS serialize a JSON payload in a string
- TLCMS encrypts string
- TLCM apply BASE64 encoder to string.
- TLCM gets the the string as token to client.
This token will be
used in the header of http request to enable the action execution.
Base code: https://github.com/MarcoGenova/TLCM
See you on...
