FineDataLink Version
Functional Change
4.0.20.1
4.0.28
Supported app management and app group-based API call management.
Supported basic app management, including adding, editing, and deleting apps, and managing permission on apps.
Supported App authentication.
Allowed granting access permission on a specified API to an app and setting the authorization validity period and the access frequency.
4.0.29
Supported AK/SK-based digest and signature authentication.
4.1
Allowed binding an API to an app during API publication.
4.1.6.4
Allowed exporting API documents on the app page.
After binding an API to an app, you can obtain the authentication information of calls from external systems, ensuring secure calls of the published API by external systems.
Meanwhile, names and paths of APIs that can be called by external systems are displayed on the app page, where APIs bound to the same app have the same parent path.
FineDataLink supports app-based batch management of published APIs. You can bind APIs to corresponding apps during and after API creation, where APIs bound to the same app have the same authentication information and root access path.
Each app has an App ID (the unique identifier) and AppCode (the authentication information, which can be reset).
Apps and APIs have an N:N relationship. One API can be bound to multiple apps, and one app can contain multiple APIs.
Currently, the Token (APPCode) of published APIs is included in the request. To enhance security, you are advised to use HTTPS to deploy FineDataLink.
If you want a non-super admin user to use this function, you need to grant management permission on Data Service API and Data Service App to the user.
Choose Data Service > App List to go to the app creation page, as shown in the following figure.
Click the New button to create an app, as shown in the following figure.
Setting App Name, App Description, and App Authentication Method
Set App Name, App Description, and App Authentication Method of the created app, as shown in the following figure.
The configured app authentication method is valid for all APIs bound to the app.
Setting items are described in the following table.
Item
Description
ID
For a new app, the App ID is automatically generated after you save the app.
For an existing app, the effective App ID is displayed on the app editing page.
App name
You can customize the app name.
It is required and defaults to empty.
App Description
You can describe the app in detail here, or leave it blank.
App Authentication Method - AppCode
Ticking AppCode indicates enabling authentication.
AppCode can be regarded as a long-term valid token.
To access the API, the client should specify the value of the Authorization request header in the format of AppCode + space + AppCode value.
After you click the reset button, FineDataLink checks whether you have Management permission on all APIs bound to the app. You can only reset the AppCode when having permission on all APIs. If not, an error message will appear, indicating missing permission on certain APIs bound to the app.
If you pass the permission verification, a prompt will appear indicating that the AppCode will be regenerated and take effect after you save the app. The AppCode will not be reset if you do not save the configuration. (AppKey does not support the reset function.) .
Upon receiving a request, the server examines the AppCode in the request header to check if it is valid, meaning it exists and is not disabled. If the AppCode is deemed valid, the server authenticates the request, processes it, and sends back the result. If the AppCode is invalid, the server responds with a 400 error.
The AppCode is empty by default. If no AppCode is provided and the API is configured to require authentication, the API cannot be accessed externally, resulting in a 400 error.
However, if the API is set as open, meaning authentication is disabled, the content of the Authorization header is ignored, allowing access regardless of the value provided.
App Authentication Method - Digest Signature
If App Authentication Method is set to Digest Signature, the AppSecret will be displayed below. For details, see Digest Signature Authentication.
Click the Add button next to API Binding to add created APIs to the current app, as shown in the following figure.
The effect is shown in the following figure.
Note:The table displays all APIs bound to the app. You can only configure APIs on which you have Management permission.
The table displays all APIs bound to the app. You can only configure APIs on which you have Management permission.
Items in the list are described in the following table.
Name of Bound API
Name of the bound API
Status
Status of the bound API
API path
Access path of the bound API
Directory
Directory of the bound API
Description of the bound API
Authorization Validity Period
Authorization validity period of the bound API
Distinguishable interactive prompts need to be provided for effective and expired APIs (such as using labels to distinguish status).
Access Frequency
Access frequency limit of the bound API
Setting/Unbinding in Batches
Tick the bound APIs and click Batch Set to configure the authorization validity period and access frequency for APIs in batches, as shown in the following figure.
Configuration items are described in the following table.
If it is not configured, the AppCode or AppSecret will be valid perpetually.
If you switch to Custom Authorization Validity, the date picker will appear, allowing you to specify the validity period (accurate to the day).
If the current date exceeds the specified authorization validity period, the corresponding APIs cannot be accessed using this app. You need to adjust the validity period to a value later than the current date on the configuration page, and save it to ensure normal access.
Access frequency
It is unlimited by default.
If you switch to Custom Access Frequency, you can limit the frequency.
The default value is 100. You can enter a value from 1 to 1000000.
Click Save to view the configured app, as shown in the following figure.
You can bind an API to an existing app on the API information page, as shown in the following figure.
You can check whether authentication is enabled for the current app, authentication details, App ID, and bound APIs on the App information page, as shown in the following figure.
Basic items are described in the following table.
Displays the App ID.
The App ID is the unique identifier of the app, which is used together with the API path to form the final accessible URL.
App Name
Displays the app name.
Displays the detailed app description.
Creator
Displays the app creator.
Creation Time
Displays the app creation time.
Authentication
Displays the app authentication method.
Displays No Authentication if the authentication method is No Authentication.
Displays the AppCode if the authentication method is AppCode.
Displays the AppSecret if the authentication method is Digest Signature
Bound API
Displays the list of APIs bound to the app.
Includes the name, status, path, directory, description, authorization validity period, and access frequency of the API.
You can copy the API path.
Exporting API documents is supported in V4.1.6.4 and later versions.
You need to provide the API document for the caller to view after the API is developed.
If you have Management permission on the app, you can click Export API Document to export the documents of all online APIs bound to this app as Word files, as shown in the following figure. The result page is shown in the following figure.
The content of the exported documents is shown in the following table.
Directory Tree
Displays the directory structure.
App Information
Displays the app information in the tabular form, which includes:
App ID
Creation time
Authentication method
API Information
Displays the information of all online APIs bound to the app.
API name
Request method
Request body format
Request parameter: parameter name, parameter type, required or not, and description
Response parameter (including the pagination parameter, which requires hierarchical description): parameter name, parameter type, and description
An example of the request body (only displayed when the request body is in the JSON format)
An example of the response body
Authorization validity period
Error Code Summary
Error code information
Returned error content
滑鼠選中內容,快速回饋問題
滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。
不再提示
10s後關閉
Submitted successfully
Network busy