Search

CN-121985037-A - Satellite API service access control and data service system

CN121985037ACN 121985037 ACN121985037 ACN 121985037ACN-121985037-A

Abstract

The invention discloses a satellite API service access control and data service system, which relates to the field of satellite data processing, and comprises a Web interface presentation layer, a rear-end service engine layer and a basic storage component layer, the back-end service engine layer integrates the gateway system, the API space data service, the API model data service and the rights system. The gateway system performs unified routing, identity authentication, access right verification and call times statistics on API access requests from the Web end or a third party, and forwards the verified requests to corresponding data services. The authority system is used for centrally managing the API authorization information and the user identity credentials, and the basic storage component layer supports efficient storage and access of API management data, authority data and satellite data through a relational database, object storage and cache storage. The invention realizes unified access control of multi-star satellite data and improves the safety, controllability and expansibility of data service.

Inventors

  • YUAN GUIMIN
  • QI JIANCHAO
  • LIU HUAIYING
  • Gong Xueshuang
  • LI CHENRAN
  • LU WEILI
  • LU YU

Assignees

  • 中国四维测绘技术有限公司

Dates

Publication Date
20260505
Application Date
20260403

Claims (10)

  1. 1. A satellite API service access control and data service system, comprising: the Web interface presentation layer is used for providing a visual operation interface of API service management, authority configuration and data service for a user; The back-end service engine layer is in communication connection with the Web interface presentation layer and is used for providing unified API access service to the outside, and the back-end service engine layer comprises a gateway system, an API space data service, an API model data service and a permission system; the gateway system is used for receiving an API access request from a Web end or a third party user, carrying out unified routing, identity authentication, access right verification and call frequency statistics on the API access request, wherein the API space data service is used for defining and managing space satellite-like API service and providing space data inquiry and downloading processing, and the API model data service is used for defining and managing model satellite-like API service and providing model data inquiry and downloading processing; The basic storage component layer is in communication connection with the back-end service engine layer and is used for storing data resources required by the operation of the system, and the basic storage component layer comprises a relational database, object storage and cache storage; after the gateway system performs unified authentication and authority verification on the API access request, the verified request is forwarded to a corresponding API space data service or API model data service, so that unified access control and data service of multi-star satellite data are realized.
  2. 2. The satellite API service access control and data service system as recited in claim 1, wherein said underlying storage component layer comprises: The PostgreSQL database is used for storing basic information, request parameter information, return result example information and association relation between the API and the data model of the API service; The object storage COS is used for storing satellite data files, space slice data and user downloading data; The Redis cache storage is used for storing user login state information and session information; And the MySQL database is used for storing user information, role information, API authorization information and API calling frequency statistical information.
  3. 3. The satellite API service access control and data service system of claim 1, wherein said gateway system is configured to: according to the request address and the request mode of the API access request, uniformly routing the Web end request, the third-party data API request and the space data API request; Based on appKey and APPSECRET carried in the API access request, carrying out identity authentication on the third party user; calling the authority system to judge whether the API access request has access authority, and judging whether the API allows intranet access or extranet access according to a request address; And after the permission verification is passed, recording the calling times of the corresponding API.
  4. 4. The system according to claim 1, wherein the API space data service and the API model data service are configured to provide a unified query and download service for multi-satellite data, respectively, and initiate a data query or download request to a corresponding external satellite source when the data does not exist in the local model system, and trigger a data aggregation task through a message queue, so as to aggregate the acquired data into the model system.
  5. 5. The satellite API service access control and data service system of any one of claims 1-4, wherein said entitlement system is configured to: When the API is authorized, writing the service identification of the API and the corresponding URI into an API authorization information table; When an API access request reaches the gateway system, the gateway system calls the authority system based on the URI in the request, and judges whether the current user has the authority for accessing the API corresponding to the URI; after the authority verification is passed, taking the URI as a statistical dimension, and accumulating and recording the API call times; And judging whether the API allows intranet access or extranet access according to the access policy configuration corresponding to the URI.
  6. 6. The satellite API service access control and data service system according to any one of claims 1-4, wherein said API space data service and said API model data service are configured to: when the target data requested by the user does not exist in the model system, a data query request or a data downloading request is initiated to the corresponding external star source; the obtained data result is returned to the user, and meanwhile, the data or the data index information is sent to a message queue; Consuming the information from the information queue by the convergence task, and converging corresponding data into a model system for unified storage; subsequent queries or download requests for the same data are prioritized for direct response by the model system.
  7. 7. The satellite API service access control and data service system of any one of claims 1-4, wherein said gateway system is configured to: when an API access request originates from a Web interface, carrying out identity authentication on the API access request based on Token information generated after a user logs in; When an API access request originates from a third party system, carrying out identity authentication on the API access request based on appKey and APPSECRET carried in the API access request; the gateway system selects a corresponding authentication mode or a combined authentication mode to execute authority verification according to the source type of the API access request, Thereby realizing unified access and differential authentication control of Web terminal access and third party API access under the same gateway system.
  8. 8. The satellite API service access control and data service system according to any one of claims 1-4, wherein said data service module, when executing a multi-star data download, is configured to: after a data downloading request is initiated to an external star source, detecting the downloading task state by a periodic scheduling task; when the fact that the downloading is not completed is detected, the downloading state is maintained, and the continuous detection is carried out in a subsequent scheduling period; when the completion of downloading is detected, pushing the data obtained by downloading to an object accessible to a user for storage, generating a corresponding data convergence message and sending the corresponding data convergence message to a message queue; And consuming the messages in the message queue by the convergence task, and backfilling the downloaded data into the model system, so as to form a closed loop processing flow of multi-star source data downloading, state detection, user delivery and model system updating.
  9. 9. The satellite API service access control and data service system of any one of claims 1-4, wherein said API space data service and API model data service are further configured to: In the process of inquiring or downloading multi-star source data, recording response time delay, success rate and data integrity indexes of different star sources for the same type of data request; Establishing star source service state parameters for the multiple star sources based on the response indexes; In the subsequent API access request aiming at the same type of data, dynamically adjusting the request priority or the selection sequence of an external star source according to the star source service state parameters; The adjustment result is fed back to the model system and is used for updating the multi-star source data access strategy; therefore, the multi-star source data service forms a star source selection self-evolution mechanism based on access result feedback in the continuous operation process.
  10. 10. The satellite API service access control and data service system of any one of claims 1-4, wherein said gateway system is further configured to: Constructing API access behavior situation parameters based on the API call times, the access frequency and the access source distribution recorded in the authority system; Matching the access behavior situation parameters with a preset access strategy model to determine the service situation level of the current API access; and dynamically switching corresponding access control strategies according to the service situation level, wherein the access control strategies comprise an authentication mode, a request forwarding path or a data return strategy.

Description

Satellite API service access control and data service system Technical Field The present disclosure relates to the field of satellite data processing, and more particularly, to a satellite API service access control and data service system. Background With the rapid development of remote sensing technology and aerospace industry, the number of remote sensing satellites is continuously increased, the types of satellite sources are increasingly abundant, the satellite sources comprise civil satellites and commercial satellites, and the data scale generated by different satellite sources is exponentially increased. Meanwhile, the demands of users on remote sensing data services are continuously improved, not only basic products are required to be obtained, but also value-added products, information products and space image related services are expected to be used conveniently, and higher requirements on the safety, controllability and service quality of data access are provided. In practical application, a user generally expects to construct a unified data service system to realize centralized management and external service of different star source data, and specifically includes supporting unified external service of data from different star sources (such as stars and business stars), supporting data query, downloading and space image access control of basic products, value added products and information products, and performing authority control, request verification, access statistics and call frequency management on API calls. However, the prior art has obvious defects in the aspects, mainly comprising (1) realizing inquiry and access aiming at different star source data by calling different interfaces, ensuring that interface specifications are not uniform and calling logic difference is large, leading a third party user to respectively adapt to multiple sets of interfaces in the integration and use processes, ensuring that the system is complex in realization and high in use cost, (2) lacking a perfect API authorization mechanism and failing to carry out refined authorization control on different users and different API services, (3) lacking a uniform checking, filtering and calling times statistics mechanism on the API requests of the users, and being difficult to realize effective management and control on service access and unfavorable for ensuring the safety and service stability of the system. Therefore, a data service system which can face multi-star source data, support unified API service access and has authority control and access management capabilities is needed to solve the problems of interface dispersion, authority deletion, insufficient management capabilities and the like in the prior art. Disclosure of Invention In the summary, a series of concepts in a simplified form are introduced, which will be further described in detail in the detailed description. The summary of the application is not intended to define the key features and essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter. In a first aspect, a satellite API service access control and data service system includes: the Web interface presentation layer is used for providing a visual operation interface of API service management, authority configuration and data service for a user; The back-end service engine layer is in communication connection with the Web interface presentation layer and is used for providing unified API access service to the outside, and the back-end service engine layer comprises a gateway system, an API space data service, an API model data service and a permission system; the gateway system is used for receiving an API access request from a Web end or a third party user, carrying out unified routing, identity authentication, access right verification and calling frequency statistics on the API access request, wherein the API space data service is used for defining and managing space satellite-like API service and providing space data inquiry and downloading processing; The gateway system performs unified authentication and authority verification on the API access request and then forwards the verified request to a corresponding API space data service or API model data service, thereby realizing unified access control and data service of multi-satellite-source satellite data. In one possible implementation, the basic storage component layer includes: The PostgreSQL database is used for storing basic information, request parameter information, return result example information and association relation between the API and the data model of the API service; The object storage COS is used for storing satellite data files, space slice data and user downloading data; The Redis cache storage is used for storing user login state information and session information; And the MySQL database is used for storing user information,