Activity anti swiping is a professional protection product based on business scenarios and combined with multi-dimensional information such as IP portraits, device fingerprints, black card detection, threat intelligence to identify risks in real time, effectively identify and solve marketing cheating problems such as scalpers and woolens' swiping, lottery cheating, malicious ordering, and reduce economic losses of enterprises.
If you are calling the API of Baidu intelligent cloud products for the first time, you can watchAPI Getting Started Video Guide, quickly master the method of calling API.
Give cheating risk according to input parameters;All texts in the request and response are encoded in UTF-8
Request mode
Https POST
Authentication mechanism
All API security certifications shall adoptAccess KeyAnd request signature mechanism.The Access Key consists of the Access Key ID and the Secret Access Key, both of which are strings.For each HTTP request, generate an authentication string using the algorithm described below.The submitted authentication string is placed in the Authorization header field.The server verifies the correctness of the authentication string according to the generation algorithm.The format of the authentication string is:bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}
Version is a positive integer.
Timestamp is the UTC time when the signature is generated.
ExpirationPeriodInSeconds indicates the validity period of the signature.
SignedHeaders is the list of header fields involved in the signature algorithm.The header names are separated by semicolons (;), such as host;x-bce-date。The list is arranged lexicographically.(This API signature only uses host and x-bce-date headers)
Signature is the hexadecimal representation of 256 bit signatures, which consists of 64 lowercase letters.
When Baidu Smart Cloud receives the user's request, the system will use the same SK and the same authentication mechanism to generate the authentication string, and compare it with the authentication string contained in the user's request.If the authentication string is the same, the system thinks that the user has the specified operation authority and executes the related operations;If the authentication string is different, the system will ignore the operation and return an error code.
Business scenario ID, the active anti brushing scenario is: bce_activity
String
Mandatory
ts
Timestamp of the user's request (in milliseconds)
String
Mandatory
m
Mobile number (sha1 ciphertext)
String
Mandatory
ip
User's Internet IP
String
Mandatory
app
System type information: android, ios, universe (others)
String
Mandatory
appid
The unique identity of the app can be found on the business security console-Application managementSelf created.The test application can be issued offline by contacting the interface person.
String
Mandatory
aid
Activity ID, you can use the business security console-Activity managementSelf created.The test activity ID can be issued offline by contacting the contact person
String
Mandatory
ev
Behavior operation, used to identify the current calling phase and assign operation codes in advance;Page_enter enters the activity page;Registered;Login login;Share;Liked;VoteComment;Cash_out withdrawal;Order order/bill of lading;Pay payment;Feed browsing feed;Red_envelope receives red envelopes;Task;Sign in;Invite;Lottery;As far as possible, transfer according to the above agreement. If the above general behavior cannot be met, you can set the calling phase code according to the current activity process. In order to ensure the flexibility of risk control services, we hope you can divide each calling phase as detailed as possible.
String
Mandatory
z
Zid obtained from Baidu Haotian SDK.In order to achieve better anti brush effect, it is recommended that you integrate.This parameter is required after integration
String
Optional
i
Imei No
String
Optional
mac
MAC address
String
Optional
idfa
IDFA(IOS)
String
Optional
idfv
IDFV(IOS)
String
Optional
userid
Business party's own user ID
String
Optional
ver
App version number
String
Optional
model
Equipment type and model (eg: Lenovo A850)
String
Optional
ua
Call the user_agent used by the activity api
String
Optional
bssid
Wifi_bassid base64 encryption
String
Optional
ssid
Wifi_ssid wifi name, base64 encryption
String
Optional
inviterid
Inviter id;The links of master apprentice invitation relationship, splicing and splitting, and fission invitation relationship need to be passed on
String
Optional
likedid
This parameter is mainly applicable to likes and voting scenarios. It can transfer the content ID or user ID of likes and votes
String
Optional
cash
Prize amount (equivalent amount, RMB as currency, unit: yuan)
String
Optional
ct
Prize type (1: cash or equivalents, 2: coupons, 3: points, 4: physical objects, 5: others)
String
Optional
lal
Longitude, latitude 34.234, 45.223
String
Optional
csr
New and old customers: 1. New customers;2. Regular customers;
String
Optional
referer
Call the referer of the activity api
String
Optional
net
Network type: 3G/4G/5G/wifi, etc
String
Optional
jt
If the risk control JS SDK (H5 version and applet version) is accessed, this field is mandatory, the front end of the business side actively reports to the back end of the business side when submitting a request. If the back end of the business side does not get this value, it must be set to an empty string.The jt parameter contains special characters. It is recommended that the front end of the business party agree on encoding and decoding when transmitting parameters to the back end of the business party.This value changes with each request and cannot be cached.Reusing the same value may fail the verification. Please confirm that there is no retry mechanism in the business logic.
String
Mandatory
js_env
If the risk control JS SDK (H5 version and applet version) is accessed, this field is mandatory, identify the JS execution environment type, optional value: h5/h5n/swan.If it is end access (iOS/Android), this field is left blank;If the applet is accessed, the value is swan;The app field is ios/android;If the access traffic all comes from the terminal capacity h5, the value is h5n;The app field is ios/android; otherwise, the value is h5, and the app field is universe.
String
Mandatory
header
If the risk control JS SDK (H5 version and applet version) is accessed, this field is mandatory, the complete HTTP header received by the back end of the business side, in the format of Map [String, String], may not include the cookie field for privacy compliance.Please be sure to provide, otherwise the verification may fail.
Map[String,String]
Mandatory
extra
The Map format is used to add extension parameters for some special forms of activities. This reserved field can be used. The format is as follows: {"key1": "value1", "key2": "value2", "key3": "value3"}.If the current activity has the form of forming a team, you can add {"groupid": "xxxxxxx"} in extra
Normal return result(The normal return result is a json)
Field Name
type
describe
request_id
String
Server request ID
ret_code
String
zero
ret_msg
String
Operation succeeded
ret_data
Map
Risk details
level
String
1: High risk (interception recommended)2: Medium risk (interception or some verification is recommended)3: Low risk (release recommended)4: Very low risk (release recommended)
Error code:0 - Normal1000 - Signature verification error1001 - Authentication failed1002 - Request format error2000 - Illegal parameter2001 - Incorrect message body2002 - The service exceeds the maximum QPS/The service exceeds the maximum number of calls/The service has expired3000 - System internal errorFor other error codes, see:Authentication and authentication mechanism error code
Timeout suggestions:When the response time of the risk control interface is too long, in order to ensure the smooth operation of the business, the business needs to release the request by default. It is recommended that the timeout be set to 200-500ms;
Suggestions on timeout retry frequency:For important business scenarios, overtime retry logic can be added.If the timeout is still exceeded, the system will give priority to ensuring the normal operation of the business.