API接口资源漏洞分析及访问控制方法研究与实现

打开文本图片集

中图分类号：TP308 文献标志码：A 文章编码：1672-7274（2026）02-0047-03

Analysis and Implementation of API Interface Resource Vulnerabilities and Access Control Methods

LIPeng1，LIU Zhiwen1，WANG Chongyang²，LIAO Mingliang² （1. China Telecom Co.， Ltd. Yunnan Branch，Kunming 65o2oo， China; 2.Yunnan Telecom Public Information Industry Co.，Ltd.，Kunming 65o118，China

Abstract： The explosive growth in the number of APIs has intensified security threats.To address the contradiction between their openness and insufficient traditional protection，this paper proposes an access control model combining RBAC （Role-Based Access Control） and API resource tree.By constructing a resource tree and designing fivecore datatables，permission verification basedon.NETCore is implemented，whichsolves the problem of fine-grained permission management and control and prevents unauthorized access.

Keywords： API; interface resource; vulnerability analysis; access control; model implementation

0 引言

随着云计算、移动互联网与微服务架构的迅猛发展，应用程序编程接口（API）已成为系统间资源调用与数据流通的核心载体，其数量呈爆发式增长。（剩余4795字）