国际化类目
I Product Introduction
Authorized by the user to call API offered by TOP, an application can obtain and operate such data as user, item, and order. To prevent the data being leaked and tampered maliciously, TOP offers a series of services to guarantee application security. They include: protecting sensitive operations, setting IP white list, hosting the server on www.net.cn, scanning black box bugs, setting number of authorized users, and monitoring API calling and user authorization. According to the data collected by these services, safety index of an application can be established for unified measurement of the application security status.
II Product Details
1 Service details
S/N |
Service description |
Service introduction |
Details |
Entry |
1 |
Protecting sensitive operations |
Protection for the operations on the open platform. A second-time verification is required when viewing or resetting Secret, modifying the callback URL, and deleting an application. |
Click here to view details |
Developer center-> Security center-> Protecting sensitive operations, shown as below:
|
2 |
Setting IP white list |
For the developer to set the IP white list of the server. After the setting, the AppKey will only support the server IP in the IP white list to call an API; the IP outside the white list can not call an API. For example, even if the AppKey or the Secret is stolen, the thief's request for calling an API will be refused by TOP as long as it is not launched by your own server IP. The error report is as follows:
<code>11</code> <msg>Insufficient isv permissions</msg> <sub_code>isv.permission-ip-whitelist-limit</sub_code> <sub_msg> The appkey 123456789 is only allowed to call from *.*.*.*, but your ip is #.#.#.# </sub_msg> </error_response>
|
1 Developer center-> Security center-> Setting IP white list, shown as below:  2 Developer center-> left of application page, shown as below: 
|
|
3 |
Hosting the server on www.net.cn. |
www.net.cn provides custom cloud host for ISV user of Taobao Open Platform, which uses the same room environment and route as Taobao, interconnects with Taobao intranet, and conforms, by default, to security requirements of Taobao for its host. By hosting the server on the www.net.cn, security of servers can be guaranteed. |
Click here to view details |
Developer center-> left of application page, shown as below:  |
4 |
Scanning black box bugs |
By active monitoring, TOP helps ISV to find defects of an application and improve its quality. |
Click here to view details |
Developer center-> Monitoring center-> Defect list, shown as below:  |
5 |
Setting number of authorized users |
Applications for different numbers of user groups will have different security levels. |
|
Developer center-> left of application page, shown as below:  |
6 |
Monitoring API calling |
According to the security precautions of an application, the scope of access by an application calling the API is different. |
System monitoring |
None |
7 |
Monitoring user authorization |
The sudden rise or drop of the number of authorized users for an application can be monitored. |
System monitoring |
None |
2 View application security index
1) Certificate management page
Click “Application management”-“Certificate management”
2) Security service page
Click “Security center”-“Application health index”
3) View application security service
Security service page
Click “Security center”-“Application health index”
