API (Application Program Interface) security implementation method and system, medium and API framework implementation method

The invention relates to an API security implementation method and system, a medium and an API framework implementation method, and belongs to the technical field of computers. The method for the server side comprises a verification configuration and sending step and an extraction step. A verification step; and a step of resending the CSRF-Token. The method for the client comprises the following steps of: receiving an initial CSRF-Token; an interaction request sending step; and a response receiving step and a secondary CSRF-Token step are carried out. According to the method, the user interaction request is verified based on the one-time CSRF-Token and the timestamp, and compared with the prior art that verification is carried out only through the timestamp, replay attacks can be effectively defended, configuration is convenient, extra expenses are not increased, and the interaction and verification process is almost noninductive. 本发明涉及一种API安全实现方法、系统、介质及API框架实现方法，属于计算机技术领域。用于服务器端方法包括：验证配置及发送步骤，提取步骤；验证步骤；重新发送C