# 流程说明

## 流程描述

1. HG 调用 Headline 后端 API 注册和绑定用户
2. HG 用户点击打开Headline时，需要请求Headline API获取这个特定用户的一次性令牌。这个一次性令牌可以用于验证用户的身份并授权其访问Headline的相关内容。
3. HG 在获取到用户的一次性令牌后，可以在其页面中使用 iframe 元素嵌入Headline网站。在嵌入的URL中附加用户的一次性令牌，这样用户在访问该iframe时将自动进行登录过程，而无需手动输入用户名和密码。

<br>

## 交互流程图

<figure><img src="/files/8ASoNdPxKfcCuJqcMHky" alt=""><figcaption></figcaption></figure>

详细交互图：<https://www.processon.com/view/link/662d1a0858531d4d72e2acac>

## 注册绑定账户

HG业务系统注册用户时，需要调用HL交易系统接口进行用户注册和绑定。

通过ManagerApi进行创建用户和绑定操作，接口地址如下：

<https://docs.multimarkets.org/manager-api/customer/customer-registration>

#### 调用示例

```java
OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType,
"{\"phone\":\"{{mock_phone}}\",\"pwd\":\"dc483e80a7a0bd9ef71d8cf973673924\",\"country\":\"{{national_code}}\",\"registerSource\":1,\"customerGroupId\":1,\"tradeTypeCurrencyList\":[{\"allCurrency\":\"USDT\",\"tradeType\":\"1\"}],\"phoneArea\":\"+86\"}");
Request request = new Request.Builder()
  .url("https://web.headline.net/openapi-b/global/customer.admin.WhiteCustomerAdminApiService.addCusAndOpenAccountAndKyc")
  .post(body)
  .addHeader("accept", "application/json")
  .addHeader("content-type", "application/json")
  .build();

Response response = client.newCall(request).execute();
```

```json
{
  "msg": "Success",
  "fail": false,
  "trace": "t-h2jv9x-4to64-9mp4wd7-793nv-1661227305",
  "code": "0",
  "data": "86021976",
  "bizCode": "",
  "tm": 236026513,
  "msgParams": null,
  "ok": true
}
```

<br>

## 获取一次性令牌

在HG中打开Headline交易页面时，需要通过Headline后端接口获取一次有效令牌。

根据已经绑定的用户客户编号以及对应密码进行请求一次有效令牌，接口地址如下：

<https://docs.multimarkets.org/client-api/login>

```java
OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, 
"{\"type\":2,\"device\":1,\"loginName\":\"13429837442\",\"isThird\":false,\"thirdSource\":\"\",\"bindThirdUserId\":\"\",\"loginPwd\":\"dc483e80a7a0bd9ef71d8cf973673924\"}");
Request request = new Request.Builder()
  .url("https://web.headline.net/api/login/customer.app.CustomerWebApiService.login")
  .post(body)
  .addHeader("accept", "application/json")
  .addHeader("content-type", "application/json")
  .build();

Response response = client.newCall(request).execute();
```

```json
{
  "msg": "Success",
  "fail": false,
  "trace": "x-31z6g86n-kr01ct-4g1u-ci45-1678377046",
  "code": "0",
  "data": {
    "token": "a541f9d5-2507-42b3-b790-59e1f755c380app",
    "customerNo": "86001175",
    "customerGroupId": 1,
    "thirdUserId": null,
    "googleId": -1,
    "lastName": null,
    "country": "CN",
    "kycStatus": 1,
    "companyKycStatus": 2,
    "assertPassStatus": "2",
    "idCard": null,
    "thirdLoginSource": null,
    "payPassStatus": "2",
    "source": "H5",
    "type": 0,
    "registerSource": 1,
    "loginPassStatus": "2",
    "idCardType": null,
    "loginTime": 1678360534200,
    "associationCompanyId": null,
    "id": 1176,
    "activateStatus": null,
    "email": "22**@qq.com",
    "openAccountType": 0,
    "accountRemark": null,
    "companyType": "real",
    "registerTime": 1648777706117,
    "activateTime": null,
    "kycAuditStatus": 2,
    "optional": 1,
    "isFund": 0,
    "firstName": null,
    "companyId": 360,
    "thirdIntactMsg": null,
    "createTime": 1648777706117,
    "phone": "135******9561",
    "relationCustomerId": 0,
    "accountList": [],
    "name": null,
    "phoneArea": "+86",
    "deposit": 1,
    "rToken": "291e08e4e0af86b3d8af85f2947a02125a1c1746db58b303b06cc1aba389f4cd",
    "thirdServerCode": "",
    "status": 2,
    "withdraw": 1
  },
  "bizCode": "",
  "tm": 82650853,
  "msgParams": null,
  "ok": true
}
```

> 📘 重点说明：
>
> 返回结果中Token作为一次有效令牌，用于Headline页面的打开参数

<br>

## 打开交易页面

根据一次有效令牌，拼接成iframe 的url地址，如下格式：

<https://www.headline.net/zh-CN/home?tsource=10e87b3b-1278-43f3-a0cb-16cfba88ca4aapp>

> 📘 拼接参数格式：
>
> <https://www.headline.net/zh-CN/home?tsource=${token}>
>
> 其中token是有效令牌参数

<br>

## 换取有效令牌

> Headline交易UI需要修改，增加有效令牌换取真实access token的逻辑

Headline交易UI根据url中的tsource参数主动调用接口换取真实access token，接口地址如下：

<https://multimarkets-c-api-en.apidocumentation.com/reference#tag/customerauth/post/global/thirdExt/randomKey>

调用方式与结果：

```java
OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
  .url("https://web.headline.net/api/global/thirdExt/randomKey")
  .post(null)
  .addHeader("accept", "application/json")
  .addHeader("content-type", "application/json")
  .build();

Response response = client.newCall(request).execute();
```

```json
{
  "msg": "Success",
  "fail": false,
  "trace": "x-qfx13-8z5850-mf4l657-gkqbn-1677563999",
  "code": "0",
  "data": "qfx13-8z5850-mf4l657-gkqbn-167756399",
  "bizCode": "",
  "tm": 955,
  "msgParams": null,
  "ok": true
}
```

交易UI获取真实access token后写入浏览器本地缓存（local storage），用于后续交易访问令牌


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs-cn.multimarkets.org/web-iframe/liu-cheng-shuo-ming.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.