Making an API Request
This section describes how to make a REST API request, and uses the IAM API for obtaining a user token as an example to describe how to call an API. The obtained token is used to authenticate the calling of other APIs.
Request URI
A request URI is in the following format:
{URI-scheme} :// {Endpoint} / {resource-path} ? {query-string}
Although a request URI is included in a request header, most programming languages or frameworks require the request URI to be separately transmitted, rather than being conveyed in a request message.
- URI-scheme:
Protocol used to transmit requests. All APIs use HTTPS.
- Endpoint:
Domain name or IP address of the server bearing the REST service endpoint. Obtain the value from Regions and Endpoints.
For example, the endpoint of IAM in region CN North-Beijing1 is iam.cn-north-1.myhuaweicloud.com.
- resource-path:
API access path for performing a specified operation. Obtain the value from the URI of the API. For example, the resource-path of the API for obtaining a user token is /v3/auth/tokens.
- query-string:
Query parameter, which is optional. Not all APIs have a query parameter. Ensure that a question mark (?) is included before a query parameter that is in the format of "Parameter name=Parameter value". For example, ? limit=10 indicates that a maximum of 10 pieces of data is to be viewed.
For example, to obtain the IAM token in region CN North-Beijing1, obtain the endpoint (iam.cn-north-1.myhuaweicloud.com) of this region and the resource-path (/v3/auth/tokens) in the URI of the API, which is used for obtaining a user token. Then, assemble these fields as follows:
https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokens
To simplify the URI display, each API is provided with only a resource-path and a request method. This is because the URI-scheme value of all APIs is HTTPS, and the endpoints in a region are the same. Therefore, the two parts are omitted.
Request Methods
HTTP-based request methods, which are also called operations or actions, specify the type of operations that you are requesting.
- GET: requests the server to return specified resources.
- PUT: requests the server to update specified resources.
- POST: requests the server to add resources or perform special operations.
- DELETE: requests the server to delete specified resources, for example, an object.
- HEAD: requests a server resource header.
- PATCH: requests the server to update partial content of a specified resource. If the resource is unavailable, the PATCH method is used to create a resource.
For example, in the URI for obtaining a user token, the request method is POST, and the request is as follows:
POST https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokens
Request Header
You can also add additional fields to a request, such as the fields required by a specified URI or an HTTP method. For example, add Content-Type that defines a request body type to request for the authentication information.
Common request headers are as follows:
- Content-Type: specifies the request body type or format. This field is mandatory and its default value is application/json. For other values, the description will be provided for specific APIs.
- X-Auth-Token: specifies a user token, which is a response to the API for obtaining a user token (only this API does not require authentication). X-Auth-Token is optional. It is mandatory only for authentication using tokens.
In addition to supporting authentication using tokens, DMS APIs support authentication using AK/SK, which uses SDKs to sign a request. During the signature, the Authorization (signature authentication) and X-Sdk-Date (time when a request is sent) headers are automatically added in the request.
For more details, see Authentication Using AK/SK.
The API for obtaining a user token does not require authentication. Therefore, this API only requires adding the Content-Type field. The request with the added Content-Type header is as follows:
POST https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokens Content-Type: application/json
Request Body
A request body is generally sent in a structured format. It corresponds to Content-Type in the request header and transfers data except for the request header. If the request body contains Chinese characters, these characters must be coded in UTF-8.
The request body varies according to the APIs. Certain APIs do not require the request body, such as the GET and DELETE APIs.
For the API of obtaining a user token, obtain the request parameters and parameter description in the API request. The following provides an example request with a body included. Replace username, domainname, ******** (login password), and xxxxxxxxxxxxxxxxxx (project ID, such as cn-north-1) with the actual values. Obtain the project ID from the Region column of Regions and Endpoints.
scope specifies where a token takes effect. In the following example, the token takes effect only on the resources specified by the project ID. You can set the scope to an account or a project under an account. For details, see obtaining a user token.
POST https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokens
Content-Type: application/json
{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "username",
"password": "********",
"domain": {
"name": "domainname"
}
}
}
},
"scope": {
"project": {
"name": "xxxxxxxxxxxxxxxxxx"
}
}
}
} If all data required by a request is available, you can send the request to call an API through curl, Postman, or coding. For the API of obtaining a user token, x-subject-token in the response header is the desired user token. Then, you can use the token to authenticate the calling of other APIs.
Last Article: Calling APIs
Next Article: Authentication
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.