Help Center> Natural Language Processing> API Reference> Calling APIs> Authentication
View PDF

Authentication

NLP currently supports the token-based authentication.

Token-based Authentication

A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to requests to get permissions for calling the API.

The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.

For details about how to obtain the token required by NLP, see the related information in the following section. For more details, see Obtaining a User Token.

In the case of the API used to obtain a user token, the request parameters and parameter description can be obtained from the API request. In the header of a request for calling this API, only the Content-Type field needs to be added. An example request is as follows:

Set the username (username), domain name (domainname), and login password (********). For details, see What Are the Username, Domain Name, and Project Name in the Token Message Body.

The endpoint for obtaining the token and project name must be consistent with that of the NLP service. To obtain a token when accessing the endpoint in CN North-Beijing4 (nlp-ext.cn-north-4.myhuaweicloud.com), use the endpoint https://iam.cn-north-4.myhuaweicloud.com and set projectname to cn-north-4.

When calling the API to obtain a user token, you must set auth.scope in the request body to project.

POST https://iam.cn-north-4.myhuaweicloud.com/v3/auth/tokens

Content-Type: application/json 
 
{ 
    "auth": { 
        "identity": { 
            "methods": [ 
                "password" 
            ], 
            "password": { 
                "user": { 
                    "name": "username", 
                    "password": "********", 
                    "domain": { 
                        "name": "domainname" 
                    } 
                } 
            } 
        }, 
        "scope": { 
            "project": { 
                "name": "projectname" 
            } 
        } 
    } 
}
As shown in the following picture, x-subject-token in the response header is the desired user token. This token can then be used to authenticate the calling of NLP APIs.
Figure 1 Header fields of the response to the request for obtaining a user token

AK/SK-based Authentication

To use AK/SK-based authentication, you are advised to see Natural Language Processing SDK Reference or use the signature SDK in this section.

AK/SK-based authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token-based authentication is recommended.

In AK/SK-based authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.

  • AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.
  • SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.

In AK/SK-based authentication, you can use an AK/SK to sign requests based on the signature algorithm or use the signing SDK to sign requests. For details about how to sign requests and use the signature SDK, see API Request Signing Guide.

The signing SDK is only used for signing requests and is different from the SDKs provided by services.

For details about how to obtain the AK/SK, see Obtaining an AK/SK.

Parent topic: Calling APIs