Authentication

Updated on 2022-09-19 GMT+08:00

Calling an API can be authenticated using either of the following methods:

  • Authentication using tokens: General requests are authenticated using tokens.
  • Authentication using AK/SK: Requests are encrypted using access key ID (AK)/secret access key (SK). Authentication using AK/SK is recommended because it provides higher security than authentication using tokens.

Authentication Using Tokens

NOTE:

The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the API.

A token specifies certain permissions in a computer system. Authentication using a token adds the token in a request as its header during API calling to obtain permissions to operate APIs.

You can obtain a token by calling the API for obtaining a user token. A project-level token is required for calling APIs of this service. To obtain such a project-level token, set auth.scope to the project name in the request body for calling the API for obtaining a user token.

{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "name": "username",
                    "password": "********",
                    "domain": {
                        "name": "domainname"
                    }
                }
            }
        },
        "scope": {
            "project": {
                "name": "xxxxxxxx"
            }
        }
    }
}

After obtaining the token, add the X-Auth-Token header in a request to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., add X-Auth-Token: ABCDEFJ.... in a request as follows:

POST https://iam.eu-west-101.myhuaweicloud.com/v3/auth/projects
Content-Type: application/json
X-Auth-Token: ABCDEFJ....

Authentication Using AK/SK

NOTE:

Authentication using AK/SK supports API requests with a body not larger than 12 MB. For API requests with a larger body, authentication using tokens is recommended.

In authentication using AK/SK, AK/SK is used to sign a request and add the signature in a request as its header for authentication.

  • AK: access key ID, which is a unique identifier associated with a secret access key and is used in conjunction with a secret access key to sign requests cryptographically.
  • SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.
In authentication using AK/SK, you can use AK/SK to sign requests based on the signature algorithm or use a dedicated signature SDK to sign the requests. For details about how to sign requests and use the signature SDK, see API Request Signing Guide.
NOTICE:

The signature SDK only supports signature, which is different from the SDKs provided by services.

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback