Authentication
Calling an API can be authenticated using either of the following methods:
- Authentication using AK/SK: Requests are encrypted using access key ID (AK)/secret access key (SK). Authentication using AK/SK is recommended because it provides higher security than authentication using tokens.
- Authentication using tokens: General requests are authenticated using tokens.
Authentication Using AK/SK

- AK/SK authentication supports API requests with a body no larger than 12 MB. For API requests with a larger body, use token authentication.
- You can use the AK/SK in a permanent or temporary access key. The X-Security-Token field must be configured if the AK/SK in a temporary access key is used, and the field value is security_token of the temporary access key.
In authentication using AK/SK, AK/SK is used to sign a request and add the signature in a request as its header for authentication.
- AK: access key ID, which is a unique identifier associated with a secret access key and is used in conjunction with a secret access key to sign requests cryptographically.
- SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.

The signature SDK only supports signature, which is different from the SDKs provided by services.
Authentication Using Tokens

- The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the API.
- Ensure that the token is valid when you use it. Using a token that will soon expire may cause API calling failures.
A token specifies certain permissions in a computer system. Authentication using a token adds the token in a request as its header during API calling to obtain permissions to operate APIs.
When calling the API used to obtain a user token, you must set auth.scope in the request body to project.
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", "password": "********", "domain": { "name": "domainname" } } } }, "scope": { "project": { "name": "xxxxxxxx" } } } }
After obtaining the token, add the X-Auth-Token header in a request to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., add X-Auth-Token: ABCDEFJ.... in a request as follows:
POST https://iam.eu-west-101.myhuaweicloud.com/v3.0/OS-USER/users Content-Type: application/json X-Auth-Token: ABCDEFG....
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.