Authentication

Updated on 2024-08-19 GMT+08:00

API calling is authenticated using either of the following methods:

  • Token authentication: Common requests are authenticated using Tokens.
  • AK/SK authentication: Requests are encrypted using the access key ID and secret access key (AK/SK pair) to provide higher security. AK/SK authentication is recommended because it provides higher security than token authentication.

Token Authentication

A token specifies certain permissions in a computer system. Authentication using a token adds the token in a request as its header during API calling to obtain permissions to operate APIs through IAM.

NOTE:

The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API.

When calling the API to obtain a user token, you must set auth.scope in the request body to project.

{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "name": "username",
                    "password": "********",
                    "domain": {
                        "name": "domainname"
                    }
                }
            }
        },
        "scope": {
            "project": {
                "name": "xxxxxxxx"
            }
        }
    }
}

After obtaining the token, add the X-Auth-Token header in a request to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., add X-Auth-Token: ABCDEFJ.... in a request as follows:

1
2
3
GET https://iam.ap-southeast-1.myhuaweicloud.com/v3/auth/projects
Content-Type: application/json
X-Auth-Token: ABCDEFJ....

AK/SK Authentication

In authentication using AK/SK, AK/SK is used to sign a request and add the signature in a request as its header for authentication.

NOTE:

Authentication using AK/SK supports API requests with a body not larger than 12 MB. For API requests with a larger body, authentication using tokens is recommended.

  • AK: access key ID, which is a unique identifier associated with a secret access key and is used in conjunction with a secret access key to sign requests cryptographically.
  • SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.

In authentication using AK/SK, you can use AK/SK to sign requests based on the signature algorithm or use a dedicated signature SDK to sign the requests.

For details about how to sign requests and use the signature SDK, see API Signing Guide.

NOTE:

The signature SDK only supports signature, which is different from the SDKs provided by services.

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback