Preparation
Before calling APIs in app authentication mode, complete the following operations:
- Obtain API request information
On the APIG console, choose API Publishing > APIs, and click an API name to go to the details page. Choose API Call > API Request, and view the domain name, request path, and request method.
- Publish APIs in an environment
On the APIG console, choose API Publishing > APIs, and click an API name to go to the details page. Choose API Call > API Request, and view the environment in which the API has been published.
- Obtain API authentication information
To sign an API request cryptographically through app authentication (signature authentication), the AppKey and AppSecret of an app authorized to call the API are required. On the APIG console, choose API Calling > Apps. Go to the details page of an app, and obtain the AppKey and AppSecret.
- AppKey or Key: access key ID of an app. It is the unique ID associated with a secret access key. The access key ID and secret access key are together used to obtain an encrypted signature for a request.
- AppSecret or Secret: secret access key used together with an access key ID to sign requests. The access key ID and secret access key can be together used to identify a request sender to prevent the request from being modified.
- When sending an API request, add the current time to the X-Sdk-Date header and the signature information to the Authorization header.
The local time on the client must be synchronized with the clock server to avoid a large error in the value of the X-Sdk-Date request header.
APIG checks the time format and compares the time with the time when APIG receives the request. If the time difference exceeds 15 minutes, APIG will reject the request.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.