Authentication
- AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK pair.
- Token-based authentication: Requests are authenticated using a token.
AK/SK-based Authentication

- AK/SK-based authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token-based authentication is recommended.
- Both AK/SK in a permanent access key or in a temporary access are supported. The X-Security-Token field must be configured when the AK/SK in the temporary access key is used, and the field value is the security_token of the temporary access key.
In AK/SK-based authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.
- AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.
- SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.

The signing SDK is only used for signing requests and is different from the SDKs provided by services.
Token-based Authentication

- The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently API calling.
- Ensure that the token is valid when you use it. Using a token that will soon expire may cause API calling failures.
A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to requests to get permissions for calling the API.
The token can be obtained by calling the API for obtaining a user token through password authentication. A project-level token is required for calling this service API, that is, when calling the API for obtaining a user token through password authentication, set the value of auth.scope in the request body to project.
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", "password": "********", "domain": { "name": "domainname" } } } }, "scope": { "project": { "name": "xxxxxxxx" } } } }
After a token is obtained, the X-Auth-Token header field must be added to requests to specify the token when calling other APIs. If the token is ABCDEFG...., add X-Auth-Token: ABCDEFG.... to a request.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.