Help Center/ Cloud Service Engine/ API Reference(Ally Region)/ Calling APIs/ Authentication
Updated on 2025-12-30 GMT+08:00
View PDF
Share

Authentication

You can use either of the following authentication methods to call APIs:

  • Token-based authentication: Requests are authenticated using a token.
  • AK/SK-based authentication: Requests are encrypted using an AK/SK pair

Token-based Authentication

  • The validity period of a token is 24 hours. If a token is used for authentication, cache it to prevent frequent API calling.
  • Ensure that the token is valid when you use it. Using a token that will soon expire may cause API calling failures.

A token specifies temporary permissions in a computer system. During token-based API authentication, the token is added to requests to get permissions for calling the API.

To obtain a token, call the API by referring to Obtaining a User Token Through Password Authentication. This service requires a project-level token to call APIs, you must set auth.scope in the request body to project.

{ 
    "auth": { 
        "identity": { 
            "methods": [ 
                "password" 
            ], 
            "password": { 
                "user": { 
                    "name": "username", 
                    "password": "********", 
                    "domain": { 
                        "name": "domainname" 
                    } 
                } 
            } 
        }, 
        "scope": { 
            "project": { 
                "name": "xxxxxxxx" 
            } 
        } 
    } 
}

After a token is obtained, the X-Auth-Token header field must be added to requests to specify the token when calling other APIs. For example, if the token is ABCDEFG...., add X-Auth-Token: ABCDEFG.... to a request as follows:

POST https://iam.ally-visitor-1.myhuaweicloud.com/v3.0/OS-USER/users 
Content-Type: application/json 
X-Auth-Token: ABCDEFG....

AK/SK-based Authentication

AK/SK authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token authentication is recommended.

In AK/SK-based authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.

  • AK: access key ID. It is a unique identifier associated with a secret access key and is used in conjunction with a secret access key to sign requests cryptographically.
  • SK: secret access key. It is used together with an AK to identify a sender who initiates a request and to cryptographically sign requests, preventing the request from being modified.

In AK/SK-based authentication, you can sign requests using an AK/SK based on the signature algorithm or using the signing SDK.

Unlike SDKs provided by services, the signing SDK is only for signing.

Parent topic: Calling APIs