Partner CenterPartner Center

Elastic Cloud Server
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
Domain Name Service
VPC Endpoint
Cloud Connect
Enterprise Switch
Security & Compliance
Web Application Firewall
Host Security Service
Data Encryption Workshop
Database Security Service
Advanced Anti-DDoS
Data Security Center
Container Guard Service
Situation Awareness
Managed Threat Detection
Cloud Certificate Manager
Anti-DDoS Service
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GaussDB(for MySQL)
Distributed Database Middleware
GaussDB(for openGauss)
Developer Services
Distributed Cache Service
Simple Message Notification
Application Performance Management
Application Operations Management
Blockchain Service
API Gateway
Cloud Performance Test Service
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Cloud Communications
Message & SMS
Cloud Ecosystem
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP License Service
Support Plans
Customer Operation Capabilities
Partner Support Plans
Professional Services
Intelligent EdgeFabric
SDK Developer Guide
API Request Signing Guide
HCloud CLI
Updated at: Apr 13, 2022 GMT+08:00


You can use either of the following authentication methods when invoking an API:
  • Token authentication: Requests are authenticated using tokens. This method is relatively simple.
  • AK/SK authentication: Requests are encrypted using the access key ID (AK) and secret access key (SK). AK/SK authentication is recommended because it provides higher security than token authentication.

When a partner invokes some APIs, the customer authentication information is required. The partner can obtain this information only using the method provided in Obtaining a User Token with the assume_role Method or Obtaining a Temporary Access Key and Security Token Through an Agencysecuritytoken. Therefore, using token authentication is recommended.

Token Authentication

The validity period of a token is 24 hours. If a token needs to be used, the system caches the token to avoid frequent calling.

A token specifies certain permissions in a computer system. Authenticating using a token adds the token to the request header during API calling to obtain permissions to operate APIs through IAM.

In Constructing Requests, the process of calling the API for obtaining a user token is described as an example. After obtaining the partner or customer token, add the X-Auth-Token header in a request to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., add X-Auth-Token: ABCDEFJ.... in a request as follows:

Content-Type: application/json
X-Auth-Token: ABCDEFJ....

AK/SK Authentication

AK/SK authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token authentication is recommended.

In AK/SK authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.

  • AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.
  • SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.

In AK/SK authentication, you can use an AK/SK to sign requests based on the signature algorithm or using the signing SDK. For details about how to sign requests and use the signing SDK, see API Request Signing Guide.

The signing SDK is only used for signing requests and is different from the SDKs provided by services.

Did you find this page helpful?

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel