- What's New
- Function Overview
- Service Overview
- Getting Started
- User Guide
- Best Practices
- API Reference
- SDK Reference
-
FAQs
- Must I Use an IAM User (Sub Account) to Configure Transfer on CTS and Perform Operations on an OBS Bucket?
- What Information Is on the Trace List?
- How Will CTS Be Affected If My Account Balance Is Insufficient?
- What Are the Recommended Users of CTS?
- What Will Happen If I Have Enabled Trace Transfer But Have Not Configured an Appropriate Policy for an OBS Bucket?
- Does CTS Support Integrity Verification of Trace Files?
- Why Are There Some Null Fields on the View Trace Page?
- Why Is an Operation Recorded Twice in the Trace List?
- What Services Are Supported by Key Event Notifications?
- How Can I Store Trace Files for a Long Time?
- Why Are user and source_ip Null for Some Traces with trace_type as SystemAction?
- How Do I Find Out Who Created a Specific ECS?
- How Do I Find Out the Login IP Address of an IAM User?
- Why Are Two deleteMetadata Traces Generated When I Buy an ECS in Pay-per-Use or Yearly/Monthly?
- What If I Cannot Query Traces?
- Can I Disable CTS?
- How Do I Make the Log Retention Period 180 Days?
- What Can I Do If a Tracker Cannot Be Created on the CTS Console?
- What Should I Do If I Cannot Enable CTS as an IAM User?
- How Do I Enable Alarm Notifications for EVS?
- Can I Receive Duplicate Traces?
- What Should I Do If I Fail to Transfer Data to an OBS Bucket Authorized by a Key of Another Tenant?
- Does the cts_admin_trust Agency Include OBS Authorization?
- Does CTS Record ECS Creation Failures?
- Glossary
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- Querying Traces
- Management Trackers
- Data Trackers
- Application Examples
- Trace References
- Cross-Tenant Transfer Authorization
- Verifying Trace File Integrity
- Auditing
- Permissions Management
- Supported Services and Operations
-
FAQs
- Must I Use an IAM User (Sub Account) to Configure Transfer on CTS and Perform Operations on an OBS Bucket?
- What Information Is on the Trace List?
- How Will CTS Be Affected If My Account Balance Is Insufficient?
- What Are the Recommended Users of CTS?
- What Will Happen If I Have Enabled Trace Transfer But Have Not Configured an Appropriate Policy for an OBS Bucket?
- Does CTS Support Integrity Verification of Trace Files?
- Why Are There Some Null Fields on the View Trace Page?
- Why Is an Operation Recorded Twice in the Trace List?
- What Services Are Supported by Key Event Notifications?
- How Can I Store Trace Files for a Long Time?
- Why Are user and source_ip Null for Some Traces with trace_type as SystemAction?
- How Do I Find Out Who Created a Specific ECS?
- How Do I Find Out the Login IP Address of an IAM User?
- Why Are Two deleteMetadata Traces Generated When I Buy an ECS?
- What If I Cannot Query Traces?
- Can I Disable CTS?
- How Do I Enable Alarm Notifications for EVS?
- Can I Receive Duplicate Traces?
- Does CTS Record ECS Creation Failures?
- API Reference (ME-Abu Dhabi Region)
-
User Guide (Paris)
- Service Overview
- Getting Started
- Querying Traces
- Management Trackers
- Application Examples
- Trace References
- Cross-Tenant Transfer Authorization
- Verifying Trace File Integrity
- Auditing
- Permissions Management
- Supported Services and Operations
-
FAQs
- Must I Use an IAM User (Sub Account) to Configure Transfer on CTS and Perform Operations on an OBS Bucket?
- How Will CTS Be Affected If My Account Balance Is Insufficient?
- What Are the Recommended Users of CTS?
- What Will Happen If I Have Enabled Trace Transfer But Have Not Configured an Appropriate Policy for an OBS Bucket?
- Does CTS Support Integrity Verification of Trace Files?
- Why Are There Some Null Fields on the View Trace Page?
- Why Is an Operation Recorded Twice in the Trace List?
- What Services Are Supported by Key Event Notifications?
- How Can I Store Trace Files for a Long Time?
- Why Are user and source_ip Null for Some Traces with trace_type as SystemAction?
- How Do I Find Out Who Created a Specific ECS?
- How Do I Find Out the Login IP Address of an IAM User?
- Why Are Two deleteMetadata Traces Generated When I Buy an ECS?
- What If I Cannot Query Traces?
- Can I Disable CTS?
- How Do I Enable Alarm Notifications for EVS?
- Can I Receive Duplicate Traces?
- Does CTS Record ECS Creation Failures?
- API Reference (Paris)
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Getting Started
- Querying Traces
- Management Trackers
- Trackers
- Organization Trackers
- Application Examples
- Trace References
- Cross-Tenant Transfer Authorization
- Verifying Trace File Integrity
- Auditing
- Permissions Management
- Supported Services and Operations
-
FAQs
- Must I Use an IAM User (Sub Account) to Configure Transfer on CTS and Perform Operations on an OBS Bucket?
- What Information Is on the Trace List?
- How Will CTS Be Affected If My Account Balance Is Insufficient?
- What Are the Recommended Users of CTS?
- What Will Happen If I Have Enabled Trace Transfer But Have Not Configured an Appropriate Policy for an OBS Bucket?
- Does CTS Support Integrity Verification of Trace Files?
- Why Are There Some Null Fields on the View Trace Page?
- Why Is an Operation Recorded Twice in the Trace List?
- What Services Are Supported by Key Event Notifications?
- How Can I Store Trace Files for a Long Time?
- Why Are user and source_ip Null for Some Traces with trace_type as SystemAction?
- How Do I Find Out Who Created a Specific ECS?
- How Do I Find Out the Login IP Address of an IAM User?
- Why Are Two deleteMetadata Traces Generated When I Buy an ECS?
- What If I Cannot Query Traces?
- Can I Disable CTS?
- How Do I Enable Alarm Notifications for EVS?
- Can I Receive Duplicate Traces?
- Does CTS Record ECS Creation Failures?
- API Reference (Kuala Lumpur Region)
-
User Guide (ME-Abu Dhabi Region)
- Videos
- General Reference
Copied.
Authentication
You can use either of the following authentication methods when calling APIs:
- AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK pair. AK/SK-based authentication is recommended because it is more secure than token-based authentication.
- Token-based authentication: Requests are authenticated using a token.
AK/SK-based Authentication
- AK/SK-based authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, use token-based authentication.
- You can use the AK/SK in a permanent or temporary access key. The X-Security-Token field must be configured if the AK/SK in a temporary access key is used, and the field value is security_token of the temporary access key.
In AK/SK-based authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.
- AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.
- SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.
The signing SDK is only used for signing requests and is different from the SDKs provided by services.
Token-based Authentication
- The validity period of a token is 24 hours. If a token is used for authentication, cache it to prevent frequent API calling.
- Ensure that the token is valid when you use it. Using a token that will soon expire may cause API calling failures.
A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to requests to get permissions for calling the API.
You can obtain a token by calling the API for obtaining a user token. This API is project-level. When calling it, you must set auth.scope in the request body to project.
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", "password": "********", "domain": { "name": "domainname" } } } }, "scope": { "project": { "name": "xxxxxxxx" } } } }
After a token is obtained, the X-Auth-Token header field must be added to requests to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., X-Auth-Token: ABCDEFJ.... can be added to a request as follows:
POST https://iam.ap-southeast-1.myhuaweicloud.com/v3.0/OS-USER/users Content-Type: application/json X-Auth-Token: ABCDEFJ....
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot