Authentication

You can use either of the authentication methods below to call APIs.

AK/SK-based authentication: Requests are encrypted using an AK/SK.
Token-based authentication: Requests are authenticated using a token.

AK/SK-based Authentication

AK/SK-based authentication supports only requests with a body not larger than 12 MB. For requests with a larger body, use token-based authentication.
You can use either a permanent or temporary AK/SK. If you use a temporary AK/SK, the request must contain the X-Security-Token field whose value is the security_token of the temporary AK/SK.

In AK/SK-based authentication, the AK/SK is used to sign requests and the signature is then added to the request for authentication.

AK: a unique identifier used with an SK to sign requests cryptographically.
SK: a key used with an AK to sign requests, identify a request sender, and prevent the request from being modified.

In AK/SK-based authentication, you can use an AK/SK to sign requests based on the signature algorithm or use the signing SDK to sign requests. For details about how to sign requests and use the signing SDK, see AK/SK Signing and Authentication Guide.

The signing SDK is only used for signing requests and is different from the SDKs provided by services.

Token-based Authentication

A token obtained from IAM is valid for 24 hours. You can cache a token to avoid frequent API calls.
Before using a token, ensure that the token will not expire during the API calling.

A token is a temporary credential that grants permissions. During token-based authentication, the token is added to requests to get permissions for calling an API.

When calling an API to obtain a user token, you must set auth.scope in the request body to project.

{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "name": "username",
                    "password": "********",
                    "domain": {
                        "name": "domainname"
                    }
                }
            }
        },
        "scope": {
            "project": {
                "name": "xxxxxxxx"
            }
        }
    }
}

After obtaining the token, add X-Auth-Token to the request header of each API request. The token you obtained is the value of X-Auth-Token. For example, if the token is ABCDEFG...., add X-Auth-Token: ABCDEFG.... to the request header as follows:

POST https://iam.ap-southeast-1.myhuaweicloud.com/v3.0/OS-USER/users
Content-Type: application/json
X-Auth-Token: ABCDEFG....

Parent topic: Calling APIs

Previous topic: Making an API Request

Next topic: Responses

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot