Authentication

Currently, KooDrive uses token-based authentication. App-based authentication is also provided to directly call KooDrive APIs.

Requests are authenticated using a token.

Constraints

A token is valid for 20 minutes. If an API is called within the validity period of the token, the validity period is reset. If no operation is performed within the validity period, the token becomes invalid.

Ensure that the token is valid when you use it. Using a token that will soon expire may cause API calling failures.

The authorization validity period is 15 minutes. Currently, Session Management and Other APIs do not support app-based authentication.

Token-based Authentication

A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to requests to get permissions for calling the API.

A token is obtained from the cookies after you log in to the service frontend. As shown in Figure 1, the value of Authorization is the AT to be obtained.

Figure 1 Obtaining a token
Click to enlarge

After a token is obtained, the Authorization header field must be added to requests to specify the token when calling other APIs. For example, if the token is ABCDEFG...., Authorization: ABCDEFG.... can be added to a request as follows:

POST https://intl.myhuaweicloud-koodrive.com/koodrive/ose/v1/files/batch
Content-Type: application/json
Authorization: xxx

App-based Authentication

You can use the app-based authentication generation rule provided by KooDrive to obtain the authentication and add the authentication to the request header.

Example:

Authorization: HMAC-SHA256 AppId=a378331eca141163119eb602adb67b7802cc79cd33ba44c7d2fe61d1586c96a1,SignedHeaders=host;x-date;x-user-id,Signature=bd355f202be40f95bf9510fd7bd48ad711a7d144c01df07d515ee0fbf3a47416
X-User-Id: 1505084218764547200
Host: 10.32.45.165
X-Date: 20240909T033325Z

Parent topic: Calling APIs

Previous topic: Making an API Request

Next topic: Response