Authentication
You can use either of the following authentication methods when calling an API:
- IAM: Requests are authenticated using a token.
- App: You can use app authentication after API providers open their APIs on APIG. Depending on the API authentication method you choose, you need to obtain the required credentials. For details about app authentication, see Calling APIs Through App Authentication. We recommend AppCode-based authentication.
IAM Authentication
IAM uses token-based authentication.

- The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the API used to obtain a user token.
- Ensure that the token is valid while you use it. Using a token that will soon expire may cause API calling failures.
A token specifies certain permissions in a computer system. During API authentication using a token, the token is added to the request header to get permissions for calling the API.
When calling the API to obtain a user token, you must set auth.scope in the request body to project.
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", //Username "password": "********", //Login password "domain": { "name": "domainname" //Name of the account to which the user belongs } } } }, "scope": { "project": { "name": "xxxxxxxx" //Project name } } } }
After a token is obtained, the X-Auth-Token header field must be added to requests to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., X-Auth-Token: ABCDEFJ.... can be added to a request as follows:
POST https://iam.ap-southeast-1.myhuaweicloud.com/v3.0/OS-USER/users Content-Type: application/json X-Auth-Token: ABCDEFJ....
App Authentication
AppCode authentication in App authentication is a relatively more straightforward authentication method for API calling. For authentication, it adds the X-Apig-AppCode parameter to the HTTP request header, without the need for a complex signature-signing process. Use app authentication where the client environment is secure and controllable, for example, for API calling between internal systems.
To use app authentication, publish the API to the target environment, and while doing this, select app authentication as the authentication method. For details, see .
The procedure for enabling app authentication is as follows:
- Go to the details page of a KooSearch service.
- Log in to the CSS management consoleCSS management console.
- In the navigation pane on the left, choose KooSearch > KooSearch Document Q&A.
- Click the name of the target service to go to the service details page.
- Click the API Management tab.
- Select the published API and click Publish in the Operation column.
- Click Credential Management. The credential management page is displayed.
- Click the name of the credential used by the API. On the displayed credential details page, check the value of AppCode.
- When using Postman to send a request, add the parameter X-Apig-AppCode to the request header, and ignore the request signature. Set the value to the generated AppCode, as shown in the figure below.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot