Updated on 2023-06-29 GMT+08:00

Binding a Signature Key

Function

A signature key takes effect only after being bound to an API.

When requesting the backend service, APIC uses the signature key to cryptographically sign requests. The backend service verifies the signature to identify request sources.

This API is used to bind a signature key to one or more published APIs. You can bind different signature keys to an API in different environments, but can bind only one signature key to the API in each environment.

URI

POST /v2/{project_id}/apic/instances/{instance_id}/sign-bindings

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID. For details about how to obtain the project ID, see Appendix > Obtaining a Project ID in the ROMA Connect API Reference.

instance_id

Yes

String

Instance ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

sign_id

Yes

String

Cloud server list.

publish_ids

Yes

Array of strings

ID of an API publication record.

Response Parameters

Status code: 201

Table 4 Response body parameters

Parameter

Type

Description

bindings

Array of SignApiBindingInfo objects

List of binding relationships between APIs and signature keys.

Table 5 SignApiBindingInfo

Parameter

Type

Description

publish_id

String

API publication ID.

api_id

String

API ID.

group_name

String

API group name.

binding_time

String

Time when the policy is bound to the API.

env_id

String

ID of the environment in which the API was published.

env_name

String

Name of the environment in which the API was published.

api_type

Integer

API type.

api_name

String

API name.

id

String

Binding record ID.

api_remark

String

API description.

sign_id

String

Signature key ID.

sign_name

String

Signature key name, The value contains 3 to 64 characters, including letters, digits, and underscores (_). It must start with a letter.

sign_key

String

Signature key.

  • hmac: The value must start with a letter or digit and can include letters, digits, underscores (_), and hyphens (-) (8 to 32 characters). If not specified, a key is automatically generated.

  • basic: The value must start with a letter and can include letters, digits, underscores (_), and hyphens (-) (4 to 32 characters). If not specified, a key is automatically generated.

  • public_key: The value can start with a letter, digit, plus sign (+), or slash (/), and can include letters, digits, underscores (_), hyphens (-), plus signs (+), and slashes (/) (8 to 512 characters). If not specified, a key is automatically generated.

  • aes: The value contains 16 characters if the aes-128-cfb algorithm is used or 32 characters if the aes-256-cfb algorithm is used. Letters, digits, and special characters (_-!@#$%+/=) are allowed. It must start with a letter, digit, plus sign (+), or slash (/). If not specified, a key is automatically generated.

sign_secret

String

Signature secret.

  • hmac: The value must start with a letter or digit, and can include letters, digits, and special characters (_-!@#$%) (16 to 64 characters). If not specified, a key is automatically generated.

  • basic: The value must start with a letter or digit, and can include letters, digits, and special characters (_-!@#$%) (8 to 64 characters). If not specified, a key is automatically generated.

  • public_key: The value can start with a letter, digit, plus sign (+), or slash (/), and can include letters, digits, and special characters (_-!@#$%+/=) (15 to 2048 characters). If not specified, a key is automatically generated.

  • aes: The value contains 16 characters, including letters, digits, and special characters (_-!@#$%+/=). It must start with a letter, digit, plus sign (+), or slash (/). If not specified, a key is automatically generated.

sign_type

String

Signature key type:

  • hmac

  • basic

  • public_key

  • aes

To use a basic signature key, ensure that your instance version supports it. Contact technical support to upgrade your instance if needed.

To use a public_key signature key, ensure that the public_key feature has been configured for your instance. For details, see "Appendix" > "APIC Features Supported by ROMA Connect Instances". If your instance does not support this feature, contact technical support to enable it.

To use an AES signature key, ensure that your instance version supports it. Contact technical support to upgrade your instance if needed.

Status code: 400

Table 6 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 401

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 403

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 404

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 500

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Example Requests

{
  "sign_id" : "0b0e8f456b8742218af75f945307173c",
  "publish_ids" : [ "40e7162dc6b94bbbbb1a60d2a24b1b0c" ]
}

Example Responses

Status code: 201

Created

{
  "bindings" : [ {
    "api_id" : "5f918d104dc84480a75166ba99efff21",
    "sign_secret" : "dc02fc5f30714d6bb21888389419e2b3",
    "group_name" : "api_group_001",
    "sign_id" : "0b0e8f456b8742218af75f945307173c",
    "sign_key" : "a071a20d460a4f639a636c3d7e3d8163",
    "binding_time" : "2020-08-03T04:00:11.638167852Z",
    "env_id" : "DEFAULT_ENVIRONMENT_RELEASE_ID",
    "env_name" : "RELEASE",
    "sign_name" : "signature_demo",
    "api_type" : 1,
    "api_name" : "Api_http",
    "id" : "25082bd52f74442bb1d273993d567938",
    "api_remark" : "Web backend Api",
    "publish_id" : "66a645f1d6294fa6899cb1ed1c51bc4c",
    "sign_type" : "hmac"
  } ]
}

Status code: 400

Bad Request

{
  "error_code" : "APIG.2012",
  "error_msg" : "Invalid parameter value,parameterName:sign_id. Please refer to the support documentation"
}

Status code: 401

Unauthorized

{
  "error_code" : "APIG.1002",
  "error_msg" : "Incorrect token or token resolution failed"
}

Status code: 403

Forbidden

{
  "error_code" : "APIG.1005",
  "error_msg" : "No permissions to request this method"
}

Status code: 404

Not Found

{
  "error_code" : "APIG.3017",
  "error_msg" : "Signature key 0b0e8f456b8742218af75f945307173c does not exist"
}

Status code: 500

Internal Server Error

{
  "error_code" : "APIG.9999",
  "error_msg" : "System error"
}

Status Codes

Status Code

Description

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

Error Codes

See Error Codes.