Help Center> API Gateway> Developer Guide> Calling APIs Through IAM Authentication> AK/SK Authentication
Updated on 2023-12-22 GMT+08:00
View PDF

AK/SK Authentication

This section describes how to use AK and SK to sign requests.
  • AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.
  • SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.

Generating an AK and SK Pair

If an AK/SK pair has already been generated, skip this step. Find the downloaded AK/SK file, which is usually named credentials.csv.

As shown in the following figure, the file contains the username, access key ID, and secret access key.

Figure 1 Content of the credential.csv file
Perform the following procedure to generate an AK/SK pair:
  1. Log in to the console.
  2. Hover the mouse pointer over the username and choose My Credentials from the drop-down list.
  1. Choose Access Keys from the navigation pane.
  2. Click Create Access Key.
  3. Enter the verification code or login password as prompted, and click OK to download the access key. Keep the access key secure.

Generating a Signature

Generate a signature in the same way as in App authentication mode. Replace AppKey with AK and replace AppSecret with SK to complete the signing and request processing. You can sign requests to access APIs by using Java, Go, Python, C#, JavaScript, PHP, C++, C, and Android.

The local time on the client must be synchronized with the clock server to avoid a large error in the value of the X-Sdk-Date request header.

APIG (API Management) checks the time format and compares the time with the time when APIG (API Management) receives the request. If the time difference exceeds 15 minutes, APIG will reject the request.