Help Center/ Log Tank Service/ More Documents/ API Reference(Paris Regions)/ Calling APIs/ Obtaining Request Authentication Information
Updated on 2024-03-05 GMT+08:00

Obtaining Request Authentication Information

You can use either of the following authentication methods when calling APIs:

  • Token authentication: Requests are authenticated using tokens.
  • AK/SK authentication: Requests are authenticated by encrypting the request body using an Access Key ID/Secret Access Key (AK/SK) pair. AK/SK authentication is recommended because it is more secure than token authentication.

Token Authentication

For token authentication, you must obtain a token and add the X-Auth-Token to the request header when calling APIs.

  1. Send POST https://IAM endpoint/v3/auth/tokens. Obtain the Identity and Access Management (IAM) endpoint and region name in the message body.

    Content in italic in the following example must be replaced with actual content.

    {
      "auth": {
        "identity": {
          "methods": [
            "password"
          ],
          "password": {
            "user": {
              "name": "username",
              "password": "password",
              "domain": {
                "name": "domainname"
              }
            }
          }
        },
        "scope": {
          "project": {
             "name": "aaa" 
          }
        }
      }
    }

  2. Obtain the token. After the request is processed, the value of X-Subject-Token in the message header is the token value.
  3. To call a service API, add X-Auth-Token to the request header. The value of X-Auth-Token is that of the token obtained in 2.

AK/SK Authentication

AK/SK authentication supports API requests with a body no larger than 12 MB. For API requests with a larger body, use token authentication.

In AK/SK authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.

  • AK: access key ID. It is a unique identifier associated with a secret access key and is used in conjunction with a secret access key to sign requests cryptographically.
  • SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.
In AK/SK authentication, you can use an AK/SK to sign requests based on the signature algorithm or use the signing SDK to sign requests.

The signing SDK is only used for signing requests and is different from the SDKs provided by services.