- What's New
- Function Overview
- Service Overview
- Billing
-
Getting Started
- Using a Public NAT Gateway to Enable Servers to Share One or More EIPs to Access the Internet
- Using a Public NAT Gateway to Enable Servers to Be Accessed by the Internet
- Using a Private NAT Gateway to Connect Cloud and On-premises Networks
- Using Multiple Public NAT Gateways Together in Performance-Demanding Scenarios
-
User Guide
- Public NAT Gateways
- Private NAT Gateways
- Permissions Management
- Tag Management
- Managing Quotas
- Monitoring
- Auditing
-
Best Practices
- Enabling Private Networks to Access the Internet Using a Cloud Connection and SNAT
- Using a Public NAT Gateway and Direct Connect to Accelerate Internet Access
- Using a Private NAT Gateway and Direct Connect to Enable Communications Between a VPC and an On-premises Data Center
- Using a Public NAT Gateway and VPC Peering to Enable Communications Between VPCs and the Internet
- Preserving Your Network with NAT Gateways During Cloud Migration
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- APIs of Public NAT Gateways
- APIs for Private NAT Gateways
- Application Examples
- Permissions Policies and Supported Actions
- Appendixes
- Out-of-Date APIs
- SDK Reference
-
FAQs
-
Public NAT Gateways
- What Is the Relationship Between a VPC, Public NAT Gateway, EIP Bandwidth, and ECS?
- How Does a Public NAT Gateway Offer High Availability?
- Which Ports Cannot Be Accessed?
- What Are the Differences Between Using a Public NAT Gateway and Using an EIP for an ECS?
- What Should I Do If I Fail to Access the Internet Through a Public NAT Gateway?
- Can I Change the VPC for a Public NAT Gateway?
- Does Public NAT Gateway Support IPv6 Addresses?
- What Security Policies Can I Configure to Implement Access Control If I Use a Public NAT Gateway?
- What Can I Do If Connection Between My Servers and the Internet Fails After I Add SNAT and DNAT Rules?
- Can a Public NAT Gateway Limit the Bandwidth of a Server?
- What Can I Do If the Number of Lost Packets of a Public NAT Gateway Exceeds the Threshold (or EIP Port Allocation Exceeds the Threshold)?
-
Private NAT Gateways
- How Do I Troubleshoot a Network Failure After a Private NAT Gateway Is Configured?
- How Many Private NAT Gateways Can I Buy in a VPC?
- Can I Increase the Numbers of SNAT and DNAT Rules Supported by a Private NAT Gateway?
- Can Private NAT Gateways Translate On-premises IP Addresses Connected to the Cloud Through Direct Connect?
- What Are the Differences Between Private NAT Gateways and Public NAT Gateways?
- Can a Private NAT Gateway Be Used Across Accounts?
-
SNAT Rules
- Why Do I Need SNAT?
- What Are SNAT Connections?
- What Is the Bandwidth of a Public NAT Gateway That Is Used by Servers to Access the Internet? How Do I Configure the Bandwidth?
- How Do I Resolve Packet Loss or Connection Failure Issues When Using a NAT Gateway?
- What Should I Do If My ECS Fails to Access a Server on the Public Network Through a Public NAT Gateway?
- What Are the Relationships and Differences Between the CIDR Blocks in a NAT Gateway and in an SNAT Rule?
- DNAT Rules
-
Public NAT Gateways
- Videos
- Glossary
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Overview
- Getting Started
- Managing NAT Gateways
- Managing SNAT Rules
- Managing DNAT Rules
- Monitoring Management
-
FAQs
-
NAT Gateway
- What Is the Relationship Between VPC, NAT Gateway, EIP Bandwidth, and ECS?
- How Does A NAT Gateway Offer High Availability?
- Which Ports Cannot Be Accessed?
- What Can I Do If I Fail to Access the Internet Through the NAT Gateway?
- Can I Change the VPC for a NAT Gateway After It Is Created?
- What Is the Quota of the NAT Gateway?
-
SNAT
- Why SNAT Is Used?
- What Are SNAT Connections?
- What Is the Bandwidth of the NAT Gateway When a Server Accesses the Internet Through the NAT Gateway? Where Can I Configure the Bandwidth?
- How Do I Resolve Packet Loss or Connection Failure Issues When Using a NAT Gateway?
- What Are the Relationships and Differences Between the CIDR Blocks in a NAT Gateway and in an SNAT Rule?
- DNAT
-
NAT Gateway
- Change History
- API Reference (ME-Abu Dhabi Region)
-
User Guide (Paris Region)
- Overview
-
Getting Started
- Allowing a Private Network to Access the Internet Using SNAT
- Allowing Internet Users to Access a Service in a Private Network Using DNAT
- Allowing On-Premises Servers to Communicate with the Internet
- Using Private NAT Gateways to Enable Communications Between Cloud and On-premises Networks
- Using Multiple Public NAT Gateways Together in Performance-Demanding Scenarios
- Public NAT Gateways
- Private NAT Gateways
- Permissions Management
- Monitoring
-
FAQs
-
Public NAT Gateways
- What Is the Relationship Between a VPC, Public NAT Gateway, EIP Bandwidth, and ECS?
- How Does a Public NAT Gateway Offer High Availability?
- Which Ports Cannot Be Accessed?
- What Are the Differences Between Using a NAT Gateway and Using an EIP for an ECS?
- What Should I Do If I Fail to Access the Internet Through a NAT Gateway?
- Can I Change the VPC for a NAT Gateway?
- What Is the Quota of the NAT Gateway?
- Can I Update NAT Gateways and SNAT Rules?
- Does NAT Gateway Support IPv6 Addresses?
- What Security Policies Can I Configure to Implement Access Control If I Use a NAT Gateway?
- What Can I Do If Connection Between My Servers and the Internet Fails After I Add SNAT and DNAT Rules?
-
Private NAT Gateways
- How Do I Troubleshoot a Network Failure After a Private NAT Gateway Is Configured?
- How Many Private NAT Gateways Can I Create in a VPC?
- Can I Increase the Numbers of SNAT and DNAT Rules Supported by a Private NAT Gateway?
- Can an SNAT Rule and a DNAT Rule of a Private NAT Gateway Share the Same Transit IP Address?
- Can Private NAT Gateways Translate On-premises IP Addresses Connected to the Cloud Through Direct Connect?
- What Are the Differences Between Private NAT Gateways and Public NAT Gateways?
- Can a Private NAT Gateway Be Used Across ?
-
SNAT Rules
- Why Do I Need SNAT?
- What Are SNAT Connections?
- What Is the Bandwidth of a NAT Gateway That Is Used by Servers to Access the Internet? How Do I Configure the Bandwidth?
- How Do I Resolve Packet Loss or Connection Failure Issues When Using a NAT Gateway?
- What Should I Do If My ECS Fails to Access a Server on the Public Network Through a NAT Gateway?
- What Are the Relationships and Differences Between the CIDR Blocks in a NAT Gateway and in an SNAT Rule?
- DNAT Rules
-
Public NAT Gateways
- Change History
- API Reference (Paris Region)
-
User Guide (Kuala Lumpur Region)
- Overview
- Getting Started
- Managing NAT Gateways
- Managing SNAT Rules
- Managing DNAT Rules
- Permissions Management
- Monitoring Management
-
FAQs
- NAT Gateway
-
SNAT
- Why Is SNAT Used?
- What Are SNAT Connections?
- What Is the Bandwidth of the NAT Gateway When a Server Accesses the Internet Through the NAT Gateway? Where Can I Configure the Bandwidth?
- How Do I Resolve Packet Loss or Connection Failure Issues When Using a NAT Gateway?
- What Are the Relationships and Differences Between the CIDR Blocks in a NAT Gateway and in an SNAT Rule?
- DNAT
- Change History
- API Reference (Kuala Lumpur Region)
-
User Guide (Ankara Region)
- Service Overview
- Getting Started
- Public NAT Gateways
- Private NAT Gateways
- Permissions Management
- Monitoring
-
FAQs
- Public NAT Gateways
-
Private NAT Gateways
- How Do I Troubleshoot a Network Failure After a Private NAT Gateway Is Configured?
- How Many Private NAT Gateways Can I Create in a VPC?
- Can Private NAT Gateways Translate On-premises IP Addresses Connected to the Cloud Through Direct Connect?
- What Are the Differences Between Private NAT Gateways and Public NAT Gateways?
- Can a Private NAT Gateway Be Used Across Accounts?
- SNAT Rules
- DNAT Rules
- Change History
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
- APIs for Public NAT Gateways
- Private Nat API
- Permissions Policies and Supported Actions
- Common Parameters
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Copied.
Making an API Request
This section describes the structure of a REST API request, and uses the IAM API for obtaining a user token as an example to demonstrate how to call an API. The obtained token can then be used to authenticate the calling of other APIs.
Request URI
A request URI is in the following format:
{URI-scheme}://{Endpoint}/{resource-path}?{query-string}
Although a request URI is included in the request header, most programming languages or frameworks require the request URI to be transmitted separately.
Parameter |
Description |
---|---|
URI-scheme |
Protocol used to transmit requests. All APIs use HTTPS. |
Endpoint |
Domain name or IP address of the server bearing the REST service. The endpoint varies between services in different regions. It can be obtained from Regions and Endpoints. |
resource-path |
Access path of an API for performing a specified operation. Obtain the path from the URI of an API. For example, the resource-path of the API used to obtain a user token is /v3/auth/tokens. |
query-string |
Query parameter, which is optional. Ensure that a question mark (?) is included before each query parameter that is in the format of Parameter name=Parameter value. For example, ? limit=10 indicates that a maximum of 10 data records will be displayed. |
To simplify the URI display in this document, each API is provided only with a resource-path and a request method. The URI-scheme of all APIs is HTTPS, and the endpoints of all APIs in the same region are identical.
Request Methods
Method |
Description |
---|---|
GET |
Requests the server to return specified resources. |
PUT |
Requests the server to update specified resources. |
POST |
Requests the server to add resources or perform special operations. |
DELETE |
Requests the server to delete specified resources, for example, an object. |
HEAD |
Same as GET except that the server must return only the response header. |
PATCH |
Requests the server to update partial content of a specified resource. If the resource does not exist, a new resource will be created. |
For example, in the case of the API used to obtain a user token, the request method is POST. The request is as follows:
1 |
POST https://{{endpoint}}/v3/auth/tokens |
Request Header
You can also add additional header fields to a request, such as the fields required by a specified URI or HTTP method. For example, to request for the authentication information, add Content-Type, which specifies the request body type.
Parameter |
Description |
Mandatory |
Example Value |
---|---|---|---|
Host |
Specifies the server domain name and port number of the resources being requested. The value can be obtained from the URL of the service API. The value is in the format of Hostname:Port number. If the port number is not specified, the default port is used. The default port number for https is 443. |
No This field is mandatory for AK/SK authentication. |
code.test.com or code.test.com:443 |
Content-Type |
Specifies the type (or format) of the message body. The default value application/json is recommended. Other values of this field will be provided for specific APIs if any. |
Yes |
application/json |
Content-Length |
Specifies the length of the request body. The unit is byte. |
No |
3495 |
X-Project-Id |
Specifies the project ID. Obtain the project ID by following the instructions in Obtaining a Project ID. |
No This field is mandatory for requests that use AK/SK authentication in the Dedicated Cloud (DeC) scenario or multi-project scenario. |
e9993fc787d94b6c886cbaa340f9c0f4 |
X-Auth-Token |
Specifies the user token. It is a response to the API for obtaining a user token (This is the only API that does not require authentication). After the request is processed, the value of X-Subject-Token in the response header is the token value. |
No This field is mandatory for token authentication. |
The following is part of an example token: MIIPAgYJKoZIhvcNAQcCo...ggg1BBIINPXsidG9rZ |
In addition to supporting authentication using tokens, APIs support authentication using AK/SK, which uses SDKs to sign a request. During the signature, the Authorization (signature authentication) and X-Sdk-Date (time when a request is sent) headers are automatically added in the request.
For more details, see "Authentication Using AK/SK" in Authentication.
The API used to obtain a user token does not require authentication. Therefore, only the Content-Type field needs to be added to requests for calling the API. An example of such requests is as follows:
1 2 |
POST https://{{endpoint}}/v3/auth/tokens Content-Type: application/json |
(Optional) Request Body
This part is optional. The body of a request is often sent in a structured format (for example, JSON or XML) as specified in the Content-Type header field. The request body transfers content except the request header.
The request body varies between APIs. Some APIs do not require the request body, such as the APIs requested using the GET and DELETE methods.
In the case of the API used to obtain a user token, the request parameters and parameter description can be obtained from the API request. The following provides an example request with a body included. Replace username, domainname, ******** (login password), and xxxxxxxxxxxxxxxxxx (project name) with the actual values. Obtain a project name from Regions and Endpoints.
The scope parameter specifies where a token takes effect. You can set scope to an account or a project under an account. In the following example, the token takes effect only for the resources in a specified project. For more information about this API, see "Obtaining a User Token".
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
POST https://{{endpoint}}/v3/auth/tokens Content-Type: application/json { "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", "password": "********", "domain": { "name": "domainname" } } } }, "scope": { "project": { "name": "xxxxxxxxxxxxxxxxxx" } } } } |
If all data required for the API request is available, you can send the request to call the API through curl, Postman, or coding. In the response to the API used to obtain a user token, X-Subject-Token is the desired user token. This token can then be used to authenticate the calling of other APIs.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot