Help Center/ API Gateway/ User Guide/ (Optional) Configuring Authorization for API Calling/ Configuring AppCodes for Simple Authentication
Updated on 2024-11-27 GMT+08:00

Configuring AppCodes for Simple Authentication

AppCodes are identity credentials of a credential used to call APIs in simple authentication mode. In this mode, the X-Apig-AppCode parameter (whose value is an AppCode on the credential details page) is added to the HTTP request header for quick response. APIG verifies only the AppCode and the request content does not need to be signed.

When an API is called using app authentication and simple authentication is enabled for the API, the key and secret can be used to sign and verify the API request. AppCodes can also be used for simple authentication.

  • For security purposes, simple authentication only supports API calls over HTTPS or gRPCS.
  • You can create a maximum of five AppCodes for each credential.

Generating an AppCode

  1. Go to the APIG console.
  2. Select a dedicated gateway at the top of the navigation pane.
  1. In the navigation pane, choose API Management > Credentials.
  1. Click the name of the target credential.
  2. Under AppCodes, click Add AppCode.
  3. Configure AppCode information and click OK.

    Table 1 AppCode configuration

    Parameter

    Description

    AppCode Type

    Select the method for generating an AppCode.

    • Automatically generated: An AppCode is generated by the system.
    • Custom: Specify an AppCode.

    AppCode

    Enter an AppCode if you set AppCode Type to Custom.

Using AppCode for Simple Authentication of API Requests

  1. When creating an API, set Authentication Mode to App and enable Simple Authentication.

    After you enable simple authentication for an existing API, you need to publish the API again to make the configuration take effect.

  2. Bind a credential to the API.
  3. When sending a request, add the X-Apig-AppCode parameter to the request header and omit the request signature.

    For example, when using curl, add the X-Apig-AppCode parameter to the request header and set the parameter value to the generated AppCode.

    curl -X GET "https://api.exampledemo.com/testapi" -H "content-type: application/json"  -H "host: api.exampledemo.com" -H "X-Apig-AppCode: xhrJVJKABSOxc7d***********FZL4gSHEXkCMQC"