API Calling Methods

(Recommended) App authentication

High

After an API is authorized to an app, the key pair (AppKey and AppSecret) of the app is used for security authentication.

• (Recommended) SDKs for multiple languages such as Java, Go, Python, JavaScript, C#, PHP, C++, C and Android
• API tool: You must manually generate a signature using demo.html in the JavaScript SDK package so that the API tool can be used to call APIs.

• (Recommended) Using an SDK to Call an API Which Uses App Authentication
• Using an API Tool to Call an API Which Uses App Authentication

App authentication and SDKs are recommended, which can help you easily and quickly obtain open data through data APIs.

IAM authentication

Medium

After an API is authorized to an account using an IAM app or whitelist, the user token obtained from IAM is used for security authentication.

API tool: You need to call the API for obtaining a user token through password authentication to obtain a token, and then use an API tool to call the API.

Using an API Tool to Call an API Which Uses IAM Authentication

IAM authentication can be used when an API tool is used to call APIs.

None

Low

No authorization is required. All users can access APIs.

• API tool: An API tool can be used to call APIs directly, without authentication information.
• Browser: If the API input parameters are located in Query and Path, a browser can be used to call APIs. If the input parameters are located in Header or Body, the browser cannot be used to call APIs because the parameters cannot be transferred.

• Using an API Tool to Call an API Which Requires No Authentication
• Using a Browser to Call an API Which Requires No Authentication

It is recommended that the non-authentication mode be used only for testing APIs. If the caller is not a trusted user, there is a risk of data leakage, breakdowns caused by high concurrent access, SQL injection, and others.