Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Using an API Tool to Call an API Which Uses IAM Authentication

Updated on 2025-02-18 GMT+08:00

Before calling an API which uses IAM authentication, call the IAM API for obtaining a user token to obtain the token, which can be used for security authentication.

This section uses Postman as an example to describe how to use an API tool to call an API which uses IAM authentication. The procedure is as follows:
  1. Obtaining API Information: Prepare key information of the API.
  2. Obtaining a Token: Call the API for obtaining a user token to obtain the token.
  3. Calling an API: Use Postman to call the API.

Prerequisites

  • Postman has been installed. If it has not been installed, download it from the Postman official website and install it.

Notes and Constraints

  • APIs which use IAM authentication authorized to apps of the IAM type can be called only using the token of the current account or those of its users, rather than any other account or user If needed, you can use a whitelist to authorize the APIs to other accounts. For details, see Authorizing an API Which Uses IAM Authentication Through a Whitelist.
  • To call an API in DataArts DataService locally, you need to bind an EIP to the DataArts DataService Exclusive cluster when creating the cluster.
  • The validity period of a token is 24 hours. If you use the same token for authentication, cache the token to prevent frequent API calls.
  • When an API in DataArts DataService is called, if the total duration of query and response exceeds 60 seconds (default value), a timeout error is reported. In this case, you can optimize the API configuration based on the API calling duration recorded in the access log.
    ____________Duration information__________ 
    duration: 60491ms //Total duration
    url_duration: 0ms //URL matching duration
    auth_duration: 70ms //Authentication duration
    befor_sql_duration: 402ms //Preprocessing duration before SQL execution
    sql_duration: 60001ms //SQL execution duration
    after_sql_duration:18ms //Postprocessing duration after SQL execution

Obtaining API Information

  1. Log in to the DataArts Studio console by following the instructions in Accessing the DataArts Studio Instance Console.
  2. On the DataArts Studio console, locate a workspace and click DataArts DataService.
  3. In the left navigation pane, choose an edition, for example, Exclusive Edition. The Overview page is displayed.
  4. Obtain the URL, request method, and input parameters of the API to be called.

    In the navigation pane on the left, choose APIs. Locate the API to be called, click the API name to access its details page, and record the URL, request method, and input parameters of the API.

    • URL for calling the API: The exclusive edition supports both private and public IP addresses. To use the public IP address, you need to bind an EIP to the cluster during cluster creation. If you want to call an API in DataArts DataService Exclusive locally, you need to use a public IP address to ensure network connectivity.
    • Input parameters: In this example, an API with various input parameter locations is created to describe how to enter various input parameters during an API call.
      Figure 1 Recording the URL, request method, and input parameters

Obtaining a Token

  1. Start Postman and add an API request.
  2. Use an API tool to call the API to obtain the token.

    When calling the API to obtain a user token, you must set auth.scope in the request body to project.

    NOTE:

    In the request, POST https://IAM endpoint/v3/auth/tokens is the URL, and Content-Type: application/json is the message header. The content in {} is the request body.

    Configure the bold and italic parameters based on site requirements.

    • IAM endpoint indicates the endpoint of IAM.

      An endpoint is the request address for calling an API. Endpoints vary depending on services and regions. You can obtain endpoints from Regions and Endpoints.

    • username indicates the username, domainname indicates the account to which the user belongs, ******** indicates the login password, and xxxxxxxxxxxxxxxxxx indicates the project ID. To obtain the username, account name, and project ID, perform the following steps:
      1. Register with and log in to the management console.
      2. Hover the cursor on the username in the upper right corner and select My Credentials from the drop-down list.
      3. On the API Credentials page, obtain the account name, account ID, IAM username, and IAM user ID, and obtain the project and its ID from the project list.
    POST https://IAM endpoint/v3/auth/tokens
    Content-Type: application/json
    { 
        "auth": { 
            "identity": { 
                "methods": [ 
                    "password" 
                ], 
                "password": { 
                    "user": { 
                        "name": "username", 
                        "password": "********", 
                        "domain": { 
                            "name": "domainname" 
                        } 
                    } 
                } 
            }, 
            "scope": { 
                "project": { 
                    "id": "xxxxxxxxxxxxxxxxxx" 
                } 
            } 
        } 
    }
    Figure 2 Obtaining a token by calling

  3. Obtain the value of x-subject-token in the response header, which is the user token. When calling an API, you can add the token to the request header to obtain the permission to call the API through identity authentication.

    Figure 3 Obtaining a token

Calling an API

  1. Start Postman and add an API request.
  2. Configure the API request as follows:

    • Request method and calling URL: Obtain them by referring to Obtaining API Information. If input parameters include Path and Query parameters, you need to change the {path} variable in the API calling URL to the value of the Path parameter, and add the value of the Query parameter to the end of the API calling URL in the following format: ?Query parameter name=Query parameter value, for example, ?query=1 in this example.
      Figure 4 Request method and calling URL
    • Params: If the Query parameter has been added to the end of the calling URL in the ?Query parameter name=Query parameter value format, the value of Query Params is automatically generated. Otherwise, you need to enter a value.
      Figure 5 Params
      If you want to customize the calling result, set the following Query parameters:
      • (Optional) Pagination configuration: By default, the system assigns pagination data to the APIs created using configuration or a script/MyBatis. If you want to obtain specified pagination data, modify the following parameters. pageSize indicates the page size, and pageNum indicates the page number.
        Figure 6 Pagination parameters
        NOTE:

        For APIs created using a script/MyBatis with custom pagination configuration, the pagination logic is written to the data acquisition SQL statement during API creation. Therefore, the pagination settings cannot be modified during an API call.

      • (Optional) Sorting configuration: By default, the system provides the default sorting based on the ranking parameters. By default, the custom ranking mode is ascending. To change the sorting, modify the pre_order_by parameter. The value of pre_order_by is in either of the following formats: Ranking parameter name:ASC (ascending order) or Ranking parameter name:DESC (descending order). Separate multiple ranking parameter descriptions by semicolons (;).
        Figure 7 Ranking parameters
        You can change the value of pre_order_by as follows:
        • Delete an optional ranking parameter. The parameter is no longer used for ranking.
        • Change the ranking mode of a ranking parameter whose ranking mode is custom to ascending or descending. The ranking parameter is sorted based on the new ranking mode.
        NOTE:
        The value of pre_order_by cannot be changed in any of the following ways. Otherwise, the change does not take effect or an error is reported during API calling.
        • If a mandatory ranking parameter is deleted, the parameter is still used for ranking and the deletion does not take effect.
        • Adjustment of the sequence of ranking parameters will not take effect. The sequence of ranking parameters configured during the creation of an API through configuration, a script, or MyBatis will still be used.
        • If you change the ranking mode of a ranking parameter whose ranking mode is ascending or descending, the API cannot be called. Such a change is not allowed.
      • (Optional) Number of returned records: If Return Total Records is enabled during API creation, it takes a long time to obtain the total number of data records if the data table corresponding to the API contains a large amount of data. In this case, if you do not want the system to calculate and return the total number of data records during an API call, you can modify the use_total_num parameter. The use_total_num parameter specifies whether to calculate and return the total number of data records. If its value is 1, the total number of data records is returned. If its value is not 1, the total number of data records is not returned.
        Figure 8 Number of returned records
    • Headers: Enter the value of x-subject-token recorded in Obtaining a Token for X-Auth-Token, and enter parameter header and its value.
      NOTE:

      By default, Postman automatically selects Host and generates a host value from the URI.

      Figure 9 Headers
    • Body: Select the raw format and use braces ({}) to enclose a string in "Body parameter name":Body parameter value format, for example, {"body":4} in this example.
      Figure 10 Body

  3. After configuring the API request, click Send to send a request to the server and check the returned result. If "errCode":"DLM.0" is returned, the API is successfully called. If the API call fails, rectify the fault based on the error message.

    NOTE:

    If the API call fails and message "Could not get any response" is displayed, disable SSL certificate verification or proxy as prompted, and try again.

    Figure 11 Calling an API

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback