Help Center/ ROMA Connect/ Developer Guide (ME-Abu Dhabi Region)/ Developer Guide for Service Integration/ Using App Authentication to Call APIs/ Preparations
Updated on 2022-12-05 GMT+08:00
View PDF
Share

Preparations

Before accessing an API through an SDK in App authentication mode, you must collect the required information.

  • Obtain the subdomain name, request path, and request protocol of the API.

    Log in to the ROMA Connect console. Choose API Connect > API Management > APIs, click an API to access the API details, and click API Request on the API Calling page. View the values of Subdomain Name, Path, and Protocol.

    Figure 1 Request definition
  • Publish the API in an environment before you can access it.

    Log in to the ROMA Connect console. Choose API Connect > API Management > APIs, click an API to access the API details, and click API Request on the API Calling page. View the API running environment. If no running environment is available, return to the API list and publish the API to the specified environment.

    Figure 2 Running environment information
  • Provide a valid AppKey and AppSecret to generate an authentication signature.

    On the ROMA Connect console, choose Integration Applications and click Create Integration Application to create an integration application. Click the application name to view the key and secret in the Basic Information area. Choose API Connect > API Management > APIs and authorize the API to the app. Then, you can use the key and secret of the app to access the API.

    • Key: access key ID of the app. It is a unique identifier associated with a secret access key and is used in conjunction with a secret access key to sign requests cryptographically.
    • Secret: secret access key used together with an AppKey to sign requests. The AppKey and AppSecret can be together used to identify a request sender to prevent the request from being modified.
  • When sending an API request, the SDK adds the current time to the X-Sdk-Date header and adds the signature information to the Authorization header. The signature is valid only within a limited period of time.

    The client must synchronize the local time with the NTP server to avoid a large offset in the value of X-Sdk-Date in the request header.

    In addition to verifying the time format of X-Sdk-Date, ROMA Connect also verifies the time difference between the time specified by X-Sdk-Date and the actual time when the request is received. If the time difference exceeds 15 minutes, ROMA Connect rejects the request.