Help Center/ Web3 Node Engine Service/ API Reference/ API Calling/ Authentication and Authorization
Updated on 2023-08-08 GMT+08:00

Authentication and Authorization

Requests for calling an API can be authenticated using either of the following methods:

  • Token-based authentication: Requests are authenticated using a token.
  • AK/SK authentication: Requests are encrypted using AK/SK pairs.

Token-based Authentication

The validity period of a token is 24 hours. If a token is used for authentication, cache it to prevent frequent API calls.

A token specifies certain permissions in a computer system. During API authentication using a token, the token is added to a request to get permissions for calling the API.

When calling an API to obtain a user token, set auth.scope in the request body to project.

{ 
    "auth": { 
        "identity": { 
            "methods": [ 
                "password" 
            ], 
            "password": { 
                "user": { 
                    "name": "username",
                    "password": "********",
                    "domain": { 
                        "name": "domainname"
                    } 
                } 
            } 
        }, 
        "scope": { 
            "project": { 
                "name": "xxxxxxxx" 
            } 
        } 
    } 
}

After a token is obtained, the X-Auth-Token header field must be added to requests to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., X-Auth-Token: ABCDEFJ.... can be added to a request as follows:

1
2
3
POST https://iam.ap-southeast-3.myhuaweicloud.com/v3/auth/projects
Content-Type: application/json
X-Auth-Token: ABCDEFJ....

AK/SK Authentication

AK/SK authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token authentication is recommended.

In AK/SK authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.

  • AK: an access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.
  • SK: a key that is used in conjunction with the AK to cryptographically sign requests. Signing a request identifies the sender and prevents the request from being modified.

In AK/SK authentication, you can use an AK/SK to sign requests based on the signature algorithm or using the signing SDK. For details about how to sign requests and use the signing SDK, see AK/SK Signing and Authentication Guide.

The signing SDK is only used for signing requests and is different from the SDKs provided by services.