Authentication
Requests for calling an API can be authenticated using either of the following methods:
- Token-based authentication: Requests are authenticated using a token.
- Access Key ID/Secret Access Key (AK/SK)-based authentication: Requests are authenticated by encrypting the request body using an AK/SK.
Token Authentication
The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API for obtaining a user token.
A token specifies temporary permissions in a computer system. Authentication using a token adds the token in a request as its header during API calling to obtain permissions to operate APIs. The token can be obtained by calling the API used to obtain a user token.
A cloud service can be deployed as either a project-level service or global service.
- For a project-level service, obtain a project-level token. When you call the API, set auth.scope in the request body to project.
- For a global service, obtain a global token. When you call the API, set auth.scope in the request body to domain.
When calling an API to obtain a user token, you must set auth.scope in the request body to project.
{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "username",
"password": "********",
"domain": {
"name": "domainname"
}
}
}
},
"scope": {
"project": {
"name": "xxxxxxxx"
}
}
}
}
After obtaining the token, add the X-Auth-Token header in a request to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., X-Auth-Token: ABCDEFJ.... can be added to a request header as follows:
GET https://iam.ap-southeast-1.myhuaweicloud.com/v3/auth/projects Content-Type: application/json X-Auth-Token: ABCDEFJ....
AK/SK Authentication
AK/SK authentication supports API requests with a body no larger than 12 MB. For API requests with a larger body, use token authentication.
In AK/SK-based authentication, the AK/SK is used to sign requests and the signature is then added to the requests for authentication.
- AK: access key ID. It is a unique ID associated with an SK. AK is used together with SK to sign requests.
- SK: secret access key. It is used together with an access key ID to identify a sender who initiates a request and to cryptographically sign requests, preventing the request from being modified.
In AK/SK-based authentication, you can use an AK/SK to sign requests based on the signature algorithm or use the signing SDK to sign requests. For details about how to sign requests and use the signing SDK, see AK/SK Signing and Authentication Guide.
The signing SDK is only used for signing requests and is different from the SDKs provided by services.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
