Help Center/ Optical Character Recognition/ API Reference (ME-Abu Dhabi Region)/ Calling APIs/ Authentication
Updated on 2022-10-29 GMT+08:00
View PDF
Share

Authentication

Requests for calling an API can be authenticated using either of the following methods:

  • Token-based authentication: Requests are authenticated using a token.

    Call APIs using endpoints and tokens. Object Storage Service (OBS), Data Ingestion Service (DIS), Natural Language Processing (NLP), Optical Character Recognition (OCR), and Image Recognition in the UAE-Abu Dhabi -OP5 region cannot be called.

  • AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK pair.

    To call Object Storage Service (OBS), Data Ingestion Service (DIS), Natural Language Processing (NLP), Optical Character Recognition (OCR), or Image Recognition in the UAE-Abu Dhabi region, you need to create a user and generate an AK/SK. Then, call the corresponding API through AK/SK authentication and endpoint. For details about endpoints, visit https://docs.g42cloud.com/en-us/endpoint/index.html. For details about how to obtain the AK/SK for the UAE-Abu Dhabi region, see How Do I Obtain an Access Key (AK/SK) in the ME-Abu Dhabi-OP5 Region?.

Token-based Authentication

A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to a request to get permissions for calling the API.

  • A token is valid for 24 hours. When using a token for authentication, cache it to avoid frequent calling.

When calling the API to obtain a user token, you must set auth.scope in the request body to project.

username indicates the IAM username, domainname indicates the account name, ******** indicates the login password, and project name indicates the project name.

POST https://iam.ae-ad-1.g42cloud.com/v3/auth/tokens
Content-Type: application/json
{ 
    "auth": { 
        "identity": { 
            "methods": [ 
                "password" 
            ], 
            "password": { 
                "user": { 
                    "name": "username", //IAM username
                    "password": "********", //Password
                    "domain": { 
                        "name": "domainname" //Account name
                    } 
                } 
            } 
        }, 
        "scope": { 
            "project": { 
                "name": "project name" //Replace project name with the actual project name.
            } 
        } 
    } 
}

As shown in the following figure, x-subject-token in the response header is the desired user token. This token can then be used to authenticate the calling of OCR APIs.

Figure 1 Response header for obtaining a user token

AK/SK-based Authentication

AK/SK-based authentication supports API requests with a body less than or equal to 12 MB. For API requests with a larger body, perform token-based authentication.

In AK/SK-based authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.

  • AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.
  • SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.

In AK/SK-based authentication, you can use the AK/SK to sign requests based on the signature algorithm or use a dedicated signing SDK to sign requests. For details about how to sign requests and use the signing SDK, see API Request Signing Guide.

Parent topic: Calling APIs