Authentication
You can choose any of the following authentication modes:
- Token-based authentication: Requests are authenticated using a token.
- API key authentication: If the model service deployed by a user needs to be called by other users, the original token-based authentication requires dynamic authentication and credential management, which is complex. In this case, API key authentication can be used. This method is more convenient than token-based authentication and complies with mainstream model calling specifications in the industry.
Token-based Authentication
A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to requests to get permissions for calling the API.

- A token is valid for 24 hours. When you need to use a token for authentication, you can cache it to prevent frequent calls.
Method for obtaining a token:
You can obtain a token by calling the related API. The following is an example of an API call:
- Pseudocode
POST https://iam.ap-southeast-1.myhuaweicloud.com/v3/auth/tokens //Obtain the token of the CN-Hong Kong region. Content-Type: application/json { "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", // IAM username "password": "********", //IAM user password "domain": { "name": "domainname" //Account name } } } }, "scope": { "project": { "name": "ap-southeast-1" //PanguLM is currently deployed in the CN-Hong Kong region, and the value is ap-southeast-1. } } } }
- Python
import requests import json url = "https://iam.ap-southeast-1.myhuaweicloud.com/v3/auth/tokens" payload = json.dumps({ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", "password": "********", "domain": { "name": "domainname" } } } }, "scope": { "project": { "name": "projectname" } } } }) headers = { 'Content-Type': 'application/json' } response = requests.request("POST", url, headers=headers, data=payload) print(response.headers["X-Subject-Token"])
Procedure for obtaining the token:
In this example, Postman is used to obtain the token.
- Log in to the system and access the My Credentials > API Credentials page to obtain the username, domain name, and project ID.
The PanguLM is deployed in the CN-Hong Kong region. You need to obtain the project ID that belongs to the CN-Hong Kong region.
Figure 1 Obtaining the username, domain name, and project ID - Start Postman and create a POST request. Enter the URL of the token obtaining API in the CN-Hong Kong region. Set the request header parameters.
- API address: https://iam.ap-southeast-1.myhuaweicloud.com/v3/auth/tokens
- Request header parameter: Content-Type; parameter value: application/json
Figure 2 Entering the URL and request header parameter - Enter the request body of the API for obtaining a token. Click Body, select raw, copy and enter the following code by referring to Figure 3, and enter the username, domain name, and password.
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", //IAM username "password": "********", //Huawei Cloud account password "domain": { "name": "domainname" //Account name } } } }, "scope": { "project": { "name": "ap-southeast-1" //PanguLM is currently deployed in the CN-Hong Kong region, and the value is ap-southeast-1. } } } }
- Click Send on Postman to send the request. If the status code 201 is returned, the API is successfully called. In this case, click Headers, find and copy the X-Subject-Token value, which is the token.
Figure 4 Obtaining a token
API Key Authentication
If the API service deployed by a user needs to be opened to other users, the original token-based authentication is not supported. In this case, API key authentication can be used to call APIs.
API key authentication is a method where the X-Apig-AppCode parameter (the parameter value is the API key value) is added to the HTTP request header during API calling. You do not need to sign the request content.
Before using this authentication mode, ensure that a large model has been deployed.
To obtain an API key, perform the following steps:
- Log in to ModelArts Studio and access the desired workspace.
- In the navigation pane on the left, choose Model Development > Application Access. Click Create application access in the upper right corner.
- Select All services for Associated Services, or select specifying service and then select a deployed large model. Then, click sure.
- Obtain the API key in the API Key column on the application access page.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot