Help Center/ ROMA Connect/ API Reference/ Service Integration APIs/ Signature Key Management/ Creating a Signature Key

Updated on 2023-06-29 GMT+08:00

View PDF

Creating a Signature Key

Function

To ensure API security, tenants are advised to provide a protection mechanism for API access. That is, for APIs exposed by tenants, the request sources must be authenticated. Requests that do not meet the authentication requirements will be rejected. The signature key is one of the API security protection mechanisms. A tenant creates a signature key and binds it to an API. When requesting the API, APIC uses the bound signature key to encrypt the request parameters and generate a signature. When a tenant's backend service receives a request, it verifies the signature. If the signature verification fails, the request is not sent by APIC. In this case, the tenant can reject the request to ensure API security and prevent the API from being attacked by requests from unknown sources.

URI

POST /v2/{project_id}/apic/instances/{instance_id}/signs

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain the project ID, see Appendix > Obtaining a Project ID in the ROMA Connect API Reference.
instance_id	Yes	String	Instance ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
name	Yes	String	Signature key name. The value can contain only letters, digits, and underscores(_) and must start with a letter. Minimum: 3 Maximum: 64
sign_type	No	String	Signature key type. hmac basic public_key aes The basic key type requires the instance to be upgraded to the corresponding version. If the basic key configuration does not exist in the instance, contact technical support to upgrade the instance. The public_key type can be used only when public_key is enabled for the instance. For details about the instance feature configuration, see Appendix > APIC Features Supported by ROMA Connect Instances in the API Reference. If the public_key configuration does not exist in the instance, contact technical support to enable public_key. The aes key type requires the instance to be upgraded to the corresponding version. If the basic key configuration does not exist in the instance, contact technical support to upgrade the instance.
sign_key	No	String	Signature key. hmac signature key: The value contains 8 to 32 characters, including letters, digits, underscores (_), and hyphens (-). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified. basic signature key: The value contains 4 to 32 characters, including letters, digits, underscores (_), and hyphens (-). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified. public_key signature key: The value contains 8 to 512 characters, including letters, digits, underscores (_), hyphens (-), plus signs (+), slashes (/), and equal signs (=). The value must start with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified. aes signature key: The value supports letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must start with a letter, digit, plus sign (+), or slash (/). If the signature algorithm is aes-128-cfb, the value is 16 characters. If the signature algorithm is aes-256-cfb, the value is 32 characters. A key is automatically generated by the backend if no key is specified.
sign_secret	No	String	Signature secret. hmac signature secret: The value contains 16 to 64 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified. basic signature secret: The value contains 8 to 64 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified. public_key signature secret: The value contains 15 to 2048 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified. Vector of the AES signature secret: The value contains up to 16 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified.
sign_algorithm	No	String	Signature algorithm. The default value is empty. Only AES signature keys support the signature algorithm. Other signature keys do not support the signature algorithm.

Response Parameters

Status code: 201

**Table 4** Response body parameters
Parameter	Type	Description
name	String	Signature key name. The value can contain only letters, digits, and underscores(_) and must start with a letter. Minimum: 3 Maximum: 64
sign_type	String	Signature key type. hmac basic public_key aes The basic key type requires the instance to be upgraded to the corresponding version. If the basic key configuration does not exist in the instance, contact technical support to upgrade the instance. The public_key type can be used only when public_key is enabled for the instance. For details about the instance feature configuration, see Appendix > APIC Features Supported by ROMA Connect Instances in the API Reference. If the public_key configuration does not exist in the instance, contact technical support to enable public_key. The aes key type requires the instance to be upgraded to the corresponding version. If the basic key configuration does not exist in the instance, contact technical support to upgrade the instance.
sign_key	String	Signature key. hmac signature key: The value contains 8 to 32 characters, including letters, digits, underscores (_), and hyphens (-). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified. basic signature key: The value contains 4 to 32 characters, including letters, digits, underscores (_), and hyphens (-). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified. public_key signature key: The value contains 8 to 512 characters, including letters, digits, underscores (_), hyphens (-), plus signs (+), slashes (/), and equal signs (=). The value must start with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified. aes signature key: The value supports letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must start with a letter, digit, plus sign (+), or slash (/). If the signature algorithm is aes-128-cfb, the value is 16 characters. If the signature algorithm is aes-256-cfb, the value is 32 characters. A key is automatically generated by the backend if no key is specified.
sign_secret	String	Signature secret. hmac signature secret: The value contains 16 to 64 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified. basic signature secret: The value contains 8 to 64 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified. public_key signature secret: The value contains 15 to 2048 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified. Vector of the AES signature secret: The value contains up to 16 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified.
sign_algorithm	String	Signature algorithm. The default value is empty. Only AES signature keys support the signature algorithm. Other signature keys do not support the signature algorithm.
update_time	String	Update time.
create_time	String	Creation time.
id	String	Signature key ID.

Status code: 400

**Table 5** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 401

**Table 6** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 403

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 404

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 500

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Example Requests

{
  "name" : "signature_demo",
  "sign_key" : "signkeysignkey",
  "sign_secret" : "signsecretsignsecretsignsecretsignsecret"
}

Example Responses

Status code: 201

Created

{
  "sign_secret" : "signsecretsignsecretsignsecretsignsecret",
  "update_time" : "2020-08-03T03:39:38.119032888Z",
  "create_time" : "2020-08-03T03:39:38.119032659Z",
  "name" : "signature_demo",
  "id" : "0b0e8f456b8742218af75f945307173c",
  "sign_key" : "signkeysignkey",
  "sign_type" : "hmac"
}

Status code: 400

Bad Request

{
  "error_code" : "APIG.2011",
  "error_msg" : "Invalid parameter value,parameterName:name. Please refer to the support documentation"
}

Status code: 401

Unauthorized

{
  "error_code" : "APIG.1002",
  "error_msg" : "Incorrect token or token resolution failed"
}

Status code: 403

Forbidden

{
  "error_code" : "APIG.1005",
  "error_msg" : "No permissions to request this method"
}

Status code: 404

Not Found

{
  "error_code" : "APIG.3030",
  "error_msg" : "The instance does not exist;id:f0fa1789-3b76-433b-a787-9892951c620ec"
}

Status code: 500

Internal Server Error

{
  "error_code" : "APIG.9999",
  "error_msg" : "System error"
}

Status Codes

Status Code	Description
201	Created
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
500	Internal Server Error

Error Codes

See Error Codes.

Parent topic: Signature Key Management

Previous topic: Signature Key Management

Next topic: Modifying a Signature Key

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot