Halaman ini belum tersedia dalam bahasa lokal Anda. Kami berusaha keras untuk menambahkan lebih banyak versi bahasa. Terima kasih atas dukungan Anda.
ROMA Connect
ROMA Connect
- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
- Usage Process
- Instances
- Integration Application Management
-
Data Source Management
- Data Sources Supported by ROMA Connect
- Connecting to an API Data Source
- Connecting to an ActiveMQ Data Source
- Connecting to an ArtemisMQ Data Source
- Connecting to a DB2 Data Source
- Connecting to a DIS Data Source
- Connecting to a DWS Data Source
- Connecting to the DM Data Source
- Connecting to a Gauss100 Data Source
- Connecting to an FTP Data Source
- Connecting to an HL7 Data Source
- Connecting to a HANA Data Source
- Connecting to a HIVE Data Source
- Connecting to an LDAP Data Source
- Connecting to an IBM MQ Data Source
- Connecting to a Kafka Data Source
- Connecting to a MySQL Data Source
- Connecting to a MongoDB Data Source
- Connecting to an MQS Data Source
- Connecting to an MRS Hive Data Source
- Connecting to an MRS HDFS Data Source
- Connecting to an MRS HBase Data Source
- Connecting to an MRS Kafka Data Source
- Connecting to an OBS Data Source
- Connecting to an Oracle Data Source
- Connecting to a PostgreSQL Data Source
- Connecting to a Redis Data Source
- Connecting to a RabbitMQ Data Source
- Connecting to a RocketMQ Data Source
- Connecting to an SAP Data Source
- Connecting to an SNMP Data Source
- Connecting to a SQL Server Data Source
- Connecting to a GaussDB(for MySQL) Data Source
- Connecting to a WebSocket Data Source
- Connecting to a Custom Data Source
- Data Integration Guide
-
Service Integration Guide
- Usage Introduction
- Exposing an API
- Exposing a Function API
- Exposing a Data API
- Calling an API
- Managing APIs
- Managing Custom Backends
- Configuring API Control Policies
- Configuring API Plug-in Policies
- Configuring a Custom Authorizer
- Configuring Signature Verification for Backend Services
- Configuring API Cascading
-
Service Integration Guide (Old Edition)
- Usage Introduction
- Exposing APIs
- Creating and Exposing Data APIs
- Creating and Exposing Function APIs
- Calling an API
- Managing APIs
- Managing Custom Backends
- Managing Control Policies
- Managing Plug-ins
- Configuring a Custom Authorizer
- Configuring Signature Verification for Backend Services
- Configuring API Cascading
- Message Integration Guide
- Device Integration Guide
- Increasing Resource Quota
- Audit Logs
- Monitoring Metrics
- Permissions
- User Guide(new)
-
Best Practices
- Digital Reconstruction of Traditional Parking Lot Management Systems
- Sharing Enterprise Data Using APIs
- Integrating and Converting Service Data Across Systems
- Building an Enterprise Service Open Platform
- Developing a Custom Authorizer with a Custom Backend
- Avoiding MQS Message Accumulation
- Synchronizing Data from MySQL to Oracle as Scheduled
-
Developer Guide
- Developer Guide for Data Integration
-
Developer Guide for Service Integration
- Overview
- Developing API Calling Authentication (App)
- Developing API Calling Authentication (IAM)
-
Developing Custom Function Backends
- Overview
- AesUtils
- APIConnectResponse
- Base64Utils
- CacheUtils
- CipherUtils
- ConnectionConfig
- DataSourceClient
- DataSourceConfig
- ExchangeConfig
- HttpClient
- HttpConfig
- JedisConfig
- JSON2XMLHelper
- JSONHelper
- JsonUtils
- JWTUtils
- KafkaConsumer
- KafkaProducer
- KafkaConfig
- MD5Encoder
- Md5Utils
- QueueConfig
- RabbitMqConfig
- RabbitMqProducer
- RedisClient
- RomaWebConfig
- RSAUtils
- SapRfcClient
- SapRfcConfig
- SoapClient
- SoapConfig
- StringUtils
- TextUtils
- XmlUtils
- Developing Custom Data Backends
- Developing Signature Verification for Backend Services
- Developer Guide for Message Integration
-
Developer Guide for Device Integration
- Overview
- Preparations
- Configuring Device Integration
-
MQTT Topic Specifications
- Before You Start
- Gateway Login
- Adding a Gateway Subdevice
- Response for Adding a Gateway Subdevice
- Updating the Gateway Subdevice Status
- Response for Updating the Gateway Subdevice Status
- Deleting a Gateway Subdevice
- Querying Gateway Information
- Response for Querying Gateway Information
- Delivering a Command to a Device
- Response for Delivering a Command to a Device
- Reporting Device Data
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
Public Resource APIs
-
Application Management
- Verifying the Existence of an Application
- Querying Applications
- Creating an Application
- Querying Application Details
- Updating an Application
- Deleting an Application
- Querying an Application Secret
- Resetting an Application Secret
- Querying Application Members
- Setting Application Members
- Querying Candidate Members
- Asset Management
- Dictionary Management
- Public Management
- Instance Management
-
Application Management
-
Data Integration APIs
- Data Source Management
- Task Monitoring and Management
-
Task Management
- Creating a Common Task
- Querying a Task List
- Counting the number of tasks of different types and states
- Updating a Common Job
- Querying Information About a Specified Task
- Deleting a Task
- Manually Triggering a Single Task
- Manually Stopping the Current Task
- Creating a Schedule
- Querying a Schedule
- Modifying a Scheduling
- Starting or Stopping Tasks in Batches
- Creating a Composite Task
- Initializing the Combined Task
- Modifying a Combined Task
- Resetting the Progress of the Combined Task
- Creating Combined Task Mappings
- Deleting the Specified Task Mapping
-
Service Integration APIs
- Instance Management
- API Group Management
-
API Management
- Creating an API
- Modifying an API
- Deleting an API
- Publishing an API or Taking an API Offline
- Querying Details of an API
- Querying APIs
- Publishing APIs or Taking APIs Offline in Batches
- Debugging an API
- Switching API Versions
- Querying Details of an API Version
- Taking an API Version Offline
- Querying Historical Versions of an API
- Querying the Runtime Definition of an API
- Verifying the API Definition
- Environment Management
- Environment Variable Management
- Domain Name Management
- Request Throttling Policy Management
- Binding a Request Throttling Policy to an API
- Excluded Request Throttling Configuration
- Signature Key Management
- Binding Signature Keys
- Access Control Policy Management
- Binding Access Control Policies
- API Import and Export
-
VPC Channel Management
- Creating a VPC Channel
- Updating a VPC Channel
- Deleting a VPC Channel
- Querying Details of a VPC Channel
- Querying VPC Channels
- Adding or Updating Backend Servers
- Querying Backend Servers of a VPC Channel
- Updating a Backend Instance
- Deleting a Backend Server
- Enabling Backend Servers in Batches
- Disabling Backend Servers in Batches
- Modifying VPC Channel Health Checks
- Adding or Updating a Backend Server Group of a VPC Channel
- Querying the List of Backend Cloud Service Groups of a VPC Channel
- Viewing Details About a Backend Server Group of a VPC Channel
- Deleting a VPC Backend Server Group
- Updating a Backend Server Group of a VPC Channel
-
Client Configuration
- Querying Apps
- Querying Details of an App
- Creating an AppCode
- Generating an AppCode
- Querying AppCodes of an App
- Querying Details of an AppCode
- Deleting an AppCode
- Querying Application Quotas Associated with an Application Quota
- Configuring Access Control for an App
- Querying Details About App Access Control
- Deleting Access Control for an App
-
Client Quotas
- Creating a client quota.
- Modifying a Client Quota
- Delete a Client Quota
- Querying Details of a Client Quota
- Querying Client Quotas
- Binding Client Applications to a Client Quota
- Unbinding Client Applications from a Client Quota
- Querying Client Applications Bound to a Client Quota
- Querying Client Applications Available for Being Bound to a Client Quota
- Application Authorization Management
-
Custom Backend Management
- Creating a Backend API
- Modifying a Backend API
- Deleting a Backend API
- Querying Details of a Backend API
- Querying Backend APIs
- Creating a Backend API Script
- Testing a Backend API
- Querying the Backend API Test Result
- Deploying a Backend API
- Querying the Deployment History of a Backend API
- Canceling Deployment of a Backend API
- Verifying the Definition of a Custom Backend API
- Querying the Quota of a Custom Backend Service
- Querying Data Sources of a Custom Backend Service
- Custom Authorizer Management
- Querying Metrics
- Instance Feature Management
- Tag Management
- Configuration Management
- Application Configuration Management
- VPC Channel Management - Project-Level
-
SSL Certificate Management
- Obtaining SSL Certificates
- Create an SSL certificate.
- Binding a Domain Name to an SSL Certificate
- Unbinding a Domain Name from an SSL Certificate
- Viewing Certificate Details
- Deleting an SSL Certificate
- Modifying an SSL certificate
- Binding an SSL Certificate with a Domain Name
- Unbinding an SSL Certificate from a Domain Name
- Obtaining Domain Names Bound to an SSL Certificate
-
Plug-in Management
- Creating a Plug-in
- Modifying a Plug-in
- Deleting a Plug-in
- Querying a Plug-in
- Querying Plug-in Details
- Binding a Plug-in to an API
- Binding a Plug-in to an API
- Unbinding a Plug-in from an API
- Unbinding a Plug-in from an API
- Querying APIs Bound with a Plug-in
- Querying Plug-ins bound to an API
- Querying APIs that Can Be Bound to a Plug-in
- Querying Plug-ins that Can Be Bound to the Current API
- Message Integration APIs
-
Device Integration APIs
- Device Group Management
-
Device Management
- Creating a Device
- Querying Devices
- Bringing Devices Offline in Batches
- Deleting a Device
- Querying Device Details
- Modifying a Device
- Querying Device Topics
- Adding a Subdevice to the Gateway
- Querying Subdevices
- Querying a Device Shadow
- Resetting Device Authentication Information
- Querying Device Authentication Information
- Sending Commands
- Subscription Management
- Product Template Management
-
Product Management
- Creating a Product
- Querying Products
- Querying the Number of Devices in a Product
- Deleting a Product
- Querying Product Details
- Modifying Product Information
- Adding a Product Topic
- Querying Product Topics
- Deleting a Product Topic
- Modifying a Product Topic
- Resetting Product Authentication Information
- Querying Product Authentication Information
- Importing Products
- Exporting Products
- Rule Engine
-
Service Management
- Creating a Service
- Querying Services
- Deleting a Service
- Querying Service Details
- Modifying a Service
- Creating an Attribute
- Querying Attributes
- Creating a Command
- Querying Commands
- Deleting a Command
- Querying Command Details
- Modifying a Command
- Creating a Request Attribute
- Querying Request Attributes
- Deleting a Request Attribute
- Modifying a Request Attribute
- Creating a Response Attribute
- Querying Response Attributes
- Deleting a Response Attribute
- Querying Response Attributes
- Modifying a Response Attribute
- Example Applications
- Permissions Policies and Supported Actions
- Appendix
-
Out-of-Date APIs
-
APIC APIs (V1)
- API Group Management (V1)
- API Management (V1)
-
Custom Backend Management (V1)
- Querying Backend APIs
- Creating a Backend API
- Querying Details of a Backend API
- Modifying a Backend API
- Deleting a Backend API
- Querying the Backend API Test Result
- Querying the Deployment History of a Backend API
- Deploying a Backend API
- Testing a Backend API
- Canceling Deployment of a Backend API
- Creating a Backend API Script
- Application Authorization Management (V1)
- Custom Authorizer Management (V1)
- Device Integration APIs (V1)
-
APIC APIs (V1)
- Change History
- SDK Reference
-
FAQs
- Instance Management
-
Data Integration
-
Common Data Integration Tasks
- Which Types of Data Are Supported by FDI Databases?
- What Is a Trace Number? Can Data Be Traced by Using a Trace Number?
- Can I Clear the Destination Tables of an FDI Task?
- Can a Task Collect Data from One Table to Another Table?
- Is the FDI Task Created by One User Visible to Another User Under the Same Account?
- How Do I Configure FDI to Connect to MRS Hive of Other Tenants Through a Public Network?
- Will Collected Data Be Updated After a File Is Parsed from OBS to the RDS Database?
- Why Are the Column Values Incorrect When the CSV File on the Source OBS Is Parsed to the Relational Database?
- Can Data Be Integrated into the Destination When the Data Types of Source and Destination Fields of MRS Hive Do Not Match?
- Is the Mapping Between MRS Hive or MRS HBase and MongoDB Case-sensitive When It Is Manually Entered?
- Does MRS Hive Support Partitioning?
- How Do I Set the Custom Period for the API Data Source at the Source?
- Does SAP Support Reading Views by Page?
- Composite Data Integration Tasks
-
Common Data Integration Tasks
-
Service Integration
- Does APIC Support Multiple Backend Endpoints?
- How Do I Perform App Authentication in iOS System?
- How Can I Ensure the Security of Backend Services Invoked by APIC?
- Do I Need to Publish an API Again After Modification?
- What Can I Do If an API Published in a Non-RELEASE Environment Is Inaccessible?
- Can I Invoke Different Backend Services by Publishing an API in Different Environments?
- Can Applications Deployed in a VPC Call APIs?
- What Is the Maximum Size of an API Request Packet?
- Can I Modify a Deployed Custom Backend?
- How Does APIC Throttle Requests?
- What Are the Causes of an API Calling Failure?
- Message Integration
- Device Integration
-
Troubleshooting
-
Common Data Integration Tasks
- Garbled Characters Are Displayed When Data Is Written to MRS Hive at the Destination
- All Data Is Written to the First Field of MRS Hive
- An Error Message Is Displayed at the Destination Indicating Task Execution Times Out
- Error Message "could only be written to 0 of the 1 minReplication nodes. There are 2 datanode(s) running and 2 node(s) are excluded in this operation" Is Reported at the Destination During Data Integration from MySQL to MRS Hive
- Error Message "Illegal mix of collations for operation 'UNION'" Is Displayed at the Source Database During MySQL-to-MySQL Data Integration
- Data May Be Lost When Incremental Data Collection Is Performed from the Source MySQL on an Hourly Basis
- Error Message "401 unauthorized" Is Displayed at the Source During API-to-MySQL Data Integration
- Error Message "cannot find record mapping field" Is Displayed at the Destination During Kafka-to-MySQL Data Integration
- Error Message "connect timeout" Is Displayed at the Source During Scheduled API-to-MySQL Data Integration
- FDI Fails to Obtain Data During Real-Time Kafka-to-MySQL Data Integration Although Data Exists in MQS Topics
- Value of the Source Field of the tinyint(1) Type Is Changed from 2 to 1 at the Destination During Scheduled MySQL-to-MySQL Data Integration
- "The task executes failed.Writer data to kafka failed" Is Reported When the Kafka Destination Is Used over the Public Network
-
Composite Data Integration Tasks
- Data Fails to Be Written Because the RowId Field Type Is Incorrectly Configured in the Destination Table
- Error Message "binlog probably contains events generated with statement or mixed based replication forma" Is Displayed When the Binlog of the MySQL Database Is Read
- Data Still Fails to Be Written After an FDI Task Failure Is Rectified
- Camel Fails to Access the Database Because Table Names Contain Garbled Characters
- Inserted Data Violates the Non-null Constraint
- FDI Task Fails to Be Executed Because DWS Changes to the Read-only State
- Data Write to DWS Becomes Slower
- Data Sources
-
Service Integration
- Backend Service Fails to Be Invoked
- Error Message "No backend available" Is Displayed When an API Is Called
- Error Message "The API does not exist or has not been published in an environment" Is Displayed When an API Is Called Using JavaScript
- Common Errors Related to IAM Authentication Information
- A Message Is Displayed Indicating that the Certificate Chain Is Incomplete When You Add a Certificate
- Device Integration
-
Common Data Integration Tasks
- Videos
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- Getting Started
- Instances
- Integration Application Management
- Data Integration Guide
- Service Integration Guide
- Message Integration Guide
- Device Integration Guide
-
Data Source Management
- Data Sources Supported by ROMA Connect
- Connecting to an API Data Source
- Connecting to an ActiveMQ Data Source
- Connecting to an ArtemisMQ Data Source
- Connecting to a DB2 Data Source
- Connecting to a DIS Data Source
- Connecting to a DWS Data Source
- Connecting to a GaussDB 100 Data Source
- Connecting to a GaussDB 200 Data Source
- Connecting to an FTP Data Source
- Connecting to an FI HDFS Data Source
- Connecting to an FI Hive Data Source
- Connecting to an FI Kafka Data Source
- Connecting to an HL7 Data Source
- Connecting to a HANA Data Source
- Connecting to a HIVE Data Source
- Connecting to an LDAP Data Source
- Connecting to an IBM MQ Data Source
- Connecting to a Kafka Data Source
- Connecting to a MySQL Data Source
- Connecting to a MongoDB Data Source
- Connecting to an MRS Hive Data Source
- Connecting to an MRS HDFS Data Source
- Connecting to an MRS HBase Data Source
- Connecting to an MRS Kafka Data Source
- Connecting to an OBS Data Source
- Connecting to an Oracle Data Source
- Connecting to a PostgreSQL Data Source
- Connecting to a Redis Data Source
- Connecting to a RabbitMQ Data Source
- Connecting to an SAP Data Source
- Connecting to an SNMP Data Source
- Connecting to a SQL Server Data Source
- Connecting to a TaurusDB Data Source
- Connecting to a WebSocket Data Source
- Connecting to a Custom Data Source
- Asset Management
-
FAQs
- Common Operations
-
Data Integration Tasks
- Which Types of Data Are Supported by FDI Databases?
- What Is a Trace Number? Can Data Be Traced by Using a Trace Number?
- Does an FDI Task Support Clearance of a Destination Table?
- Can a Task Collect Data from One Table to Another Table?
- Is the FDI Task Created by One User Visible to Another User Under the Same Account?
- How Do I Configure FDI to Connect to MRS Hive of Other Tenants Through a Public Network?
- Will Collected Data Be Updated After a File Is Parsed from OBS to the RDS Database?
- Why Are the Column Values Incorrect When the CSV File on the Source OBS Is Parsed to the Relational Database?
- Can Data Be Integrated into the Destination When the Data Types of Source and Destination Fields of MRS Hive Do Not Match?
- Is the Mapping Between MRS Hive or MRS HBase and MongoDB Case-sensitive When It Is Manually Entered?
- Does MRS Hive Support Partitioning?
- How Can I Configure the Time for Triggering a Scheduled Task of FDI?
- How Do I Set the Custom Period for the API Data Source at the Source?
- Composite Data Integration Tasks
-
Service Integration
- Which Languages Does APIC Support for SDKs?
- Does APIC Support Multiple Backend Endpoints?
- Which Error Codes Will Be Displayed When I Use APIC?
- How Can I Ensure the Security of Backend Services Invoked by APIC?
- Do I Need to Publish an API Again After Modification?
- What Can I Do If an API Published in a Non-RELEASE Environment Is Inaccessible?
- Can I Invoke Different Backend Services by Publishing an API in Different Environments?
- What Is the Maximum Size of an API Request Package?
- Can I Modify an API After It Is Deployed on the Custom Backend?
- How Does APIC Throttle Requests?
- What Are the Causes of an API Calling Failure?
- Can I Call an API If the API Is Not Bound to an EIP?
- Which Data Sources Does APIC Support?
- Message Integration
- Device Integration
-
Troubleshooting
-
Common Data Integration Tasks
- Garbled Characters Are Displayed When Data Is Written to MRS Hive at the Destination
- All Data Is Written to the First Field of MRS Hive
- An Error Message Is Displayed at the Destination Indicating Task Execution Times Out
- Error Message "could only be written to 0 of the 1 minReplication nodes. There are 2 datanode(s) running and 2 node(s) are excluded in this operation" Is Reported at the Destination During Data Integration from MySQL to MRS Hive
- Error Message "Illegal mix of collations for operation 'UNION'" Is Displayed at the Source Database During MySQL-to-MySQL Data Integration
- Data May Be Lost When Incremental Data Collection Is Performed from the Source MySQL on an Hourly Basis
- Error Message "401 unauthorized" Is Displayed at the Source During API-to-MySQL Data Integration
- Error Message "cannot find record mapping field" Is Displayed at the Destination During Kafka-to-MySQL Data Integration
- Error Message "connect timeout" Is Displayed at the Source During Scheduled API-to-MySQL Data Integration
- FDI Fails to Obtain Data During Real-Time Kafka-to-MySQL Data Integration Although Data Exists in MQS Topics
- Value of the Source Field of the tinyint(1) Type Is Changed from 2 to 1 at the Destination During Scheduled MySQL-to-MySQL Data Integration
-
Composite Data Integration Tasks
- Data Fails to Be Written Because the RowId Field Type Is Incorrectly Configured in the Destination Table
- Error Message "binlog probably contains events generated with statement or mixed based replication forma" Is Displayed When the Binlog of the MySQL Database Is Read
- Data Still Fails to Be Written After an FDI Task Failure Is Rectified
- Camel Fails to Access the Database Because Table Names Contain Garbled Characters
- Inserted Data Violates the Non-null Constraint
- FDI Task Fails to Be Executed Because DWS Changes to the read-only State
- Speed of Writing Data to DWS Becomes Slower
- Data Sources
- Service Integration
- Device Integration
-
Common Data Integration Tasks
-
Developer Guide (ME-Abu Dhabi Region)
-
Developer Guide for Service Integration
- How Do I Choose an Authentication Mode
- Using App Authentication to Call APIs
- Using IAM Authentication to Call APIs
- Signing Backend Services
-
Developing Function APIs
- Function API Script Compilation Guide
- APIConnectResponse
- Base64Utils
- CacheUtils
- CipherUtils
- ConnectionConfig
- DataSourceClient
- DataSourceConfig
- ExchangeConfig
- HttpClient
- HttpConfig
- JedisConfig
- JSON2XMLHelper
- JSONHelper
- JsonUtils
- JWTUtils
- KafkaConsumer
- KafkaProducer
- KafkaConfig
- MD5Encoder
- Md5Utils
- ObjectUtils
- QueueConfig
- RabbitMqConfig
- RabbitMqProducer
- RedisClient
- RomaWebConfig
- RSAUtils
- SapRfcClient
- SapRfcConfig
- SoapClient
- SoapConfig
- StringUtils
- TextUtils
- XmlUtils
- Developing Data API Statements
-
Developer Guide for Message Integration
- Overview and Network Environment Preparation
- Collecting Connection Information
-
Connecting to MQS in Client Mode
- Recommendations for Client Usage
- Setting Parameters for Clients
- Setting Up the Java Development Environment
- Configuring Kafka Clients in Java
- Configuring Kafka Clients in Python
- Configuring Kafka Clients in Other Languages
- Appendix: Methods for Improving the Message Processing Efficiency
- Appendix: Restrictions on Spring Kafka Interconnection
- Connecting to MQS Using RESTful APIs
-
Developer Guide for Device Integration
- Device Integration Development
-
MQTT Topic Specifications
- Before You Start
- Gateway Login
- Adding a Gateway Subdevice
- Response for Adding a Gateway Subdevice
- Updating the Gateway Subdevice Status
- Response for Updating the Gateway Subdevice Status
- Deleting a Gateway Subdevice
- Querying Gateway Information
- Response for Querying Gateway Information
- Delivering a Command to a Device
- Response for Delivering a Command to a Device
- Reporting Device Data
-
Developer Guide for Service Integration
-
API Reference (ME-Abu Dhabi Region)
- Before You Start
- Calling APIs
-
Public Resource APIs
-
Application Management
- Verifying the Existence of an Application
- Querying Applications
- Creating an Application
- Querying Application Details
- Updating an Application
- Deleting an Application
- Querying an Application Secret
- Resetting an Application Secret
- Querying Application Members
- Setting Application Members
- Querying Candidate Members
- Asset Management
- Dictionary Management
- Public Management
-
Application Management
-
APIC APIs
- Instance Management
- API Group Management
-
API Management
- Creating an API
- Modifying an API
- Deleting an API
- Publishing an API or Taking an API Offline
- Querying Details of an API
- Querying APIs
- Publishing APIs or Taking APIs Offline in Batches
- Debugging an API
- Switching API Versions
- Querying Details of an API Version
- Taking an API Version Offline
- Querying Historical Versions of an API
- Querying the Runtime Definition of an API
- Verifying the API Definition
- Environment Management
- Environment Variable Management
- Domain Name Management
- Request Throttling Policy Management
- Binding/Unbinding Request Throttling Policies
- Excluded Request Throttling Configuration
- Signature Key Management
- Binding/Unbinding Signature Keys
- Access Control Policy Management
- Binding/Unbinding Access Control Policies
- API Import and Export
- VPC Channel Management
-
Client Configuration
- Querying Apps
- Querying Details of an App
- Creating an AppCode
- Generating an AppCode
- Querying AppCodes of an App
- Querying Details of an AppCode
- Deleting an AppCode
- Querying Application Quotas Associated with an Application Quota
- Configuring Access Control for an App
- Querying Details About App Access Control
- Deleting Access Control for an App
-
Client Quota
- This API is used to create a client quota.
- Modifying a Client Quota
- Delete a Client Quota
- Querying Details of a Client Quota
- Querying Client Quotas
- Binding Client Applications to a Client Quota
- Unbinding Client Applications from a Client Quota
- Querying Client Applications Bound to a Client Quota
- Querying Client Applications Available for Being Bound to a Client Quota
- App Authorization Management
-
Custom Backend Management
- Creating a Backend API
- Modifying a Backend API
- Deleting a Backend API
- Querying Details of a Backend API
- Querying Backend APIs
- Creating a Backend API Script
- Testing a Backend API
- Querying the Backend API Test Result
- Deploying a Backend API
- Querying the Deployment History of a Backend API
- Canceling Deployment of a Backend API
- Verifying the Definition of a Custom Backend API
- Querying the Quota of a Custom Backend Service
- Querying Data Sources of a Custom Backend Service
- Custom Authorizer Management
- Monitoring Information Query
- Instance Feature Management
- Tag Management
- Configuration Management
- Application Configuration Management
- MQS APIs
-
Device Integration APIs
- Device Group Management
-
Device Management
- Creating a Device
- Querying Devices
- Bringing Devices Offline in Batches
- Deleting a Device
- Querying Device Details
- Modifying a Device
- Querying Device Topics
- Adding a Subdevice to the Gateway
- Querying Subdevices
- Querying a Device Shadow
- Resetting Device Authentication Information
- Querying Device Authentication Information
- Sending Commands
- Product Template Management
-
Product Management
- Creating a Product
- Querying Products
- Querying the Number of Devices in a Product
- Deleting a Product
- Querying Product Details
- Modifying Product Information
- Adding a Product Topic
- Querying Product Topics
- Deleting a Product Topic
- Modifying a Product Topic
- Resetting Product Authentication Information
- Querying Product Authentication Information
- Importing Products
- Exporting Products
- Rule Engine
-
Service Management
- Creating a Service
- Querying Services
- Deleting a Service
- Querying Service Details
- Modifying a Service
- Creating an Attribute
- Querying Attributes
- Creating a Command
- Querying Commands
- Deleting a Command
- Querying Command Details
- Modifying a Command
- Creating a Request Attribute
- Querying Request Attributes
- Deleting a Request Attribute
- Modifying a Request Attribute
- Creating a Response Attribute
- Querying Response Attributes
- Deleting a Response Attribute
- Querying Response Attributes
- Modifying a Response Attribute
- Appendix
-
User Guide (ME-Abu Dhabi Region)
- General Reference
On this page
Help Center/
ROMA Connect/
Developer Guide/
Developer Guide for Service Integration/
Developing API Calling Authentication (App)/
App Authentication Principles
Copied.
App Authentication Principles
Process
- Construct a standard request.
Assemble the request content according to the rules of APIC, ensuring that the client signature is consistent with that in the backend request.
- Create a to-be-signed string using the standard request and other related information.
- Calculate a signature using the AK/SK and to-be-signed string.
- Add the generated signature to an HTTP request as a header or query parameter.
- After receiving the request, APIC performs 1 to 3 to calculate a signature.
- The new signature is compared with the signature generated in 3. If they are consistent, the request is processed; otherwise, the request is rejected.
NOTE:
The body of a signing request in app authentication mode cannot exceed 12 MB.
Step 1: Construct a Standard Request
To access an API through app authentication, standardize the request content, and then sign the request. The client must follow the same request specifications as APIC so that each HTTP request can obtain the same signing result from the frontend and backend to complete identity authentication.
The pseudocode of standard HTTP requests is as follows:
CanonicalRequest =
HTTPRequestMethod + '\n' +
CanonicalURI + '\n' +
CanonicalQueryString + '\n' +
CanonicalHeaders + '\n' +
SignedHeaders + '\n' +
HexEncode(Hash(RequestPayload))The following example shows how to construct a standard request.
Original request:
GET https://30030113-3657-4fb6-a7ef-90764239b038.apigw.exampleRegion.com/app1?b=2&a=1 HTTP/1.1 Host: 30030113-3657-4fb6-a7ef-90764239b038.apigw.exampleRegion.com X-Sdk-Date: 20180330T123600Z
- Specify an HTTP request method (HTTPRequestMethod) and end with a carriage return line feed (CRLF).
Specify GET, PUT, POST, or another request method. Example of a request method:
GET
- Add a standard URI (CanonicalURI) and end with a CRLF.
Description
Path of the requested resource, which is the URI code of the absolute path.
Format
According to RFC 3986, each part of a standard URI except the redundant and relative paths must be URI-encoded. If a URI does not end with a slash (/), add a slash at its end.
Example
For the URI /app1, the standard URI code is as follows:
GET /app1/
NOTE:
During signature calculation, the URI must end with a slash (/). When a request is sent, the URI does not need to end with a slash (/).
- Add a standard query string (CanonicalQueryString) and end with a CRLF.
Description
Query parameters. If no query parameters are configured, the query string is an empty string.
Format
Standard query strings must meet the following requirements:
- Perform URI encoding on each parameter and value according to the following rules:
- Do not perform URI encoding on any non-reserved characters defined in RFC 3986, including A–Z, a–z, 0–9, hyphen (-), underscore (_), period (.), and tilde (~).
- Use %XY to perform percent encoding on all non-reserved characters. X and Y indicate hexadecimal characters (0–9 and A–F). For example, the space character must be encoded as %20, and an extended UTF-8 character must be encoded in the "%XY%ZA%BC" format.
- Add "URI-encoded parameter name=URI-encoded parameter value" to each parameter. If no value is specified, use a null string instead. The equal sign (=) is required.
For example, in the following string that contains two parameters, the value of parameter parm2 is null.
parm1=value1&parm2=
- Sort the parameters in alphabetically ascending order. For example, a parameter starting with uppercase letter F precedes another parameter starting with lowercase letter b.
- Construct standard query strings from the first parameter after sorting.
Example
The following example contains two optional parameters a and b.
GET /app1/ a=1&b=2
- Perform URI encoding on each parameter and value according to the following rules:
- Add standard headers (CanonicalHeaders) and end with a CRLF.
Description
List of standard request headers, including all HTTP message headers in the to-be-signed request. The X-Sdk-Date header must be included to verify the signing time, which is in the UTC time format YYYYMMDDTHHMMSSZ as specified in ISO 8601. When publishing an API in a non-RELEASE environment, you need to specify an environment name.
NOTICE:
The client must synchronize the local time with the clock server to avoid a large offset in the value of X-Sdk-Date in the request header.
In addition to verifying the time format of X-Sdk-Date, ROMA Connect also verifies the time difference between the time specified by X-Sdk-Date and the actual time when the request is received. If the time difference exceeds 15 minutes, ROMA Connect rejects the request.
Format
CanonicalHeaders consists of multiple message headers, for example, CanonicalHeadersEntry0 + CanonicalHeadersEntry1 + .... Each message header (CanonicalHeadersEntry) is in the format of Lowercase(HeaderName) + ':' + Trimall(HeaderValue) + '\n'.
NOTE:
- Lowercase: a function for converting all letters into lowercase letters.
- Trimall: a function for deleting the spaces before and after a value.
- The last message header carries a newline character. Therefore, an empty line appears because the CanonicalHeaders field also contains a newline character according to the specifications.
Example
GET /app1/ a=1&b=2 host:30030113-3657-4fb6-a7ef-90764239b038.apigw.exampleRegion.com x-sdk-date:20180330T123600Z
NOTICE:
Standard message headers must meet the following requirements:- All letters in a header are converted to lowercase letters, and all spaces before and after the header are deleted.
- All headers are sorted in alphabetically ascending order.
For example, the original headers are as follows:
Host:30030113-3657-4fb6-a7ef-90764239b038.apigw.exampleRegion.com\n Content-Type: application/json;charset=utf8\n My-header1: a b c \n X-Sdk-Date:20180330T123600Z\n My-Header2: "a b c" \n
A standard header is as follows:
content-type:application/json;charset=utf8\n host:30030113-3657-4fb6-a7ef-90764239b038.apigw.exampleRegion.com\n my-header1:a b c\n my-header2:"a b c"\n x-sdk-date:20180330T123600Z\n
- Add message headers (SignedHeaders) for request signing, and the headers end with a newline character.
Description
List of message headers used for request signing. This step is to determine which headers are used for signing the request and which headers can be ignored during request verification. The X-Sdk-date header must be included.
Format
SignedHeaders = Lowercase(HeaderName0) + ';' + Lowercase(HeaderName1) + ";" + ...
Letters in the message headers are converted to lowercase letters. All headers are sorted alphabetically and separated with commas.
Lowercase is a function for converting all letters into lowercase letters.
Example
In the following example, two message headers host and x-sdk-date are used for signing the request.
GET /app1/ a=1&b=2 host:30030113-3657-4fb6-a7ef-90764239b038.apigw.exampleRegion.com x-sdk-date:20180330T123600Z host;x-sdk-date
- Use a hash function, such as SHA-256, to create a hash value based on the body (RequestPayload) of the HTTP or HTTPS request.
Description
Request message body. The message body needs two layers of conversion: HexEncode(Hash(RequestPayload)). Hash is a function for generating message digest. Currently, SHA-256 is supported. HexEncode: the Base16 encoding function for returning a digest consisting of lowercase letters. For example, HexEncode("m") returns 6d instead of 6D. Each byte you enter is expressed as two hexadecimal characters.
NOTE:
If RequestPayload is null, the null value is used for calculating a hash value.
Example
For a request with the GET method and an empty body, the body (empty string) after hash processing is as follows:
GET /app1/ a=1&b=2 host:30030113-3657-4fb6-a7ef-90764239b038.apigw.exampleRegion.com x-sdk-date:20180330T123600Z host;x-sdk-date e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- Perform hash processing on the standard request in the same way as that on the RequestPayload. After hash processing, the standard request is expressed with lowercase hexadecimal strings.
Algorithm pseudocode: Lowercase(HexEncode(Hash.SHA256(CanonicalRequest)))
Example of the standard request after hash processing:
aa521bbe74d13cd8cf536c1a03a5dd85d1934179d33d47110b528eae8b7251e1
Step 2: Create a To-Be-Signed String
After a standard HTTP request is constructed and the request hash value is obtained, create a to-be-signed string by combining them with the signature algorithm and signing time.
StringToSign =
Algorithm + \n +
RequestDateTime + \n +
HashedCanonicalRequestParameters in the pseudocode are described as follows:
- Algorithm
Signature algorithm. For SHA256, the value is SDK-HMAC-SHA256.
- RequestDateTime
Request timestamp, which is the same as X-Sdk-Date in the request header. The format is YYYYMMDDTHHMMSSZ.
- HashedCanonicalRequest
Standard request generated after hash processing.
In this example, the following to-be-signed string is obtained:
SDK-HMAC-SHA256 20180330T123600Z aa521bbe74d13cd8cf536c1a03a5dd85d1934179d33d47110b528eae8b7251e1
Step 3: Calculate the Signature
Use the AppSecret and created character string as the input of the encryption hash function, and convert the calculated binary signature into a hexadecimal expression.
The pseudocode is as follows:
signature = HexEncode(HMAC(APP secret, string to sign))
HMAC indicates hash calculation, and HexEncode indicates hexadecimal conversion. Table 1 describes the parameters in the pseudocode.
|
Name |
Description |
|---|---|
|
APP secret |
Signature key. |
|
string to sign |
Character string to be signed. |
Assuming that the AppSecret is 12345678-1234-1234-1234-123456781234, a signature similar to the following will be calculated:
121c2501e8951ff7d5574423939b9acaa283e55a27c0107d767bb0d68b5ffcab
Step 4: Add the Signature to the Request Header
Add the signature to the HTTP Authorization header. The Authorization header is used for identity authentication and not included in the signed headers.
The pseudocode is as follows:
Pseudocode for Authorization header creation: Authorization: algorithm Access=APP key, SignedHeaders=SignedHeaders, Signature=signature
There is no comma before the algorithm and Access. SignedHeaders and Signature must be separated with commas.
The signed headers are as follows:
Authorization: SDK-HMAC-SHA256 Access=071fe245-9cf6-4d75-822d-c29945a1e06a, SignedHeaders=host;x-sdk-date, Signature=121c2501e8951ff7d5574423939b9acaa283e55a27c0107d767bb0d68b5ffcab
The signed headers are added to the HTTP request for identity authentication. If the identity authentication is successful, the request is sent to the corresponding backend service for processing.
Parent topic: Developing API Calling Authentication (App)
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
