Updated on 2023-12-22 GMT+08:00

Authenticating an App ID

Description

This API is used to authenticate an app ID. After the authentication is successful, an access token is generated. For details about app ID authentication, see Introduction to App ID Authentication.

  • When clientType is set to 72, up to 64 tokens can be created for each user ID. If 64 tokens have been created using a user ID and the tokens are valid, creating a new token using the same user ID will invalidate the earliest token among the first 64 tokens.
  • When clientType is not set to 72, only one token can be created for each user ID.
  • A token is valid for 12 to 24 hours.

Debugging

You can debug this API in API Explorer.

Prototype

Table 1 Prototype

Request Method

POST

Request Address

/v2/usg/acs/auth/appauth

Transport Protocol

HTTPS

Request Parameters

Table 2 Parameters

Parameter

Mandatory

Type

Location

Description

Authorization

Yes

String

Header

Application authentication information.

  • Rule: HMAC-SHA256 signature=HexEncode(HMAC256((appId + ":" + userId + ":" + expireTime + ":" + nonce), appKey))
  • Example: HMAC-SHA256 signature=07f31aa9eafb06652c6899248b145c1a3264242e2ccf4c81b1b6eb99bb5c
NOTE:

If userId is carried, the request body must carry the same userId.

Content-Type

Yes

String

Header

Media format of the body.

  • Example: application/json; charset=UTF-8

X-Request-ID

No

String

Header

Request ID, which is used for fault tracing and locating. You are advised to use a universally unique identifier (UUID). If this parameter is not carried, a request ID is automatically generated.

Accept-Language

No

String

Header

Language. Values: zh-CN for Chinese (default) and en-US for English.

appId

Yes

String

Body

App ID. For details about how to obtain an app ID, see Requesting an App ID.

clientType

Yes

Integer

Body

Type of the account used for login.

  • 72: API calling.

corpId

No

String

Body

Enterprise ID.

NOTE:
  • When this parameter is carried in the SP application scenarios, if the corpId and userId parameters are not carried or are null, the system regards that the SP administrator logs in to the system by default.
  • This parameter is mandatory only in SP mode. Do not set this parameter in single-enterprise mode. Otherwise, the authentication will fail.

expireTime

Yes

Long

Body

Timestamp when the application authentication information expires, in seconds.

NOTE:
  • (If the UNIX timestamp of the server is greater than expireTime when the app ID authentication request is received, the authentication fails.)
  • Example: If the app ID authentication information is required to expire in 10 minutes, expireTime = Current Unix timestamp + 60 x 10.
  • If the app authentication information is required not to expire, set expireTime to 0.

nonce

Yes

String

Body

Random character string, which is used to calculate application authentication information.

minLength: 32

maxLength: 64

userEmail

No

String

Body

Email address.

userId

No

String

Body

Third-party user ID.

NOTE:

If the userId field is not carried or is empty, the user logs in as the default enterprise administrator.

userName

No

String

Body

Username.

userPhone

No

String

Body

Mobile number, for example, a mobile number in Chinese Mainland +86xxxxxxx.

deptCode

No

String

Body

Department code. Obtain the value by calling the API for querying a department and its level-1 subdepartments.

Status Codes

Table 3 Status codes

HTTP Status Code

Description

200

Operation successful.

400

Invalid parameters.

401

Access denied.

403

Insufficient permissions.

412

The account has been disabled.

423

The account has been locked.

500

Server exception.

Response Parameters

Table 4 Response parameters

Parameter

Type

Description

accessToken

String

Access token.

clientType

Integer

Type of the account used for login.

  • 72: API calling.

createTime

Long

Timestamp when the access token was created, in milliseconds.

daysPwdAvailable

Integer

Password validity period.

delayDelete

Boolean

Whether the token deletion is delayed.

expireTime

Long

Timestamp when the access token expires, in seconds.

firstLogin

Boolean

Whether the login is the first login.

NOTE:

If you log in to the system for the first time, the system prompts you to change the initial password.

Default value: false.

forceLoginInd

Integer

Whether preemptive login is enabled.

  • 0: disabled.
  • 1: enabled. (This value is not provided.)

proxyToken

ProxyTokenDTO object

Proxy authentication information.

pwdExpired

Boolean

Whether the password has expired.

Default value: false.

refreshCreateTime

Long

Timestamp when the refresh token was created, in milliseconds.

refreshExpireTime

Long

Timestamp when the refresh token expires, in seconds.

refreshToken

String

Refresh token.

refreshValidPeriod

Long

Validity period of the refresh token, in seconds.

tokenIp

String

IP address of the login user.

tokenType

Integer

Token type.

  • 0: user access token.
  • 1: meeting control token.
  • 2: one-off token.

user

UserInfo object

User authentication details.

validPeriod

Long

Validity period of an access token, in seconds.

Example Request

POST /v2/usg/acs/auth/appauth
Connection: keep-alive
Content-Type: application/json
X-Request-ID: 5162fa32dc7e47afafeee39a72a2eec3
Accept-Language: zh-CN
Host: api.meeting.huaweicloud.com
Authorization: HMAC-SHA256 signature=3eca3f0f1e90ed55de38388066d02f1b7a86571a8ce30823af1df7c4edd7e086
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_191)

{
    "appId": "fdb8e4699586458bbd10c834872dcc62",
    "clientType": 72,
    "expireTime": 1627722929,
    "nonce": "EycLQsHwxhzK9OW8UEKWNfH2I3CGR2nINuU1EBpQ1627722929",
    "userEmail": "testuser@mycorp.com",
    "userId": "testuser@mycorp.com",
    "userName": "testuser",
    "userPhone": "173****9092"
}

Example Response

HTTP/1.1 200 
 "X-Envoy-Upstream-Service-Time": "230",
 "Server": "api-gateway",
 "X-Request-Id": "085d1f96cd9ddd6f3c50d70a0b2eb239",
 "X-Content-Type-Options": "nosniff",
 "Connection": "keep-alive",
 "X-Download-Options": "noopen",
 "Pragma": "No-cache",
 "Date": "Sat, 31 Jul 2021 06:18:07 GMT",
 "X-Frame-Options": "SAMEORIGIN",
 "Strict-Transport-Security": "max-age=31536000; includeSubDomains",
 "Cache-Control": "no-cache",
 "X-Xss-Protection": "1; mode=block",
 "Content-Security-Policy": "connect-src 'self' *.huaweicloud.com ;style-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'self'; font-src 'self' data:;",
 "Expires": "Thu, 01 Jan 1970 00:00:00 GMT",
 "Content-Length": "1250",
 "Content-Type": "application/json"

{
    "accessToken":"cnr1316vcp2ceIkbfko3z13Y2J8UdioOw0ER4kTK",
    "tokenIp":"49.4.112.60",
    "validPeriod":56326,
    "expireTime":1627768613,
    "createTime":1627712287360,
    "user":{
        "realm":"huaweicloud.com",
        "userId":"53e2759d388e413abf6a56743a2694c5",
        "ucloginAccount":"Auto-53e2759d388e413abf6a56743a2694c5",
        "serviceAccount":"sip:+99111283523475338@huaweicloud.com",
        "numberHA1":"065eb94e5b090f70c77d4d1439f35b8e",
        "alias1":null,
        "companyId":"651543334",
        "spId":"8a8df0a174a1c6680174a26f578b0000",
        "companyDomain":null,
        "userType":2,
        "adminType":2,
        "name":"testuser@mycorp.com",
        "nameEn":"",
        "isBindPhone":null,
        "freeUser":false,
        "thirdAccount":"testuser@mycorp.com",
        "visionAccount":null,
        "headPictureUrl":null,
        "password":null,
        "status":0,
        "paidAccount":null,
        "paidPassword":null,
        "weLinkUser":false,
        "appId":"fdb8e4699586458bbd10c834872dcc62",
        "tr069Account":null,
        "corpType":5,
        "cloudUserId":"",
        "grayUser":true
    },
    "clientType":72,
    "forceLoginInd":null,
    "firstLogin":false,
    "pwdExpired":false,
    "daysPwdAvailable":-19678,
    "proxyToken":null,
    "tokenType":0,
    "refreshToken":"cnr13168neNyRDfomYEIci7zVjBBybZQG90fYdX2",
    "refreshValidPeriod":2592000,
    "refreshExpireTime":1630304287,
    "refreshCreateTime":1627712287360
}

Error Codes

If an error code starting with MMC or USG is returned when you use this API, rectify the fault by following the instructions provided in Huawei Cloud API Error Center.

Example cURL Command

curl -k -i -H 'content-type: application/json' -X POST  -H 'Content-Type: application/json,Accept-Language: zh-CN,Authorization: HMAC-SHA256 signature=198c3046dbdafa9d89ce917c5613c29fda855da2aa79f8f51f2871e88fdba91c' -d '{"appId": "d5e1785afbe44c2588b642446652489e","clientType": 72,"corpId": "807074304","expireTime": 1597824907000,"nonce": "EycLQsHwxhzK9OW8UEKWNfH2I3CGR2nINuU1EBpQ","userEmail": "alice@huawei.com","userId": "alice@ent01","userName": "alice","userPhone": "173****9092"}' 'https://api.meeting.huaweicloud.com/v2/usg/acs/auth/appauth'