Adding an AppCode for Simple Authentication

Scenario

AppCodes are identity credentials of an app used to call APIs in simple authentication mode. In this mode, the X-Apig-AppCode parameter (whose value is an AppCode on the app details page) is added to the HTTP request header for quick response. API Gateway verifies only the AppCode and the request content does not need to be signed.

When an API is called using app authentication and simple authentication is enabled for the API, AppKey and AppSecret can be used to sign and verify the API request. AppCode can also be used for simple authentication.

For security purposes, simple authentication only supports API calls over HTTPS.
You can create a maximum of five AppCodes for each app.

Prerequisites

You have created an app.

Generating an AppCode

Log in to the management console.
Click in the upper left corner and choose API Gateway.
In the navigation pane, choose API Calling > Apps.
Click the name of the target app.
Click the AppCodes tab.
Click Add AppCode to generate an AppCode. It can be automatically generated or customized.

Using AppCode for Simple Authentication of API Requests

When creating an API, set Security Authentication to App and enable Simple Authentication.

After you enable simple authentication for an existing API, you need to publish the API again to make the configuration take effect.
Bind an app to the API.
When sending a request, add the X-Apig-AppCode parameter to the request header and omit the request signature.
For example, when using curl, add the X-Apig-AppCode parameter to the request header and set the parameter value to the generated AppCode.
```
curl -X GET "https://api.exampledemo.com/testapi" -H "content-type: application/json"  -H "host: api.exampledemo.com" -H "X-Apig-AppCode: xhrJVJKABSOxc7d***********FZL4gSHEXkCMQC"
```