Updated on 2026-01-08 GMT+08:00

Authentication

AK/SK-based authentication is used for calling APIs. Specifically, requests are encrypted using the access key ID (AK) and secret access key (SK) to provide higher security.

AK/SK Authentication

  • AK/SK authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token authentication is recommended.
  • An AK/SK pair can either be permanent or temporary. If it is temporary, the X-Security-Token field must be included in the request header. The value is the security token of the temporary AK/SK pair.
  • API Gateway checks the time format and compares the request time with the time when API Gateway received the request. If the time difference exceeds 15 minutes, API Gateway will reject the request. So, the local time on the client must be synchronized with the clock server to avoid a large offset in the value of X-Sdk-Date in the request header.

In AK/SK authentication, an AK/SK pair is used to sign requests and the signature is then added to the requests for authentication.

  • AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.
  • SK: secret access key, which is used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.

In AK/SK authentication, you can use an AK/SK pair to sign requests based on the signature algorithm or using the signing SDK. For details about how to sign requests and use the signing SDK, see API Request Signing Guide.

The signing SDK is only used for signing requests and is different from the SDKs provided by services.