Help Center/ FunctionGraph/ User Guide/ Managing Functions/ Transferring Secret Keys Through the Request Header
Updated on 2025-08-19 GMT+08:00

Transferring Secret Keys Through the Request Header

Common Request Headers of HTTP Functions

HTTP request headers are an important part of the HTTP protocol for passing metadata. When a function is invoked, specific metadata or configuration information can be passed. Table 1 describes the common request headers carried by functions by default.

Table 1 Default request header fields

Field

Description

X-CFF-Request-Id

ID of the current request.

X-CFF-Memory

Memory allocated to the function.

X-CFF-Timeout

Function timeout.

X-CFF-Func-Version

Function version.

X-CFF-Func-Name

Function name.

X-CFF-Project-Id

Project ID of the function.

X-CFF-Package

App to which the function belongs.

X-CFF-Region

Region where the function is located.

Transferring Secret Keys Through the Request Header

The key of an HTTP function can be transferred only through the request header. To obtain the AK, SK, and token of an HTTP function as shown in Table 2, perform the following steps.

  1. Log in to the FunctionGraph console and go to the details page of the HTTP function to be configured.
  2. Choose Configuration > Advanced Settings, enable Include Keys, and click Save.
    Figure 1 Transferring secret keys through the request header

Table 2 Transferring secret keys through the request header

Field

Description

X-CFF-Auth-Token

A token is an access credential issued to an IAM user to bear its identity and permissions.

X-CFF-Security-Access-Key

A temporary access key and SecurityToken are issued by the system to IAM users.

The temporary AK/SK and SecurityToken follow the principle of least privilege.

A temporary AK/SK and SecurityToken must be used together.

X-CFF-Security-Secret-Key

X-CFF-Security-Token