Authentication
- Token authentication: Requests are authenticated using tokens.
- AK/SK authentication: Requests are encrypted using an AK/SK. AK/SK-based authentication is recommended because it is more secure than token-based authentication.
Token-based Authentication
The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.
A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to requests to get permissions for calling the API.
You can obtain a token by calling the Obtaining a User Token API. When you call the API, set auth.scope in the request body to project.
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", "password": "********", "domain": { "name": "domainname" } } } }, "scope": { "project": { "name": "xxxxxxxx" } } } }
After a token is obtained, the X-Auth-Token header field must be added to requests to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., X-Auth-Token: ABCDEFJ.... can be added to a request as follows:
1 2 3 |
POST https://{{endpoint}}/v3/auth/projects Content-Type: application/json X-Auth-Token: ABCDEFJ.... |
AK/SK-based Authentication
An AK/SK is used to verify the identity of a request sender. In AK/SK-based authentication, a signature needs to be obtained and then added to requests.
AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.
SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.
The following demo shows how to sign a request and use an HTTP client to send an HTTPS request.
Download the demo at https://github.com/api-gate-way/SdkDemo.
If you do not need the demo, obtain the API Gateway signing SDK:
Obtain it from the administrator.
Decompress the downloaded package to obtain a JAR file. Reference the extracted JAR file to the dependency path.
- Generate an AK/SK. If an AK/SK file has already been obtained, skip this step and locate the downloaded AK/SK file. Generally, the file name will be credentials.csv.
- Log in to the console.
- Point to the username and choose My Credentials from the drop-down list.
- In the navigation pane, choose Access Keys.
- Click Create Access Key.
- Click OK to download the AK/SK.
Anyone who possesses your access keys can decrypt your login information. Therefore, keep your access keys secure.
- Obtain and decompress the sample code.
- Import the sample project to Eclipse.
Figure 2 Selecting an existing project
Figure 3 Selecting the decompressed demo code
Figure 4 Structure of the demo project
- Sign the request.
The request signing method is integrated in the JAR files imported in 3. The request needs to be signed before it is sent. The signature will then be added as part of the HTTP header to the request.
The demo code is classified into three classes:
- AccessService: abstract class that integrates the GET, POST, PUT, and DELETE methods into the access method.
- Demo: execution entry used to simulate the sending of GET, POST, PUT, and DELETE requests.
- AccessServiceImpl: implements the access method, which includes the code required for API Gateway communication.
- Edit the main method in the Demo.java file and replace the bold text with actual values.
If you use other methods such as POST, PUT, and DELETE, see the corresponding comment.
Specify region, serviceName, AK/SK, and URL as the actual value. In this demo, the URLs for accessing VPC resources are used. Replace them with the required URLs.
To obtain the project ID in the URLs, see Obtaining a Project ID.
To obtain the endpoint, contact the enterprise administrator.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
//TODO: Replace region with the name of the region in which the service to be accessed is located. private static final String region = ""; //TODO: Replace vpc with the name of the service you want to access. For example, ecs, vpc, iam, and elb. private static final String serviceName = ""; public static void main(String[] args) throws UnsupportedEncodingException { //TODO: Replace the AK and SK with those obtained on the My Credentials page. String ak = "ZIRRKMTWP******1WKNKB"; String sk = "Us0mdMNHk******YrRCnW0ecfzl"; //TODO: To specify a project ID (multi-project scenarios), add the X-Project-Id header. //TODO: To access a global service, such as IAM, DNS, CDN, and TMS, add the X-Domain-Id header to specify an account ID. //TODO: To add a header, find "Add special headers" in the AccessServiceImple.java file. //TODO: Test the API String url = "https://{Endpoint}/v1/{project_id}/vpcs"; get(ak, sk, url); //TODO: When creating a VPC, replace {project_id} in postUrl with the actual value. //String postUrl = "https://serviceEndpoint/v1/{project_id}/cloudservers"; //String postbody ="{\"vpc\": {\"name\": \"vpc\",\"cidr\": \"192.168.0.0/16\"}}"; //post(ak, sk, postUrl, postbody); //TODO: When querying a VPC, replace {project_id} in url with the actual value. //String url = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}"; //get(ak, sk, url); //TODO: When updating a VPC, replace {project_id} and {vpc_id} in putUrl with the actual values. //String putUrl = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}"; //String putbody ="{\"vpc\":{\"name\": \"vpc1\",\"cidr\": \"192.168.0.0/16\"}}"; //put(ak, sk, putUrl, putbody); //TODO: When deleting a VPC, replace {project_id} and {vpc_id} in deleteUrl with the actual values. //String deleteUrl = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}"; //delete(ak, sk, deleteUrl); }
- Compile and run the code to make an API call.
In the Package Explorer area on the left, right-click Demo.java, choose Run As > Java Application from the shortcut menu to run the demo code.
You can view the API calling logs on the console.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot