Updated on 2022-12-05 GMT+08:00

Creating a Signature Key

Function

To ensure API security, tenants are advised to provide a protection mechanism for API access. That is, for APIs exposed by tenants, the request sources must be authenticated. Requests that do not meet the authentication requirements will be rejected.

The signature key is one of the API security protection mechanisms.

A tenant creates a signature key and binds it to an API. When requesting the API, ROMA Connect APIC uses the bound signature key to encrypt the request parameters and generate a signature. When a tenant's backend service receives a request, it verifies the signature. If the signature verification fails, the request is not sent by ROMA Connect APIC. In this case, the tenant can reject the request to ensure API security and prevent the API from being attacked by requests from unknown sources.

URI

POST /v2/{project_id}/apic/instances/{instance_id}/signs

Table 1 Path parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID. For details about how to obtain the project ID, see Appendix > Obtaining a Project ID in the ROMA Connect API Reference.

instance_id

Yes

String

Instance ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

name

Yes

String

Signature key name. The value can contain only letters, digits, and underscores(_) and must start with a letter.

NOTE:

Characters must be in UTF-8 or Unicode format.

Minimum: 3

Maximum: 64

sign_type

No

String

Signature key type.

  • hmac

  • basic

  • public_key

The basic key type requires the instance to be upgraded to the corresponding version. If the basic key configuration does not exist in the instance, contact technical support to upgrade the instance.

The public_key type can be used only when public_key is enabled for the instance. For details about the instance feature configuration, see Appendix > APIC Features Supported by ROMA Connect Instances in the API Reference. If the public_key configuration does not exist in the instance, contact technical support to enable public_key.

sign_key

No

String

Signature key.

  • hmac signature key: The value contains 8 to 32 characters, including letters, digits, underscores (_), and hyphens (-). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified.

  • basic signature key: The value contains 4 to 32 characters, including letters, digits, underscores (_), and hyphens (-). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified.

  • public_key signature key: The value contains 8 to 512 characters, including letters, digits, underscores (_), hyphens (-), plus signs (+), slashes (/), and equal signs (=). The value must start with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified.

sign_secret

No

String

Signature secret.

  • hmac signature secret: The value contains 16 to 64 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%). The value must start with a letter or digit. A secret is automatically generated by the backend if no secret is specified.

  • basic signature secret: The value contains 8 to 64 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%). The value must start with a letter or digit. A secret is automatically generated by the backend if no secret is specified.

  • public_key signature secret: The value contains 15 to 2048 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must with a letter, digit, plus sign (+), or slash (/). A secret is automatically generated by the backend if no secret is specified.

Response Parameters

Status code: 201

Table 4 Response body parameters

Parameter

Type

Description

name

String

Signature key name. The value can contain only letters, digits, and underscores(_) and must start with a letter.

NOTE:

Characters must be in UTF-8 or Unicode format.

Minimum: 3

Maximum: 64

sign_type

String

Signature key type.

  • hmac

  • basic

  • public_key

The basic key type requires the instance to be upgraded to the corresponding version. If the basic key configuration does not exist in the instance, contact technical support to upgrade the instance.

The public_key type can be used only when public_key is enabled for the instance. For details about the instance feature configuration, see Appendix > APIC Features Supported by ROMA Connect Instances in the API Reference. If the public_key configuration does not exist in the instance, contact technical support to enable public_key.

sign_key

String

Signature key.

  • hmac signature key: The value contains 8 to 32 characters, including letters, digits, underscores (_), and hyphens (-). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified.

  • basic signature key: The value contains 4 to 32 characters, including letters, digits, underscores (_), and hyphens (-). The value must start with a letter or digit. A key is automatically generated by the backend if no key is specified.

  • public_key signature key: The value contains 8 to 512 characters, including letters, digits, underscores (_), hyphens (-), plus signs (+), slashes (/), and equal signs (=). The value must start with a letter, digit, plus sign (+), or slash (/). A key is automatically generated by the backend if no key is specified.

sign_secret

String

Signature secret.

  • hmac signature secret: The value contains 16 to 64 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%). The value must start with a letter or digit. A secret is automatically generated by the backend if no secret is specified.

  • basic signature secret: The value contains 8 to 64 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%). The value must start with a letter or digit. A secret is automatically generated by the backend if no secret is specified.

  • public_key signature secret: The value contains 15 to 2048 characters, including letters, digits, underscores (_), hyphens (-), exclamation marks (!), at signs (@), number signs (#), dollar signs ($), percent signs (%), plus signs (+), slashes (/), and equal signs (=). The value must with a letter, digit, plus sign (+), or slash (/). A secret is automatically generated by the backend if no secret is specified.

update_time

String

Update time.

create_time

String

Creation time.

id

String

Signature key ID.

Status code: 400

Table 5 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 401

Table 6 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 403

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 404

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 500

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Example Requests

{
  "name" : "signature_demo",
  "sign_key" : "signkeysignkey",
  "sign_secret" : "signsecretsignsecretsignsecretsignsecret"
}

Example Responses

Status code: 201

Created

{
  "sign_secret" : "signsecretsignsecretsignsecretsignsecret",
  "update_time" : "2020-08-03T03:39:38.119032888Z",
  "create_time" : "2020-08-03T03:39:38.119032659Z",
  "name" : "signature_demo",
  "id" : "0b0e8f456b8742218af75f945307173c",
  "sign_key" : "signkeysignkey",
  "sign_type" : "hmac"
}

Status code: 400

Bad Request

{
  "error_code" : "APIG.2011",
  "error_msg" : "Invalid parameter value,parameterName:name. Please refer to the support documentation"
}

Status code: 401

Unauthorized

{
  "error_code" : "APIG.1002",
  "error_msg" : "Incorrect token or token resolution failed"
}

Status code: 403

Forbidden

{
  "error_code" : "APIG.1005",
  "error_msg" : "No permissions to request this method"
}

Status code: 404

Not Found

{
  "error_code" : "APIG.3030",
  "error_msg" : "The instance does not exist;id:f0fa1789-3b76-433b-a787-9892951c620ec"
}

Status code: 500

Internal Server Error

{
  "error_code" : "APIG.9999",
  "error_msg" : "System error"
}

Status Codes

Status Code

Description

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

Error Codes

See Error Codes.