更新时间:2022-09-06 GMT+08:00

添加签名信息到请求头

在计算签名后,将它添加到AuthorizationHTTP消息Authorization消息头未包含在已签名消息头中,主要用于身份验证。

伪代码如下:

Authorization header创建伪码:
Authorization: algorithm Access=Access key, SignedHeaders=SignedHeaders, Signature=signature

需要注意的是算法与Access之前有空格但没有逗号,但是SignedHeaders与Signature之前需要使用逗号隔开。

得到的签名消息为:

SDK-HMAC-SHA256 Access=QTWAOYTTINDUT2QVKYUC, SignedHeaders=content-type;host;x-sdk-date, Signature=7be6668032f70418fcc22abc52071e57aff61b84a1d2381bb430d6870f4f6ebe

得到签名消息头后,将其增加到原始HTTP请求内容中,请求将被发送给云服务API网关,由API网关完成身份认证。身份认证通过后,该请求才会发送给具体的云服务进行业务处理。

包含签名信息的完整请求如下:

GET /v1/77b6a44cba5143ab91d13ab9a8ff44fd/vpcs?limit=2&; marker=13551d6b-755d-4757-b956-536f674975c0 HTTP/1.1
Host: service.region.example.com
Content-Type: application/json
x-sdk-date: 20191115T033655Z
Authorization: SDK-HMAC-SHA256 Access=QTWAOYTTINDUT2QVKYUC, SignedHeaders=content-type;host;x-sdk-date, Signature=7be6668032f70418fcc22abc52071e57aff61b84a1d2381bb430d6870f4f6ebe

Curl方式样例如下:

curl -X GET "https://service.region.example.com/v1/77b6a44cba5143ab91d13ab9a8ff44fd/vpcs?limit=2&marker=13551d6b-755d-4757-b956-536f674975c0" -H "content-type: application/json" -H "X-Sdk-Date: 20191115T033655Z" -H "host: service.region.example.com" -H "Authorization: SDK-HMAC-SHA256 Access=QTWAOYTTINDUT2QVKYUC, SignedHeaders=content-type;host;x-sdk-date, Signature=7be6668032f70418fcc22abc52071e57aff61b84a1d2381bb430d6870f4f6ebe" -d $''