更新时间:2022-09-06 GMT+08:00
添加签名信息到请求头
在计算签名后,将它添加到Authorization的HTTP消息头。Authorization消息头未包含在已签名消息头中,主要用于身份验证。
伪代码如下:
Authorization header创建伪码: Authorization: algorithm Access=Access key, SignedHeaders=SignedHeaders, Signature=signature
需要注意的是算法与Access之前有空格但没有逗号,但是SignedHeaders与Signature之前需要使用逗号隔开。
得到的签名消息头为:
SDK-HMAC-SHA256 Access=QTWAOYTTINDUT2QVKYUC, SignedHeaders=content-type;host;x-sdk-date, Signature=7be6668032f70418fcc22abc52071e57aff61b84a1d2381bb430d6870f4f6ebe
得到签名消息头后,将其增加到原始HTTP请求内容中,请求将被发送给云服务API网关,由API网关完成身份认证。身份认证通过后,该请求才会发送给具体的云服务进行业务处理。
包含签名信息的完整请求如下:
GET /v1/77b6a44cba5143ab91d13ab9a8ff44fd/vpcs?limit=2&; marker=13551d6b-755d-4757-b956-536f674975c0 HTTP/1.1 Host: service.region.example.com Content-Type: application/json x-sdk-date: 20191115T033655Z Authorization: SDK-HMAC-SHA256 Access=QTWAOYTTINDUT2QVKYUC, SignedHeaders=content-type;host;x-sdk-date, Signature=7be6668032f70418fcc22abc52071e57aff61b84a1d2381bb430d6870f4f6ebe
Curl方式样例如下:
curl -X GET "https://service.region.example.com/v1/77b6a44cba5143ab91d13ab9a8ff44fd/vpcs?limit=2&marker=13551d6b-755d-4757-b956-536f674975c0" -H "content-type: application/json" -H "X-Sdk-Date: 20191115T033655Z" -H "host: service.region.example.com" -H "Authorization: SDK-HMAC-SHA256 Access=QTWAOYTTINDUT2QVKYUC, SignedHeaders=content-type;host;x-sdk-date, Signature=7be6668032f70418fcc22abc52071e57aff61b84a1d2381bb430d6870f4f6ebe" -d $''
父主题: AK/SK签名认证算法详解