tencent cloud

Cloud Load Balancer

動向とお知らせ
製品アップデート情報
製品に関するお知らせ
製品の説明
製品概要
製品の優位性
ユースケース
技術原理
Product Comparison
使用上の制約
Service Regions and Service Providers
購入ガイド
課金概要
課金項目
購入方法
支払い延滞の説明
製品属性の選択
クイックスタート
ドメイン名型CLBクイックスタート
CLBクイックスタート
IPv6 CLBクイックスタート
CentOSにおけるNginxのデプロイ
CentOSにおけるJava Webのデプロイ
操作ガイド
CLBインスタンス
CLBリスナー
バックエンドサーバー
ヘルスチェック
証明書管理
ログ管理
監視アラート
Cloud Access Management
従来型CLB
プラクティスチュートリアル
証明書をCLBに配置(双方向認証)
CLBのGzip有効化設定およびチェック方法の説明
HTTPS転送設定スタートガイド
クライアントリアルIPの取得方法
ロードバランサーのモニタリングアラート設定のベストプラクティス
マルチアベイラビリティーゾーンの高可用性設定の説明
バランシングアルゴリズムの選択と重みの設定の例
CLBのリスニングドメイン名に対してWebセキュリティ保護を実行するようにWAFを設定する
メンテナンスガイド
クライアントのtimewaitが多すぎる場合の対処方法
CLBのHTTPSサービスパフォーマンステスト
ストレステストに関するよくあるご質問
CLB証明書の操作権限に関するご質問
障害処理
UDPヘルスチェックの異常
API リファレンス
History
Introduction
API Category
Instance APIs
Listener APIs
Backend Service APIs
Target Group APIs
Redirection APIs
Other APIs
Classic CLB APIs
Load Balancing APIs
Making API Requests
Data Types
Error Codes
CLB API 2017
よくあるご質問
課金関連
CLB設定関連
ヘルスチェック異常調査
HTTPS関連
WS/WSSプロトコルサポート関連
HTTP/2プロトコルサポート関連
連絡先
用語集
ドキュメントCloud Load BalancerAPI リファレンスCLB API 2017Making API RequestsAPI Authentication

API Authentication

PDF
フォーカスモード
フォントサイズ
最終更新日: 2024-12-19 10:54:08
TencentCloud API authenticates each access request using the signature algorithm (Signature), so each request is required to include Signature for user authentication.
Before using a TencentCloud API for the first time, you need to apply for security credentials in the Tencent Cloud Console. The security credential consists of SecretId and SecretKey. SecretId is used to identify the API requester, while SecretKey is used to encrypt the strings to create a signature so that Tencent Cloud server can validate the identity of the requester. Keep your SecretKey private and avoid disclosure. If you already have the security credential, skip to the “Generating a Signature String” section.

Applying for Security Credentials

Before using a TencentCloud API for the first time, you need to apply for security credentials.
1. Log in to the API Key Management console.
2. Click Create Key to create one SecretId/SecretKey pair. Each account can have at most two keys.

Generating a Signature String

Suppose that the SecretId and SecretKey obtained from the last step are:
SecretId: AKID****J5yKBZQpn74WFkmLPx3gnPhESA.
SecretKey: Gu5t****pq86cd98joQYCN3Cozk1qA.
To make a request for querying the list of CVM instances, the request parameters are:
Parameter
Parameter Format
Action
Action=DescribeInstances
SecretId
SecretId= AKID****J5yKBZQpn74WFkmLPx3gnPhESA
Current timestamp
Timestamp=1408704141
Random positive integer
Nonce=345122
Region
Region=gz
First CVM instance ID to query
instanceIds.0=qcvm12345
Second CVM instance to query
instanceIds.1=qcvm56789
To generate an API signature, do as follows:

Sorting parameters

Sort the request parameters in an ascending lexicographical order by their names (such as using the ksort function in PHP), and the result is as follows:
{
  'Action' : 'DescribeInstances',
  'Nonce' : 345122,
  'Region' : 'gz',
  'SecretId' : 'AKID****J5yKBZQpn74WFkmLPx3gnPhESA',
  'Timestamp' : 1408704141
  'instanceIds.0' : 'qcvm12345',
  'instanceIds.1' : 'qcvm56789',
}

Concatenating request strings

Format the above sorted request parameters as k=v, and then combine them with "&". Please note that v is the original value, instead of the URL-encoded value.
Action=DescribeInstances&Nonce=345122&Region=gz&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA&Timestamp=1408704141& instanceIds.0=qcvm12345&instanceIds.1=qcvm56789

Concatenating original signature strings

The following parameters are required for constructing original signature strings:
Request method: POST and GET methods are supported. The GET request method is used here.
Request CVM: cvm.api.qcloud.com. Domain names vary depending on the module to which the API belongs. For more information, see the descriptions of each API.
Request path: /v2/index.php.
Request string: the string generated in the previous 2 steps.
Construct an original signature string in the format of: Request method + request CVM + request path + ? + request string.
The resulting string in the example is:
GETcvm.api.qcloud.com/v2/index.php?Action=DescribeInstances&Nonce= 345122&Region=gz&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA&Timestamp=1408704141

Generating a signature string

1. Sign the original signature string obtained in the previous step using the HMAC-SHA1 algorithm.
2. Encode the generated signature using Base64 to obtain the final signature string.
The sample code in PHP is as follows:
$secretKey = 'Gu5t9xGARNpq86cd98joQYCN3Cozk1qA';
$srcStr = 'GETcvm.api.qcloud.com/v2/index.php?Action=DescribeInstances&Nonce=345122&Region=gz&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA&Timestamp=1408704141';
$signStr = base64_encode(hash_hmac('sha1', $srcStr, $secretKey, true));
echo $signStr;
The signature string obtained is as follows:
HgIY****5lN6gz8JsCFBNAWp2oQ=
You can use any other programming languages as long as the resulting signature is the same as the one in this example.

Adding a signature and sending requests

Add the Signature parameter, which is the signature string generated in the previous step, to the request parameter, and convert the signature to a URL-encoded one. The HgIY****5lN6gz8JsCFBNAWp2oQ= signature generated above is encoded to HgIY****5lN6gz8JsCFBNAWp2oQ%3D.
If you use the GET request method, all the request parameter values must be URL-encoded. If you use the POST request method, URL encoding is only needed for Signature parameter.
Send HTTPS protocol request to obtain the returned value of API in JSON string format.
The final request URL in the example is as follows:
https://cvm.api.qcloud.com/v2/index.php?Action=DescribeInstances
&Nonce=345122
&Region=gz
&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA
&Signature=HgIY****5lN6gz8JsCFBNAWp2oQ%3D
&Timestamp=1408704141
&instanceIds.0=qcvm12345
&instanceIds.1=qcvm56789
前の記事へ: Signature Algorithm次の記事へ: Successful Response

ヘルプとサポート

この記事はお役に立ちましたか?

フィードバック