tencent cloud

负载均衡

动态与公告
产品动态
产品公告
产品简介
产品概述
产品优势
使用场景
技术原理
产品对比
使用约束
Service Regions and Service Providers
购买指南
计费概述
计费项
CLB 资源包
购买方式
欠费说明
产品属性选择
快速入门
域名化负载均衡快速入门
负载均衡快速入门
IPv6 负载均衡快速入门
CentOS 下部署 Nginx
CentOS 下部署 Java Web
操作指南
负载均衡实例
负载均衡监听器
后端服务器
健康检查
证书管理
日志管理
监控告警
访问管理
传统型负载均衡
实践教程
部署证书到负载均衡(双向认证)
负载均衡开启 Gzip 配置及检测方法说明
HTTPS 转发配置入门指南
如何获取客户端真实 IP
负载均衡配置监控告警最佳实践
产品高可用说明
均衡算法选择与权重配置示例
配置 WAF 对负载均衡的监听域名进行 Web 安全防护
配置 IAP 对负载均衡的域名和路径的web访问进行身份验证
配置 IAP 对负载均衡的域名和路径的程序化访问进行身份验证
运维指南
客户端 timewait 过多解决方案
负载均衡HTTPS服务性能测试
压力测试常见问题
CLB 证书操作权限问题
故障处理
UDP 健康检查出现异常
API 文档
History
Introduction
API Category
Instance APIs
Listener APIs
Backend Service APIs
Target Group APIs
Redirection APIs
Other APIs
Classic CLB APIs
Load Balancing APIs
Making API Requests
Data Types
Error Codes
CLB API 2017
常见问题
计费相关
负载均衡配置相关
健康检查异常排查
HTTPS 相关
WS/WSS 协议支持相关
HTTP/2 协议支持相关
默认域名阻断提示
服务等级协议
联系我们
词汇表
文档负载均衡API 文档CLB API 2017Making API RequestsAPI Authentication

API Authentication

PDF
聚焦模式
字号
最后更新时间: 2024-12-19 10:54:08
TencentCloud API authenticates each access request using the signature algorithm (Signature), so each request is required to include Signature for user authentication.
Before using a TencentCloud API for the first time, you need to apply for security credentials in the Tencent Cloud Console. The security credential consists of SecretId and SecretKey. SecretId is used to identify the API requester, while SecretKey is used to encrypt the strings to create a signature so that Tencent Cloud server can validate the identity of the requester. Keep your SecretKey private and avoid disclosure. If you already have the security credential, skip to the “Generating a Signature String” section.

Applying for Security Credentials

Before using a TencentCloud API for the first time, you need to apply for security credentials.
1. Log in to the API Key Management console.
2. Click Create Key to create one SecretId/SecretKey pair. Each account can have at most two keys.

Generating a Signature String

Suppose that the SecretId and SecretKey obtained from the last step are:
SecretId: AKID****J5yKBZQpn74WFkmLPx3gnPhESA.
SecretKey: Gu5t****pq86cd98joQYCN3Cozk1qA.
To make a request for querying the list of CVM instances, the request parameters are:
Parameter
Parameter Format
Action
Action=DescribeInstances
SecretId
SecretId= AKID****J5yKBZQpn74WFkmLPx3gnPhESA
Current timestamp
Timestamp=1408704141
Random positive integer
Nonce=345122
Region
Region=gz
First CVM instance ID to query
instanceIds.0=qcvm12345
Second CVM instance to query
instanceIds.1=qcvm56789
To generate an API signature, do as follows:

Sorting parameters

Sort the request parameters in an ascending lexicographical order by their names (such as using the ksort function in PHP), and the result is as follows:
{
  'Action' : 'DescribeInstances',
  'Nonce' : 345122,
  'Region' : 'gz',
  'SecretId' : 'AKID****J5yKBZQpn74WFkmLPx3gnPhESA',
  'Timestamp' : 1408704141
  'instanceIds.0' : 'qcvm12345',
  'instanceIds.1' : 'qcvm56789',
}

Concatenating request strings

Format the above sorted request parameters as k=v, and then combine them with "&". Please note that v is the original value, instead of the URL-encoded value.
Action=DescribeInstances&Nonce=345122&Region=gz&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA&Timestamp=1408704141& instanceIds.0=qcvm12345&instanceIds.1=qcvm56789

Concatenating original signature strings

The following parameters are required for constructing original signature strings:
Request method: POST and GET methods are supported. The GET request method is used here.
Request CVM: cvm.api.qcloud.com. Domain names vary depending on the module to which the API belongs. For more information, see the descriptions of each API.
Request path: /v2/index.php.
Request string: the string generated in the previous 2 steps.
Construct an original signature string in the format of: Request method + request CVM + request path + ? + request string.
The resulting string in the example is:
GETcvm.api.qcloud.com/v2/index.php?Action=DescribeInstances&Nonce= 345122&Region=gz&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA&Timestamp=1408704141

Generating a signature string

1. Sign the original signature string obtained in the previous step using the HMAC-SHA1 algorithm.
2. Encode the generated signature using Base64 to obtain the final signature string.
The sample code in PHP is as follows:
$secretKey = 'Gu5t9xGARNpq86cd98joQYCN3Cozk1qA';
$srcStr = 'GETcvm.api.qcloud.com/v2/index.php?Action=DescribeInstances&Nonce=345122&Region=gz&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA&Timestamp=1408704141';
$signStr = base64_encode(hash_hmac('sha1', $srcStr, $secretKey, true));
echo $signStr;
The signature string obtained is as follows:
HgIY****5lN6gz8JsCFBNAWp2oQ=
You can use any other programming languages as long as the resulting signature is the same as the one in this example.

Adding a signature and sending requests

Add the Signature parameter, which is the signature string generated in the previous step, to the request parameter, and convert the signature to a URL-encoded one. The HgIY****5lN6gz8JsCFBNAWp2oQ= signature generated above is encoded to HgIY****5lN6gz8JsCFBNAWp2oQ%3D.
If you use the GET request method, all the request parameter values must be URL-encoded. If you use the POST request method, URL encoding is only needed for Signature parameter.
Send HTTPS protocol request to obtain the returned value of API in JSON string format.
The final request URL in the example is as follows:
https://cvm.api.qcloud.com/v2/index.php?Action=DescribeInstances
&Nonce=345122
&Region=gz
&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA
&Signature=HgIY****5lN6gz8JsCFBNAWp2oQ%3D
&Timestamp=1408704141
&instanceIds.0=qcvm12345
&instanceIds.1=qcvm56789
上一篇: Signature Algorithm下一篇: Successful Response

帮助和支持

本页内容是否解决了您的问题?

填写满意度调查问卷,共创更好文档体验。

文档反馈