vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/css/api-ref/css_03_0079.html
zhengxiu 6093788563 css api 20241120 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: zhengxiu <zhengxiu@huawei.com>
Co-committed-by: zhengxiu <zhengxiu@huawei.com>
2024-11-28 11:30:39 +00:00

117 lines
17 KiB
HTML
Raw Permalink Blame History

<a name="css_03_0079"></a><a name="css_03_0079"></a>
<h1 class="topictitle1">Authentication</h1>
<div id="body8662426"><p id="css_03_0079__p1418mcpsimp">You can use either of the following authentication methods when calling APIs:</p>
<ul id="css_03_0079__ul1419mcpsimp"><li id="css_03_0079__li1420mcpsimp">AK/SK-based authentication: Requests are encrypted using AK/SK pairs.</li><li id="css_03_0079__li1421mcpsimp">Token authentication: Requests are authenticated using a token.</li></ul>
<div class="section" id="css_03_0079__section147742048375"><h4 class="sectiontitle">AK/SK-based Authentication</h4><p id="css_03_0079__p1448mcpsimp">An AK/SK is used to verify the identity of a request sender. In AK/SK-based authentication, a signature needs to be obtained and then added to the request header.</p>
<div class="note" id="css_03_0079__note1449mcpsimp"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="css_03_0079__p1450mcpsimp">AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.</p>
<p id="css_03_0079__p1452mcpsimp">SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.</p>
</div></div>
<p id="css_03_0079__p1453mcpsimp">The following uses a demo project to show how to sign a request and use an HTTP client to send an HTTPS request.</p>
<p id="css_03_0079__p1454mcpsimp">Download the demo from <a href="https://github.com/api-gate-way/SdkDemo" target="_blank" rel="noopener noreferrer">https://github.com/api-gate-way/SdkDemo</a>.</p>
<p id="css_03_0079__p1456mcpsimp">If you do not need the demo project, directly download the API Gateway signing SDK at</p>
<p id="css_03_0079__p1460mcpsimp">Obtain the API Gateway signing SDK from the enterprise administrator.</p>
<p id="css_03_0079__p1462mcpsimp">Decompress the downloaded demo package to obtain a JAR file and reference the obtained JAR files as dependencies, as highlighted in the following figure.</p>
<p class="msonormal" id="css_03_0079__p1463mcpsimp"><span><img id="css_03_0079__image134" src="en-us_image_0000002119077517.png"></span></p>
<ol id="css_03_0079__ol1624mcpsimp"><li id="css_03_0079__p1464mcpsimp"><span>Generate an AK/SK pair. (If an AK/SK file has already been created, skip this step and locate the downloaded AK/SK file. Generally, the file name will be <strong id="css_03_0079__b187049555655919">credentials.csv</strong>.)</span><p><ol type="a" id="css_03_0079__ol1465mcpsimp"><li id="css_03_0079__li1466mcpsimp">Log in to the console.</li><li id="css_03_0079__li1467mcpsimp">Hover over the username and select <strong id="css_03_0079__b213664412255919">My Credentials</strong> from the drop-down list.</li><li id="css_03_0079__li1468mcpsimp">In the navigation pane, click <strong id="css_03_0079__b180577491955919">Access Keys</strong>.</li><li id="css_03_0079__li1469mcpsimp">Click <strong id="css_03_0079__b15834804255919">Create Access Key</strong>. The <strong id="css_03_0079__b70998722555919">Create Access Key</strong> dialog box is displayed.</li><li id="css_03_0079__li1470mcpsimp">Enter your login password.</li><li id="css_03_0079__li1471mcpsimp">Enter the verification code sent to your email or mobile phone.<div class="note" id="css_03_0079__note1472mcpsimp"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="css_03_0079__p1473mcpsimp">For users created in IAM, if no email address or phone number was specified during the user creation, only a login password is required.</p>
</div></div>
</li><li id="css_03_0079__li11748320111111">Click <strong id="css_03_0079__b91771129455919">OK</strong> to download the AK/SK.<div class="note" id="css_03_0079__note1476mcpsimp"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="css_03_0079__p1477mcpsimp">Anyone who possesses your access keys can decrypt your login information. Therefore, keep your access keys secure.</p>
</div></div>
</li></ol>
</p></li><li id="css_03_0079__li1479mcpsimp"><span>Decompress the demo project.</span></li><li id="css_03_0079__li19564155663214"><a name="css_03_0079__li19564155663214"></a><a name="li19564155663214"></a><span>Import the demo project to Eclipse.</span><p><div class="fignone" id="css_03_0079__fig1480mcpsimp"><span class="figcap"><b>Figure 1 </b>Selecting Existing Projects into Workspace</span><br><span><img id="css_03_0079__image135" src="en-us_image_0000002083397786.png"></span></div>
<div class="fignone" id="css_03_0079__fig1482mcpsimp"><span class="figcap"><b>Figure 2 </b>Selecting the demo project</span><br><span><img id="css_03_0079__image136" src="en-us_image_0000002119077481.png"></span></div>
<div class="fignone" id="css_03_0079__fig1484mcpsimp"><span class="figcap"><b>Figure 3 </b>Structure of the demo project</span><br><span><img id="css_03_0079__image137" src="en-us_image_0000002083557722.png"></span></div>
</p></li><li id="css_03_0079__li1486mcpsimp"><span>Sign a request.</span><p><p id="css_03_0079__p1487mcpsimp">The request signing method is integrated in the JAR files imported in <a href="#css_03_0079__li19564155663214">3</a>. The request needs to be signed before it is sent. The signature will then be added as part of the HTTP header to the request.</p>
<p id="css_03_0079__p1489mcpsimp">The demo code is classified into the following classes to demonstrate how to sign and send an HTTP request:</p>
<ul id="css_03_0079__ul1490mcpsimp"><li id="css_03_0079__li1491mcpsimp"><strong id="css_03_0079__b61457745555919">AccessService</strong>: abstract class that merges the GET, POST, PUT, and DELETE methods into the <strong id="css_03_0079__b80966780255919">access</strong> method.</li><li id="css_03_0079__li1492mcpsimp"><strong id="css_03_0079__b112820661355919">Demo</strong>: execution entry used to simulate the sending of GET, POST, PUT, and DELETE requests.</li><li id="css_03_0079__li1493mcpsimp"><strong id="css_03_0079__b211600611855919">AccessServiceImpl</strong>: implements the <strong id="css_03_0079__b108214802655919">access</strong> method, which contains the code required for communication with API Gateway.</li></ul>
<ol type="a" id="css_03_0079__ol1494mcpsimp"><li id="css_03_0079__li1495mcpsimp">(Optional) Add request header fields.<p id="css_03_0079__p1496mcpsimp"><a name="css_03_0079__li1495mcpsimp"></a><a name="li1495mcpsimp"></a><em id="css_03_0079__i1183218262388">Note: For some services, custom request headers, such as X-Project-Id and X-Domain-Id, may need to be added. To add them, modify the AccessServiceImpl.java file.</em></p>
<p id="css_03_0079__p1498mcpsimp">Uncomment the following code snippet in the <strong id="css_03_0079__b041075083216">AccessServiceImpl.java</strong> file, and replace the variables with the actual sub-project ID and account ID.</p>
<div class="p" id="css_03_0079__p1499mcpsimp">//<strong id="css_03_0079__b1500mcpsimp">TODO</strong>: Add special headers. <pre id="css_03_0079__br1501mcpsimp">//request.addHeader("X-Project-Id", "</pre>
<strong id="css_03_0079__b1502mcpsimp">xxxxx</strong>"); <pre id="css_03_0079__br1503mcpsimp">//request.addHeader("X-Domain-Id", "</pre>
<strong id="css_03_0079__b1504mcpsimp">xxxxx</strong>");</div>
</li><li id="css_03_0079__li1505mcpsimp">Edit the main() method in the <strong id="css_03_0079__b99365928255919">Demo.java</strong> file and replace the bold text with actual values.<p id="css_03_0079__p1506mcpsimp">If you use other methods such as POST, PUT, and DELETE, see the corresponding comment.</p>
<p id="css_03_0079__p1507mcpsimp">Replace <strong id="css_03_0079__b124259126655919">region</strong>, <strong id="css_03_0079__b146470297155919">serviceName</strong>, <strong id="css_03_0079__b155239203455919">AK/SK</strong>, and <strong id="css_03_0079__b104927064055919">URL</strong>. In the demo, the URL for obtaining the VPC is used. Replace it with the required URL. For details on how to obtain the project ID in the URL, see <a href="css_03_0071.html">Obtaining a Project ID and Name</a>. For details about the endpoint, see <a href="css_03_0001.html#css_03_0001__section889174472415">Endpoints</a>.</p>
<div class="p" id="css_03_0079__p1510mcpsimp">//<strong id="css_03_0079__b1511mcpsimp">TODO</strong>: Replace region with the name of the region in which the service to be accessed is located. <pre id="css_03_0079__br1512mcpsimp"></pre>
<strong id="css_03_0079__b1513mcpsimp">private</strong> <strong id="css_03_0079__b1514mcpsimp">static</strong> <strong id="css_03_0079__b1515mcpsimp">final</strong> String <strong id="css_03_0079__b1516mcpsimp"><em id="css_03_0079__i1517mcpsimp">region</em></strong> = ""; <pre id="css_03_0079__br1518mcpsimp"> </pre>
<pre id="css_03_0079__br1519mcpsimp">//</pre>
<strong id="css_03_0079__b1520mcpsimp">TODO</strong>: Replace <strong id="css_03_0079__b1521mcpsimp">vpc</strong> with the name of the service you want to access. For example, ecs, vpc, iam, and elb. <pre id="css_03_0079__br1522mcpsimp"></pre>
<strong id="css_03_0079__b1523mcpsimp">private</strong> <strong id="css_03_0079__b1524mcpsimp">static</strong> <strong id="css_03_0079__b1525mcpsimp">final</strong> String <strong id="css_03_0079__b1526mcpsimp"><em id="css_03_0079__i1527mcpsimp">serviceName</em></strong> = ""; <pre id="css_03_0079__br1528mcpsimp"> </pre>
<pre id="css_03_0079__br1529mcpsimp"></pre>
<strong id="css_03_0079__b1530mcpsimp">public</strong> <strong id="css_03_0079__b1531mcpsimp">static</strong> <strong id="css_03_0079__b1532mcpsimp">void</strong> main(String[] args) <strong id="css_03_0079__b1533mcpsimp">throws</strong> UnsupportedEncodingException <pre id="css_03_0079__br1534mcpsimp">{ </pre>
<pre id="css_03_0079__br1535mcpsimp">//</pre>
<strong id="css_03_0079__b1536mcpsimp">TODO</strong>: Replace the AK and SK with those obtained on the <strong id="css_03_0079__b1537mcpsimp">My Credential</strong> page. <pre id="css_03_0079__br1538mcpsimp">String ak = "</pre>
<strong id="css_03_0079__b1539mcpsimp">ZIRRKMTWP******1WKNKB</strong>"; <pre id="css_03_0079__br1540mcpsimp">String sk = "</pre>
<strong id="css_03_0079__b1541mcpsimp">Us0mdMNHk******YrRCnW0ecfzl</strong>"; <pre id="css_03_0079__br1542mcpsimp"> </pre>
<pre id="css_03_0079__br1543mcpsimp">//</pre>
<strong id="css_03_0079__b1544mcpsimp">TODO</strong>: To specify a project ID (multi-project scenarios), add the X-Project-Id header. <pre id="css_03_0079__br1545mcpsimp">//</pre>
<strong id="css_03_0079__b1546mcpsimp">TODO</strong>: To access a global service, such as IAM, DNS, CDN, and TMS, add the X-Domain-Id header to specify an account ID. <pre id="css_03_0079__br1547mcpsimp">//</pre>
<strong id="css_03_0079__b1548mcpsimp">TODO</strong>: To add a header, find "Add special headers" in the <strong id="css_03_0079__b1549mcpsimp">AccessServiceImple.java</strong> file. <pre id="css_03_0079__br1550mcpsimp"> </pre>
<pre id="css_03_0079__br1551mcpsimp">//</pre>
<strong id="css_03_0079__b1552mcpsimp">TODO</strong>: Test the API <pre id="css_03_0079__br1553mcpsimp">String url = "</pre>
<strong id="css_03_0079__b1554mcpsimp">https://{Endpoint}/v1/{project_id}/vpcs</strong>"; <pre id="css_03_0079__br1555mcpsimp"></pre>
<em id="css_03_0079__i1556mcpsimp">get</em>(ak, sk, url); <pre id="css_03_0079__br1557mcpsimp"> </pre>
<pre id="css_03_0079__br1558mcpsimp">//</pre>
<strong id="css_03_0079__b1559mcpsimp">TODO</strong>: When creating a VPC, replace <em id="css_03_0079__i1560mcpsimp">{project_id}</em> in postUrl with the actual value. <pre id="css_03_0079__br1561mcpsimp">//String postUrl = "https://serviceEndpoint/v1/{project_id}/cloudservers"; </pre>
<pre id="css_03_0079__br1562mcpsimp">//String postbody ="{\"</pre>
<u id="css_03_0079__u1563mcpsimp">vpc</u>\": {\"name\": \"vpc\",\"cidr\": \"192.168.0.0/16\"}}"; <pre id="css_03_0079__br1564mcpsimp">//post(ak, sk, postUrl, postbody); </pre>
<pre id="css_03_0079__br1565mcpsimp"> </pre>
<pre id="css_03_0079__br1566mcpsimp">//</pre>
<strong id="css_03_0079__b1567mcpsimp">TODO</strong>: When querying a VPC, replace <em id="css_03_0079__i1568mcpsimp">{project_id}</em> in url with the actual value. <pre id="css_03_0079__br1569mcpsimp">//String url = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}"; </pre>
<pre id="css_03_0079__br1570mcpsimp">//get(ak, sk, url); </pre>
<pre id="css_03_0079__br1571mcpsimp"> </pre>
<pre id="css_03_0079__br1572mcpsimp">//</pre>
<strong id="css_03_0079__b1573mcpsimp">TODO</strong>: When updating a VPC, replace <em id="css_03_0079__i1574mcpsimp">{project_id}</em> and <em id="css_03_0079__i1575mcpsimp">{vpc_id}</em> in putUrl with the actual values. <pre id="css_03_0079__br1576mcpsimp">//String putUrl = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}"; </pre>
<pre id="css_03_0079__br1577mcpsimp">//String putbody ="{\"vpc\":{\"name\": \"vpc1\",\"cidr\": \"192.168.0.0/16\"}}"; </pre>
<pre id="css_03_0079__br1578mcpsimp">//put(ak, sk, putUrl, putbody); </pre>
<pre id="css_03_0079__br1579mcpsimp"> </pre>
<pre id="css_03_0079__br1580mcpsimp">//</pre>
<strong id="css_03_0079__b1581mcpsimp">TODO</strong>: When deleting a VPC, replace <em id="css_03_0079__i1582mcpsimp">{project_id} </em>and <em id="css_03_0079__i1583mcpsimp">{vpc_id} </em>in deleteUrl with the actual values. <pre id="css_03_0079__br1584mcpsimp">//String deleteUrl = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}"; </pre>
<pre id="css_03_0079__br1585mcpsimp">//delete(ak, sk, deleteUrl); </pre>
<pre id="css_03_0079__br1586mcpsimp">}</pre>
</div>
</li><li id="css_03_0079__li1587mcpsimp">Compile and run the code to call an API.<p id="css_03_0079__p1588mcpsimp"><a name="css_03_0079__li1587mcpsimp"></a><a name="li1587mcpsimp"></a>In the <strong id="css_03_0079__b137531489755919">Package Explorer</strong> area on the left, right-click <strong id="css_03_0079__b62895306955919">Demo.java</strong> and choose <strong id="css_03_0079__b181670751755919">Run AS</strong> &gt; <strong id="css_03_0079__b94487714955919">Java Application</strong> from the shortcut menu to run the demo code.</p>
<p id="css_03_0079__p1589mcpsimp">You can view API calling logs on the console.</p>
</li></ol>
</p></li></ol>
</div>
<div class="section" id="css_03_0079__en-us_topic_0175865506_en-us_topic_0170917208_section34951335121613"><h4 class="sectiontitle">Authentication Using Tokens</h4><div class="note" id="css_03_0079__en-us_topic_0175865506_en-us_topic_0170917208_note1449573531616"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="css_03_0079__ul123781622124815"><li id="css_03_0079__li143781322174815">The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API.</li><li id="css_03_0079__li1598mcpsimp">Ensure that the token is valid while you use it. Using a token that will soon expire may cause API calling failures.</li></ul>
</div></div>
<p id="css_03_0079__en-us_topic_0175865506_en-us_topic_0170917208_p11495135111617">A token specifies certain permissions in a computer system. Authentication using a token adds the token to a request as its header during API calling to obtain permissions to operate APIs through IAM.</p>
<p id="css_03_0079__en-us_topic_0175865506_en-us_topic_0170917208_p4938113918117">The API for obtaining a token is <strong id="css_03_0079__b14550194204556">POST https://</strong><em id="css_03_0079__i223842104556">{IAM endpoint}</em><strong id="css_03_0079__b4506600624556">/v3/auth/tokens</strong>. For details about how to obtain IAM endpoints, see <a href="css_03_0001.html#css_03_0001__section889174472415">Endpoints</a>.</p>
<pre class="screen" id="css_03_0079__en-us_topic_0175865506_en-us_topic_0170917208_screen84049561000">{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "username", //Username
"password": "********", //Login password
"domain": {
"name": "<em id="css_03_0079__i308111234556"><strong id="css_03_0079__b1523222074556">domainname</strong></em>" //Name of the account to which the user belongs
}
}
}
},
"scope": {
"project": {
"name": "xxxxxxxx" //Project name
}
}
}
}</pre>
<p id="css_03_0079__en-us_topic_0175865506_en-us_topic_0170917208_p175512042712">After a token is obtained, the <strong id="css_03_0079__en-us_topic_0175865506_en-us_topic_0170917208_b4962111369581">X-Auth-Token</strong> header field must be added to requests to specify the token when calling other APIs. For example, if the token is <strong id="css_03_0079__en-us_topic_0175865506_en-us_topic_0170917208_b9389950329581">ABCDEFJ....</strong>, <strong id="css_03_0079__en-us_topic_0175865506_en-us_topic_0170917208_b18594742059581">X-Auth-Token: ABCDEFJ....</strong> can be added to a request as follows:</p>
<pre class="screen" id="css_03_0079__en-us_topic_0175865506_en-us_topic_0170917208_en-us_topic_0170917208_en-us_topic_0168405764_screen11189101154015">
POST https://{endpoint}/v3/auth/projects
Content-Type: application/json
<strong id="css_03_0079__en-us_topic_0175865506_en-us_topic_0170917208_en-us_topic_0170917208_en-us_topic_0168405764_b172853338430">X-Auth-Token: ABCDEFJ....</strong></pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="css_03_0077.html">Calling APIs</a></div>
</div>
</div>
View Git Blame Copy Permalink