vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/apiu/guidelines/apig-en-api-180328004.html
Chen, Junjie 97b6825626 APIU Guidelines 20240812 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Chen, Junjie <chenjunjie@huawei.com>
Co-committed-by: Chen, Junjie <chenjunjie@huawei.com>
2024-08-13 10:31:24 +00:00

3.8 KiB
Raw Blame History

AK/SK Authentication

When you use API Gateway to send requests to underlying services, the requests must be signed using the AK and SK.

AK is a unique identifier that is associated with a secret access key; the access key ID and secret access key are used together to sign requests cryptographically.

SK is a key that is used in conjunction with an access key ID to cryptographically sign requests. Signing a request identifies the sender and prevents the request from being altered.

The AK/SK authentication process is as follows:

  1. A standard request is created.
  2. A to-be-signed string is created using the request and other related information.
  3. A signature is calculated using the AK/SK and to-be-signed string.
  4. The generated signature is added as a header or a query parameter in the HTTP request.
  5. After receiving the request, API Gateway performs 1 to 3 to calculate a signature.
  6. The new signature is compared with the signature generated in 3. If they are consistent, the request is processed; otherwise, the request is rejected.

Figure 1 shows the process of calling APIs through AK/SK authentication.

Figure 1 API calling process flow
  • If a failure occurs in any step, the failure will be returned to the client application.
  • The cached token is valid for 15 minutes by default.