forked from docs/doc-exports
Yang, Tong
f1bf1560d6
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com> Co-authored-by: Yang, Tong <yangtong2@huawei.com> Co-committed-by: Yang, Tong <yangtong2@huawei.com>
110 lines
17 KiB
HTML
110 lines
17 KiB
HTML
<a name="mrs_02_0009"></a><a name="mrs_02_0009"></a>
|
|
|
|
<h1 class="topictitle1">Authentication</h1>
|
|
<div id="body1559185429880"><div class="p" id="mrs_02_0009__en-us_topic_0121671869_p26613555143846">Requests for calling an API can be authenticated using either of the following methods:<ul id="mrs_02_0009__en-us_topic_0121671869_ul38195410143846"><li id="mrs_02_0009__en-us_topic_0121671869_li8214375143846">Token-based authentication: Requests are authenticated using a token.</li><li id="mrs_02_0009__en-us_topic_0121671869_li61384639143846">AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK pair. AK/SK-based authentication is recommended because it is more secure than token-based authentication.</li></ul>
|
|
</div>
|
|
<div class="section" id="mrs_02_0009__en-us_topic_0121671869_section2417768214391"><h4 class="sectiontitle">Token-based Authentication</h4><div class="note" id="mrs_02_0009__en-us_topic_0121671869_note133321911123"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_02_0009__en-us_topic_0121671869_p1254514271026">The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.</p>
|
|
</div></div>
|
|
<p id="mrs_02_0009__en-us_topic_0121671869_p18703477214">A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to requests to get permissions for calling the API.</p>
|
|
<p id="mrs_02_0009__p8165114419536">The token can be obtained by calling the API in <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0057845583.html" target="_blank" rel="noopener noreferrer">Obtaining a User Token</a>. A project-level token is required for calling this service API, that is, when calling the API for <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0057845583.html" target="_blank" rel="noopener noreferrer">Obtaining a User Token</a>, set the value of <strong id="mrs_02_0009__b12577112414224">auth.scope</strong> in the request body to <strong id="mrs_02_0009__b957712419221">project</strong>.</p>
|
|
<pre class="screen" id="mrs_02_0009__screen57221005415">{
|
|
"auth": {
|
|
"identity": {
|
|
"methods": [
|
|
"password"
|
|
],
|
|
"password": {
|
|
"user": {
|
|
"name": "username",
|
|
"password": "********",
|
|
"domain": {
|
|
"name": "domainname"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
<strong id="mrs_02_0009__b18947194495414">"scope": {</strong>
|
|
<strong id="mrs_02_0009__b18950134412548"> "project": {</strong>
|
|
<strong id="mrs_02_0009__b3952204419545"> "id": "xxxxxxxx"</strong>
|
|
<strong id="mrs_02_0009__b8957144155413"> }</strong>
|
|
<strong id="mrs_02_0009__b16959164425410"> }</strong>
|
|
}
|
|
}</pre>
|
|
<p id="mrs_02_0009__en-us_topic_0121671869_p9691122114266">After a token is obtained, the <strong id="mrs_02_0009__b66883219376">X-Auth-Token</strong> header field must be added to requests to specify the token when calling other APIs. For example, if the token is <span class="parmvalue" id="mrs_02_0009__parmvalue3303145133816"><b>ABCDEFJ....</b></span>, <span class="parmvalue" id="mrs_02_0009__parmvalue4304165183819"><b>X-Auth-Token: ABCDEFJ....</b></span> can be added to a request as follows:</p>
|
|
<pre class="screen" id="mrs_02_0009__en-us_topic_0121671869_screen11189101154015">Content-Type: application/json
|
|
<strong id="mrs_02_0009__en-us_topic_0121671869_b172853338430">X-Auth-Token: ABCDEFJ....</strong></pre>
|
|
</div>
|
|
<div class="section" id="mrs_02_0009__section139965017532"><h4 class="sectiontitle">AK/SK-based Authentication</h4><p id="mrs_02_0009__en-us_topic_0121671869_p5607113161512">An AK/SK is used to verify the identity of a request sender. In AK/SK-based authentication, a signature needs to be obtained and then added to requests.</p>
|
|
<div class="note" id="mrs_02_0009__en-us_topic_0121671869_n9dcbfe6b240a43cfa48bb67f6e4b0126"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_02_0009__en-us_topic_0121671869_a9057158d9de6408fb6d7843353d9b3aa">AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.</p>
|
|
<p id="mrs_02_0009__en-us_topic_0121671869_a6b8f717e84924432b9b93893ca4141c1">SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.</p>
|
|
</div></div>
|
|
<p id="mrs_02_0009__en-us_topic_0121671869_p5684143782614">The following uses a demo project to show how to sign a request and use an HTTP client to send an HTTPS request.</p>
|
|
<p id="mrs_02_0009__en-us_topic_0121671869_p20216193410543">Download the demo project at <a href="https://docs.otc.t-systems.com/en-us/api/apiug/apig-en-api-180328008.html" target="_blank" rel="noopener noreferrer">https://docs.otc.t-systems.com/en-us/api/apiug/apig-en-api-180328008.html</a>.</p>
|
|
<p id="mrs_02_0009__en-us_topic_0121671869_p358590112719">If you do not need the demo project, visit the following URL to download the API Gateway signing SDK:</p>
|
|
<p id="mrs_02_0009__en-us_topic_0121671869_p1348744975511">https://apig-demo.obs.eu-de.otc.t-systems.com/java/java-sdk-core.zip</p>
|
|
<p id="mrs_02_0009__en-us_topic_0121671869_p1656604461617">Decompress the downloaded package and reference the obtained JAR files as dependencies. See the following figure.</p>
|
|
<div class="fignone" id="mrs_02_0009__en-us_topic_0121671869_fig919329144115"><span class="figcap"><b>Figure 1 </b>Adding the API Gateway signing SDK</span><br><span><img id="mrs_02_0009__en-us_topic_0121671869_image174116208156" src="en-us_image_0000001351446161.png"></span></div>
|
|
<ol id="mrs_02_0009__en-us_topic_0121671869_ol18692431181510"><li id="mrs_02_0009__en-us_topic_0121671869_li039995792416"><span>Generate an AK/SK. (If an AK/SK file has already been obtained, skip this step and locate the downloaded AK/SK file. Generally, the file name will be <strong id="mrs_02_0009__b636984915507">credentials.csv</strong>.)</span><p><ol type="a" id="mrs_02_0009__en-us_topic_0121671869_ol1041165715248"><li id="mrs_02_0009__en-us_topic_0121671869_li641635711249">Log in to the management console.</li><li id="mrs_02_0009__en-us_topic_0121671869_li15426115710241">Click the username and choose <strong id="mrs_02_0009__b13868459105010">My Credentials</strong> from the drop-down list.</li></ol><ol type="a" start="3" id="mrs_02_0009__en-us_topic_0121671869_ol4435175711246"><li id="mrs_02_0009__en-us_topic_0121671869_li94401457192414">On the <strong id="mrs_02_0009__b13081228518">My Credentials</strong> page, click the <strong id="mrs_02_0009__b173081324513">Access Keys</strong> tab.</li><li id="mrs_02_0009__en-us_topic_0121671869_li4446115712243">Click <strong id="mrs_02_0009__b131272914518">Add Access Key</strong>.</li><li id="mrs_02_0009__en-us_topic_0121671869_li1645475712241">Enter the login password.</li><li id="mrs_02_0009__en-us_topic_0121671869_li546365716247">Enter the verification code received by email.</li><li id="mrs_02_0009__en-us_topic_0121671869_li20543057142412">Click <strong id="mrs_02_0009__b14598104311528">OK</strong> to download the access key.<div class="note" id="mrs_02_0009__en-us_topic_0121671869_note35511957122417"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="mrs_02_0009__en-us_topic_0121671869_p3570155782420">Keep the access key secure.</p>
|
|
</div></div>
|
|
</li></ol>
|
|
</p></li><li id="mrs_02_0009__en-us_topic_0121671869_li1115311720450"><span>Download and decompress the demo project.</span></li><li id="mrs_02_0009__en-us_topic_0121671869_li19564155663214"><a name="mrs_02_0009__en-us_topic_0121671869_li19564155663214"></a><a name="en-us_topic_0121671869_li19564155663214"></a><span>Import the demo project to Eclipse.</span><p><div class="fignone" id="mrs_02_0009__en-us_topic_0121671869_fig16546145205014"><span class="figcap"><b>Figure 2 </b>Selecting Existing Projects into Workspace</span><br><span><img id="mrs_02_0009__en-us_topic_0121671869_image1474131114720" src="en-us_image_0000001298566184.png"></span></div>
|
|
<div class="fignone" id="mrs_02_0009__en-us_topic_0121671869_fig767232218519"><span class="figcap"><b>Figure 3 </b>Selecting the demo project</span><br><span><img id="mrs_02_0009__en-us_topic_0121671869_image13419842205018" src="en-us_image_0000001298725832.png"></span></div>
|
|
<div class="fignone" id="mrs_02_0009__en-us_topic_0121671869_fig159778103242"><span class="figcap"><b>Figure 4 </b>Structure of the demo project</span><br><span><img id="mrs_02_0009__en-us_topic_0121671869_image128044312389" src="en-us_image_0000001351245885.png"></span></div>
|
|
</p></li><li id="mrs_02_0009__en-us_topic_0121671869_li878093111517"><span>Sign the request.</span><p><p id="mrs_02_0009__en-us_topic_0121671869_p10940124322710">The request signing method is integrated in the JAR files imported in <a href="#mrs_02_0009__en-us_topic_0121671869_li19564155663214">3</a>. The request needs to be signed before it is sent. The signature will then be added as part of the HTTP header to the request.</p>
|
|
<p id="mrs_02_0009__en-us_topic_0121671869_p979243115158">The demo code is classified into the following classes to demonstrate signing and sending the HTTP request:</p>
|
|
<ul id="mrs_02_0009__en-us_topic_0121671869_ul46077243144336"><li id="mrs_02_0009__en-us_topic_0121671869_li373103144336"><strong id="mrs_02_0009__en-us_topic_0147931040_b6538151193411">AccessService</strong>: An abstract class that merges the GET, POST, PUT, and DELETE methods into the access method.</li><li id="mrs_02_0009__en-us_topic_0121671869_li15119103144339"><strong id="mrs_02_0009__en-us_topic_0147931040_b1627545993417">Demo</strong>: Execution entry used to simulate the sending of GET, POST, PUT, and DELETE requests.</li><li id="mrs_02_0009__en-us_topic_0121671869_li54381430144341"><strong id="mrs_02_0009__en-us_topic_0147931040_b24210174365">AccessServiceImpl</strong>: Implements the access method, which contains the code required for communication with API Gateway.</li></ul>
|
|
<ol type="a" id="mrs_02_0009__en-us_topic_0121671869_ol1515318170459"><li id="mrs_02_0009__en-us_topic_0121671869_li1985133317503">Edit the main() method in the <strong id="mrs_02_0009__b15528162725513">Demo.java</strong> file, and replace the bold text with actual values.<p id="mrs_02_0009__en-us_topic_0121671869_p2061535616161">As shown in the following code, if you use other methods such as POST, PUT, and DELETE, see the corresponding comment.</p>
|
|
<p id="mrs_02_0009__en-us_topic_0121671869_p129401344175213">Specify <strong id="mrs_02_0009__b15205121035018">region</strong>, <strong id="mrs_02_0009__b1206191014503">serviceName</strong>, <strong id="mrs_02_0009__b720821011507">ak/sk</strong>, and <strong id="mrs_02_0009__b17208191075017">url</strong> as the actual values. In this demo, the URLs for accessing VPC resources are used.</p>
|
|
<p id="mrs_02_0009__en-us_topic_0121671869_p27531945173720">To obtain the project ID in the URLs, see <a href="mrs_02_0011.html">Obtaining a Project ID</a>.</p>
|
|
<p id="mrs_02_0009__p153251884810">To obtain the endpoint, see <a href="https://docs.otc.t-systems.com/regions-and-endpoints/index.html" target="_blank" rel="noopener noreferrer">Regions and Endpoints</a>.</p>
|
|
<pre class="screen" id="mrs_02_0009__en-us_topic_0121671869_screen89816540225">//<strong id="mrs_02_0009__en-us_topic_0121671869_b6201155152216">TODO</strong>: Replace region with the name of the region in which the service to be accessed is located.
|
|
<strong id="mrs_02_0009__en-us_topic_0121671869_b17211255162214">private</strong> <strong id="mrs_02_0009__en-us_topic_0121671869_b152115532218">static</strong> <strong id="mrs_02_0009__en-us_topic_0121671869_b1121105522215">final</strong> String <strong id="mrs_02_0009__en-us_topic_0121671869_b5213558226"><em id="mrs_02_0009__en-us_topic_0121671869_i2211455112218">region</em></strong> = "";
|
|
|
|
//<strong id="mrs_02_0009__en-us_topic_0121671869_b321175517226">TODO</strong>: Replace <strong id="mrs_02_0009__en-us_topic_0121671869_b519712478445">vpc</strong> with the name of the service you want to access. For example, ecs, vpc, iam, and elb.
|
|
<strong id="mrs_02_0009__en-us_topic_0121671869_b142205552215">private</strong> <strong id="mrs_02_0009__en-us_topic_0121671869_b1822195522211">static</strong> <strong id="mrs_02_0009__en-us_topic_0121671869_b172219558226">final</strong> String <strong id="mrs_02_0009__en-us_topic_0121671869_b12213556225"><em id="mrs_02_0009__en-us_topic_0121671869_i1922195592214">serviceName</em></strong> = "";
|
|
|
|
<strong id="mrs_02_0009__en-us_topic_0121671869_b13221655192219">public</strong> <strong id="mrs_02_0009__en-us_topic_0121671869_b1022455162217">static</strong> <strong id="mrs_02_0009__en-us_topic_0121671869_b112335516220">void</strong> main(String[] args) <strong id="mrs_02_0009__en-us_topic_0121671869_b1123185542217">throws</strong> UnsupportedEncodingException
|
|
{
|
|
//<strong id="mrs_02_0009__en-us_topic_0121671869_b623165516223">TODO</strong>: Replace the AK and SK with those obtained on the <strong id="mrs_02_0009__en-us_topic_0121671869_b0678145420449">My Credential</strong> page.
|
|
String ak = "<strong id="mrs_02_0009__en-us_topic_0121671869_b22325514225">ZIRRKMTWP******1WKNKB</strong>";
|
|
String sk = "<strong id="mrs_02_0009__en-us_topic_0121671869_b5235557223">Us0mdMNHk******YrRCnW0ecfzl</strong>";
|
|
|
|
//<strong id="mrs_02_0009__en-us_topic_0121671869_b102345552219">TODO</strong>: To specify a project ID (multi-project scenarios), add the X-Project-Id header.
|
|
//<strong id="mrs_02_0009__en-us_topic_0121671869_b1052355510575">TODO</strong>: To access a global service, such as IAM, DNS, CDN, and TMS, add the X-Domain-Id header to specify an account ID.
|
|
//<strong id="mrs_02_0009__en-us_topic_0121671869_b62445532216">TODO</strong>: To add a header, find "Add special headers" in the <strong id="mrs_02_0009__en-us_topic_0121671869_b17115141154512">AccessServiceImple.java</strong> file.
|
|
|
|
//<strong id="mrs_02_0009__en-us_topic_0121671869_b205398223109">TODO</strong>: Test the API
|
|
String url = "<strong id="mrs_02_0009__en-us_topic_0121671869_b1325555122212">https://{Endpoint}/v1/{project_id}/vpcs</strong>";
|
|
<em id="mrs_02_0009__en-us_topic_0121671869_i325175511223">get</em>(ak, sk, url);
|
|
|
|
//<strong id="mrs_02_0009__en-us_topic_0121671869_b2257555228">TODO</strong>: When creating a VPC, replace <em id="mrs_02_0009__en-us_topic_0121671869_i9635324164517">{project_id}</em> in postUrl with the actual value.
|
|
//String postUrl = "https://serviceEndpoint/v1/{project_id}/cloudservers";
|
|
//String postbody ="{\"<u id="mrs_02_0009__en-us_topic_0121671869_u925135510229">vpc</u>\": {\"name\": \"vpc\",\"cidr\": \"192.168.0.0/16\"}}";
|
|
//post(ak, sk, postUrl, postbody);
|
|
|
|
//<strong id="mrs_02_0009__en-us_topic_0121671869_b1526105511226">TODO</strong>: When querying a VPC, replace <em id="mrs_02_0009__en-us_topic_0121671869_i3475153315457">{project_id}</em> in url with the actual value.
|
|
//String url = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}";
|
|
//get(ak, sk, url);
|
|
|
|
//<strong id="mrs_02_0009__en-us_topic_0121671869_b026175572211">TODO</strong>: When updating a VPC, replace <em id="mrs_02_0009__en-us_topic_0121671869_i7451847174511">{project_id}</em> and <em id="mrs_02_0009__en-us_topic_0121671869_i87635254516">{vpc_id}</em> in putUrl with the actual values.
|
|
//String putUrl = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}";
|
|
//String putbody ="{\"vpc\":{\"name\": \"vpc1\",\"cidr\": \"192.168.0.0/16\"}}";
|
|
//put(ak, sk, putUrl, putbody);
|
|
|
|
//<strong id="mrs_02_0009__en-us_topic_0121671869_b1927855152214">TODO</strong>: When deleting a VPC, replace <em id="mrs_02_0009__i139104302486">{project_id}</em> and <em id="mrs_02_0009__i12212154194815">{vpc_id}</em> in deleteUrl with the actual values.
|
|
//String deleteUrl = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}";
|
|
//delete(ak, sk, deleteUrl);
|
|
}</pre>
|
|
</li><li id="mrs_02_0009__en-us_topic_0121671869_li18412306320">Compile the code and call the API.<p id="mrs_02_0009__en-us_topic_0121671869_p188281527115415"><a name="mrs_02_0009__en-us_topic_0121671869_li18412306320"></a><a name="en-us_topic_0121671869_li18412306320"></a>In the <strong id="mrs_02_0009__b34083494539">Package Explorer</strong> area on the left, right-click <strong id="mrs_02_0009__b4409134915534">Demo.java</strong>, choose <strong id="mrs_02_0009__b741024915316">Run AS</strong> > <strong id="mrs_02_0009__b11411114915532">Java Application</strong> from the shortcut menu to run the demo code.</p>
|
|
<p id="mrs_02_0009__en-us_topic_0121671869_p20946560369">You can view the API call logs on the console.</p>
|
|
</li></ol>
|
|
</p></li></ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_02_0002.html">Calling APIs</a></div>
|
|
</div>
|
|
</div>
|
|
|