To send a Security Center API request, you must send an HTTP GET request to the Security Center endpoint. You must add the request parameters that correspond to the API operation being called. After you call the operation, the system returns a response. The request and response are encoded in UTF-8.

Request syntax

Security Center operations use the RPC protocol. You can call Security Center operations by sending HTTP GET requests.

The request syntax:

https://Endpoint/?Action=xx&Parameters
where:
  • Endpoint: The endpoint of the Security Center API is tds.aliyuncs.com.
  • Action: the name of the operation being performed. For example, to call the DescribeAlarmEventList operation, you must set the Action parameter to DescribeAlarmEventList.
  • Version: the version of operation that you call. The current Security Center API version is 2018-12-03.
  • Parameters: the request parameters for the operation. Separate multiple parameters with ampersands (&).

    Request parameters include both common parameters and operation-specific parameters. Common parameters are used for all Security Center API calls regardless of the operation. For more information, see Common parameters.

The following example demonstrates how to call the DescribeAlarmEventList in Security Center.
Note To improve readability, the following code has been formatted.
http(s)://tds.aliyuncs.com/? Action=DescribeAlarmEventList
&Format=xml
&Version=2018-12-03
&Signature=xxxx%xxxx%3D
&SignatureMethod=HMAC-SHA1
&SignatureNonce=15215528852396
&SignatureVersion=1.0
&AccessKeyId=key-test
&TimeStamp=2012-06-01T12:00:00Z
...

Authorization

To ensure your account security, we recommend that you call a Security Center operation as a RAM user. Before you can call a Security Center operation as a RAM user, you must create and attach a corresponding permission policy to the RAM user.

Signature method

You must sign all API requests to ensure security. Security Center uses the request signature to verify the identity of the API caller.

Security Center implements symmetric encryption with an AccessKey pair to verify the identity of the request sender. An AccessKey pair is an identity credential issued to Alibaba Cloud accounts and RAM users that is similar to a logon username and password. An AccessKey pair consists of an AccessKey ID and an AccessKey secret. The AccessKey ID is used to verify the identity of the user, while the AccessKey secret is used to encrypt and verify the signature string. You must keep your AccessKey secret strictly confidential.

You must add the signature to a Security Center API request in the following format:
https://endpoint/?SignatureVersion=1.0&SignatureMethod=HMAC-SHA1&Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
Take the DescribeAlarmEventList operation as an example. If the AccessKey ID is testid and the AccessKey Secret is testsecret, the original request URL is described:
https://tds.aliyuncs.com/?Action=DescribeAlarmEventList
&TimeStamp=2016-02-23T12:46:24Z
&Format=XML
&AccessKeyId=testid
&SignatureMethod=HMAC-SHA1
&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
&Version=2018-01-17
&SignatureVersion=1.0
To calculate the signature, take the following steps:
  1. Use the request parameters to create a string-to-sign.
    GET&%2F&AccessKeyId%3Dtestid&Action%3DDescribeAlarmEventList&Format%3DXML&SignatureMethod%3DHMAC-SHA1&SignatureNonce%3D3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&SignatureVersion%3D1.0&TimeStamp%3D2016-02-23T12%253A46%253A24Z&Version%3D2018-12-03
  2. Calculate the HMAC value of the string-to-sign.
    Append an ampersand (&) after the AccessKey secret as the key to calculate the HMAC value. In this example, the key is testsecret&.
    CT9X0VtwR86fNWSnsc6v8YGOjuE=
  3. Add the signature to the request parameters:
    https://tds.aliyuncs.com/?Action=DescribeAlarmEventList
    &TimeStamp=2016-02-23T12:46:24Z
    &Format=XML
    &AccessKeyId=testid
    &SignatureMethod=HMAC-SHA1
    &SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
    &Version=2018-12-03
    &SignatureVersion=1.0
    &Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D
Note Alibaba Cloud provides SDKs in multiple languages and third-party SDKs to simplify signature algorithm coding. For more information about Alibaba Cloud SDKs, see Alibaba Cloud Development Kit (SDK).