The Elastic IP Address (EIP) API and Virtual Private Cloud (VPC) API share the same endpoint. To call the EIP API, you must send HTTP GET requests to the endpoint of the EIP API. You must add the request parameters that correspond to the API operation being called. After you call the API, the system returns a response. The request and response are both encoded in UTF-8.

Request syntax

EIP API operations use the RPC protocol. You can call EIP API operations by sending HTTP GET requests.

The request syntax is:
http://Endpoint/?Action=xx&Parameters
where:
  • Endpoint: the endpoint of the EIP API. The endpoint is vpc.aliyuncs.com.
  • Action: the name of the operation being performed. For example, to create an EIP, you must set the Action parameter to AllocateEipAddress.
  • Version: the version of the API that you want to call. The current EIP API version is 2016-04-28.
  • Parameters: the request parameters for the operation. Separate multiple parameters with ampersands (&).

    Request parameters include common parameters and operation-specific parameters. Common parameters include information such as the API version number and authentication information. For more information, see Common parameters.

The following is an example of calling the AllocateEipAddress operation to apply for an EIP:
Note The following code has been edited to improve readability.
https://vpc.aliyuncs.com/?Action=AllocateEipAddress
&Format=xml
&Version=2016-04-28
&Signature=xxxx%xxxx%3D
&SignatureMethod=HMAC-SHA1
&SignatureNonce=15215528852396
&SignatureVersion=1.0
&AccessKeyId=key-test
&Timestamp=2012-06-01T12:00:00Z
…

Authorization

To ensure the security of your account, we recommend that you call EIP API operations as a RAM user. To call the EIP API as a RAM user, you must create a permission policy that contains the required permissions and attach the policy to the RAM user.

For more information about the EIP resources and API operations that can be authorized to a RAM user, see RAM authentication.

Signature:

You must sign all API requests to ensure security. Apsara Stack uses the request signature to verify the identity of the API caller.

EIP implements symmetric encryption with an AccessKey pair to verify the identity of the request sender. An AccessKey pair is an identity credential issued to Alibaba Cloud accounts and RAM users. An AccessKey pair is similar to a pair of username and password. The AccessKey ID is used to verify the identities of the API callers. The AccessKey secret is a secret key that is used to encrypt the signature string on a client and verify the signature string on a server. It is used to authenticate users and must be kept confidential.

To call an RPC API operation, you must add the signature to the API request in the following format:

https://endpoint/?SignatureVersion=1.0&SignatureMethod=HMAC-SHA1&Signature=XXXX%3D&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0axxxxxxxx

Take AllocateEipAddress as an example. The AccessKey ID is testid and the AccessKey secret is testsecret. The URL before the request is signed is:

http://vpc.aliyuncs.com/?Action=AllocateEipAddress
&Timestamp=2016-05-23T12:46:24Z
&Format=XML
&AccessKeyId=testid
&SignatureMethod=HMAC-SHA1
&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0axxxxxxxx
&Version=2014-05-26
&SignatureVersion=1.0
Perform the following operations to calculate the signature:
  1. Use the request parameters to create a string-to-sign.
    GET&%2F&AccessKeyId%3Dtestid&Action%3DAllocateEipAddress&Format%3DXML&SignatureMethod%3DHMAC-SHA1&SignatureNonce%3D3ee8c1b8-83d3-44af-a94f-4e0axxxxxxxx&SignatureVersion%3D1.0&TimeStamp%3D2016-02-23T12%253A46%253A24Z&Version%3D2014-05-15
    .
  2. Calculate the HMAC value of the string to be signed.

    Append an ampersand (&) to the AccessKey secret as the key to calculate the HMAC value. In this example, the key is testsecret&.

    CT9X0VtwR86fNWS********juE=
  3. Add the signature to the request parameters.
    http://vpc.aliyuncs.com/?Action=AllocateEipAddress
    &Timestamp=2016-05-23T12:46:24Z
    &Format=XML
    &AccessKeyId=testid
    &SignatureMethod=HMAC-SHA1
    &SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0axxxxxxxx
    &Version=2014-05-26
    &SignatureVersion=1.0
    &Signature=XXXX%3D