To call the PrivateLink API, you must send a GET request to the endpoint of the PrivateLink API. You must add request parameters that correspond to the API operation that you want to call. After you call the API operation, the system returns a response. Requests and responses are encoded by using the UTF-8 character set.

Note To call a PrivateLink API operation, you must send an HTTPS request to the PrivateLink endpoint.

Request structure

PrivateLink API operations use the Remote Procedure Call (RPC) protocol. You can call PrivateLink API operations by sending GET requests.

The request syntax is:

https://Endpoint/?Action=xx&Parameters
where:
  • Endpoint: the endpoint of the PrivateLink API is privatelink.aliyuncs.com.
  • Action: the name of the operation being performed. For example, to create an endpoint, you must set the Action parameter to CreateVpcEndpoint.
  • Version: the version number of the API that you want to call. The version of the PrivateLink API is 2020-04-15.
  • Parameters: the request parameters for the operation. Separate multiple parameters with ampersands (&).

    Request parameters include both common parameters and operation-specific parameters. Common request parameters include information such as the API version number and authentication information. For more information, see Common parameters.

The following example demonstrates how to call the CreateVpcEndpoint operation in PrivateLink:
Note The following code has been formatted for ease of reading.
https://privatelink.cn-huhehaote.aliyuncs.com/?Action=CreateVpcEndpoint
&Format=xml
&Version=2020-04-15
&Signature=xxxx%xxxx%3D
&SignatureMethod=HMAC-SHA1
&SignatureNonce=15215528852396
&SignatureVersion=1.0
&AccessKeyId=key-test
&Timestamp=2012-06-01T12:00:00Z
...

API authorization

For security reasons, we recommend that you call PrivateLink operations as a Resource Access Management (RAM) user. Before you call PrivateLink operations as a RAM user, you must create a RAM user and grant the RAM user the required permissions.

For more information about PrivateLink resources and operations that you can authorize a RAM user to use, see RAM user authorization.

Signature introduction

You must sign all API requests to ensure security. Alibaba Cloud uses the request signature to verify the identity of the API caller.

PrivateLink implements symmetric encryption with an AccessKey pair to verify the identity of a request sender. An AccessKey pair is an identity credential issued to Alibaba Cloud accounts and RAM users that is similar to a logon username and password. An AccessKey pair consists of an AccessKey ID and an AccessKey secret. The AccessKey ID is used to verify the identity of the user, while the AccessKey secret is used to encrypt and verify the signature string. You must keep your AccessKey secret strictly confidential.

You must add the signature to an RPC API request in the following format:

https://endpoint/?SignatureVersion=1.0&SignatureMethod=HMAC-SHA1&Signature=xxxx%3D&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf

Take CreateVpcEndpoint as an example. Assume that the AccessKey ID is testid and the AccessKey secret is testsecret, the following code shows the request URL before the request is signed:

https://privatelink.cn-huhehaote.aliyuncs.com/?Action=CreateVpcEndpoint
&Timestamp=2016-02-23T12:46:24Z
&Format=XML
&AccessKeyId=testid
&SignatureMethod=HMAC-SHA1
&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
&Version=2020-04-15
&SignatureVersion=1.0
Perform the following operations to calculate the signature:
  1. Use the request parameters to compose a string-to-sign.
    GET&%2F&AccessKeyId%3Dtestid&Action%3DCreateVpcEndpoint&Format%3DXML&SignatureMethod%3DHMAC-SHA1&SignatureNonce%3D3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&SignatureVersion%3D1.0&TimeStamp%3D2016-02-23T12%253A46%253A24Z&Version%3D2019-04-15
  2. Calculate the HMAC value of the string-to-sign

    Append an ampersand (&) after the AccessKey secret as the key to calculate the HMAC value. In this example, the key is testsecret&.

    CT9X0VtwR86fNWS********juE=
  3. Add the signature to the request parameters:
    https://privatelink.cn-huhehaote.aliyuncs.com/?Action=CreateVpcEndpoint
    &Timestamp=2016-02-23T12:46:24Z
    &Format=XML
    &AccessKeyId=testid
    &SignatureMethod=HMAC-SHA1
    &SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
    &Version=2020-04-15
    &SignatureVersion=1.0
    &Signature=xxxx%3D