When you call an API operation by using encrypted signature identity authentication, you must calculate a signature string and add the signature string to the header of each API request. API Gateway performs symmetric encryption to verify the identity of the API caller.

  1. Each API request must include a calculated signature string in the header.
  2. When you construct an API request, you must use the request parameters to create a string to sign. For more information, see Request signature. Then, use an algorithm to calculate a signature. For information about the algorithm, see SDK call examples. The calculation result is the calculated signature string that you must add to the header of the API request.
  3. Each HTTP or HTTPS request must include a signature.

For more information about how to create a string to sign, see Request signature. After you create a string to sign, use the string to sign, your own AppKey and AppSecret, and the algorithm that is provided in SDK call examples to calculate a signature. Then, add the calculated signature string to the header of an API request. In this way, the API request is ready to be sent.