When you call an API operation by using encrypted signature identity authentication, you must calculate a signature string and add the signature string to the header of each API request. API Gateway performs symmetric encryption to verify the identity of the API caller.
- Each API request must include a calculated signature string in the header.
- When you construct an API request, you must use the request parameters to create a string to sign. For more information, see Request signature. Then, use an algorithm to calculate a signature. For information about the algorithm, see SDK call examples. The calculation result is the calculated signature string that you must add to the header of the API request.
- Each HTTP or HTTPS request must include a signature.
For more information about how to create a string to sign, see Request signature. After you create a string to sign, use the string to sign, your own AppKey and AppSecret, and the algorithm that is provided in SDK call examples to calculate a signature. Then, add the calculated signature string to the header of an API request. In this way, the API request is ready to be sent.