Request structure
VPC APIs belong to the RPC type. You can call VPC APIs by sending HTTP requests.
The request structure is as follows:
http://endpoint/?Action=xx&Parameters
where:
Endpoint is the entry of the Alibaba Cloud service to call. The endpoint of VPC is
vpc.aliyuncs.com.Action is the action to perform. For example, use the
DescribeVpcsAPI to query created VPCs.Version is the version of the API. The VPC API version is
2016-04-28.Parameters are request parameters separated by ampersands (&).
Request parameters consist of common parameters and API specific parameters. Common parameters include VPI version, credentials and so on.
The API version of VPC is 2016-04-28.
The following is an example using the DescribeVpcs API to query the created VPCs:
http://vpc.aliyuncs.com/?Action=DescribeVpcs&AccessKeyId=key-test&Format=JSON&SecureTransport=true&SignatureMethod=HMAC-SHA1&SignatureNonce=15215528852396&SignatureVersion=1.0&SourceIp=1xxxx6&Timestamp=2018-03-02Txxxxxxx&Version=2016-04-28&Signature=xxxx%xxxx%3D
To make it easy to read, the API request is displayed in the following format in the document:
https://vpc.aliyuncs.com/?Action=DescribeVpcs&Format=xml&Version=2016-04-28&Signature=xxxx%xxxx%3D&SignatureMethod=HMAC-SHA1&SignatureNonce=15215528852396&SignatureVersion=1.0&AccessKeyId=key-test&Timestamp=2018-06-01T12:00:00Z…
API authorization
For the security of your account, we recommend that you use a RAM user to call APIs. Before using a RAM user to call an API, you must grant the RAM user the corresponding permission to call the API by creating an authorization policy and attaching the policy to the RAM user.
For more information, see RAM authentication.
API signature
To ensure the security of your API, you must sign the API request. Alibaba Cloud uses the signature in the request to verify the identity of the person who calls the API.
Each time you manually call an API, you must use the AccessKey secret to calculate the HMAC value of the encoded and sorted request string as defined RFC 2104. The calculated HMAC value is the value of the signature parameter in the request.
Note: Alibaba Cloud provides multiple SDKs and third-party SDKs to make the manual signature process more efficient.
Add the signature to the API request in the following format:
https://vpc.aliyuncs.com/?Action=XXX&SignatureVersion=1.0&SignatureMethod=HMAC-SHA1&Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
Take the DescribeVpcs as an example. If the AccessKey ID is testid, and the AccessKey Secret is testsecret, and the original request URL is as follows:
http://vpc.aliyuncs.com/?TimeStamp=2016-02-23T12:46:24Z&Format=XML&AccessKeyId=testid&Action=DescribeVpcs&SignatureMethod=HMAC-SHA1&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&Version=2016-04-28&SignatureVersion=1.0
Follow these steps to calculate the signature:
Use the request parameters to create a canonicalized query string to sign.
The constructed string to sign is as follows:
GET&%2F&AccessKeyId%3Dtestid&Action%3DDescribeVpcs&Format%3DXML&SignatureMethod%3DHMAC-SHA1&SignatureNonce%3D3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&SignatureVersion%3D1.0&TimeStamp%3D2016-02-23T12%253A46%253A24Z&Version%3D2016-04-28
Calculate the HMAC value of the string to sign.
Append an ampersand to the AccessKey secret as the key to calculate the HMAC value. In this example, the key is
testsecret&.The calculated signature in this example is as follows:
CT9X0VtwR86fNWSnsc6v8YGOjuE=Add the signature to the request URL.
The final request URL is as follows:
http://vpc.aliyuncs.com/?Action=DescribeVpcs &SignatureVersion=1.0 SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf &Version=2016-04-28 &AccessKeyId=testid &Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D &SignatureMethod=HMAC-SHA1&TimeStamp=2014-02-23T12%3A46%3A24Z &Format=XML&