Tablestore:How does Tablestore verify user identity?

Prerequisites

An AccessKey pair is created in the Alibaba Cloud Management Console for an Alibaba Cloud account or in the Resource Access Management (RAM) console for a RAM user. An AccessKey pair is permanent access credentials provided by Alibaba Cloud for an Alibaba Cloud account or a RAM user. An AccessKey pair consists of an AccessKey ID and an AccessKey secret.

• AccessKey ID: used to identify a user.

• AccessKey secret: the password used to verify that a user owns the AccessKey ID. An AccessKey secret is the key used to sign and verify requests and responses.

For information about how to create an AccessKey pair, see Create an AccessKey pair.

Verify user identity

1. An Alibaba Cloud account or a RAM user sends a request to Tablestore. The request must include the following information: the plaintext of the request, the AccessKey ID of the Alibaba Cloud account or RAM user, and the verification code generated by using the AccessKey secret to sign the information in the plaintext of the request.

2. After Tablestore receives the request, Tablestore obtains the AccessKey secret of the Alibaba Cloud account or RAM user based on the AccessKey ID in the request and then generates a verification code by using the AccessKey secret to sign the information in the plaintext of the request.

   If the verification code that is generated by Tablestore is the same as the verification code provided in the request, the user who sends the request passes the identity verification.

Verify Tablestore responses

The Alibaba Cloud account or RAM user generates a verification code by using the AccessKey secret to sign the information in the plaintext of the request. If the verification code that is generated by the Alibaba Cloud account or RAM user is the same as the verification code provided in the response from Tablestore, the Alibaba Cloud account or RAM user determines that the response is sent by Tablestore.