Sign a request
Perform the following steps to sign an API request:
- Construct and encode a canonicalized query string.
- Arrange all the request parameters.
Construct a string by arranging the request parameters in alphabetical order. Include all common and operation-specific parameters except the
Signature
parameter.Note When you use the GET method to submit a request, the request parameters are included as a part of the uniform resource identifier (URI). The request parameters in the URI are placed after the question mark (?) and separated by ampersands (&). - Encode the name and value of each request parameter.
URL encode all the request parameter names and values in UTF-8 based on the following rules:
-
Uppercase letters, lowercase letters, digits, and some special characters such as hyphens (-), underscores (_), periods (.), and tildes (~) are not encoded.
-
Other characters are percent encoded in the
%XY
format.XY
represents the ASCII code of the characters in hexadecimal notation. For example, double quotation marks (") are encoded as%22
. -
Extended UTF-8 characters are encoded in the
%XY%ZA…
format. -
Spaces must be encoded as
%20
. Do not encode spaces as plus signs (+).This encoding method is similar to but different from the
application/x-www-form-urlencoded
Multipurpose Internet Mail Extensions (MIME) encoding algorithm, such as thejava.net.URLEncoder
class provided by the Java standard library. You can encode the parameter names and values by using the encoding method in the Java standard library. In the encoded string, replace the plus signs (+) with%20
, asterisks (*) with%2A
, and%7E
with tildes (~) to obtain an encoded string that complies with the preceding encoding rules. You can use the following percentEncode() method to implement the encoding:private static final String ENCODING = "UTF-8"; private static String percentEncode(String value) throws UnsupportedEncodingException { return value != null ? URLEncoder.encode(value, ENCODING).replace("+", "%20").replace("*", "%2A").replace("%7E", "~") : null; }
-
- Sort the parameter name and value pairs in the order specified in Step i. Then, concatenate the pairs with ampersands (&) to construct the canonicalized query string.
- Arrange all the request parameters.
- Construct a string-to-sign from the encoded canonicalized query string based on the
following rules:
StringToSign= HTTPMethod + "&" + percentEncode("/") + "&" + percentEncode(CanonicalizedQueryString)
In the preceding string,-
HTTPMethod
indicates the HTTP method used to submit a request, such as GET. -
percentEncode("/")
encodes backslashes (/) as%2F
based on the URL encoding rule described in Step ii. -
percentEncode(CanonicalizedQueryString)
specifies the encoded string of the canonicalized query string constructed in Step 1. The encoded string is produced by following the URL encoding rules described in Step 1.ii.
-
- Calculate the RFC 2104-compliant HMAC value of the string-to-sign.Note Use the SHA1 algorithm to calculate the HMAC value of the string-to-sign. Your AccessKey secret followed by an ampersand (&) (ASCII code 38) is used as the key for the HMAC calculation.
- Encode the HMAC value in Base64 to obtain the signature string.
- Add the signature string to the request as the
Signature
parameter. The result is a signed API request.Note When the signature string is submitted to ApsaraVideo Live as the final request parameter value, the value must be URL-encoded in the same way as other parameters based on rules defined in RFC 3986. For more information, see RFC 3986.
Example
http://live.aliyuncs.com/?Format=XML&SignatureMethod=HMAC-SHA1&Action=DescribeLiveSnapshotConfig&AccessKeyId=testid&RegionId=cn-shanghai&ServiceCode=live&DomainName=example.com&AppName=test&SignatureNonce=c2fe8fbb-2977-4414-8d39-348d02419c1c&Version=2016-11-01&SignatureVersion=1.0&Timestamp=2017-06-14T09:51:14Z
GET&%2F&AccessKeyId%3Dtestid&Action%3DDescribeLiveSnapshotConfig&AppName%3Dtest&DomainName%example.com&Format%3DXML&RegionId%3Dcn-shanghai&ServiceCode%3Dlive&SignatureMethod%3DHMAC-SHA1&SignatureNonce%3Dc2fe8fbb-2977-4414-8d39-348d02419c1c&SignatureVersion%3D1.0&Timestamp%3D2017-06-14T09%253A51%253A14Z&Version%3D2016-11-01
3I5a3myPjp8FXWT4rvxX5pKb/aw=
Signature
parameter:http://live.aliyuncs.com/?Format=XML%26SignatureMethod=HMAC-SHA1%26Signature=3I5a3myPjp8FXWT4rvxX5pKb%2Faw%3D%26Timestamp=2017-06-14T09%3A51%3A14Z%26Action=DescribeLiveSnapshotConfig%26AccessKeyId=testid%26RegionId=cn-shanghai%26ServiceCode=live%26DomainName=example.com%26AppName=test%26SignatureNonce=c2fe8fbb-2977-4414-8d39-348d02419c1c%26Version=2016-11-01%26SignatureVersion=1.0