Common parameters are parameters that are included in all HTTP requests. Common parameters consist of common request headers and common request parameters.

Common request headers

The following table describes common request headers that must be used when you send HTTP POST requests by using URLs to call the Content Moderation API.
Header Type Required Description
Accept String Yes The data type of the response that can be accepted. Only the JSON type is supported. Set the value to application/json.
Content-Type String Yes The data type of the request body. Only the JSON type is supported. Set the value to application/json.
Content-MD5 String No The encoded value that is computed based on the request body.
To obtain the value, use the content of the request body as a string, apply the MD5 algorithm on the string to obtain an output of binary data, and then encode the output based on the Base64 algorithm.
Note This header is optional when the HMAC-SM3 encryption algorithm is used. However, this header is required when the HMAC-SHA1 encryption algorithm is used. By default, the HMAC-SHA1 encryption algorithm is used.
Date String Yes The time when the request is sent. This header uses the GMT format. Example: Tue, 17 Jan 2017 10:16:36 GMT.
x-acs-version String Yes The version of the Content Moderation API. Set the value to 2018-05-09.
x-acs-signature-nonce String Yes A unique, random number that is used to prevent replay attacks. We recommend that you use different numbers for different requests.
x-acs-signature-version String Yes The version of the signature encryption algorithm. Set the value to 1.0.
x-acs-signature-method String Yes The encryption method of the signature string. Valid values:
  • HMAC-SHA1: This is the default value.
  • HMAC-SM3

For more information about the encryption method, see Signature method.

x-acs-content-sm3 String No The encoded value that is computed based on the request body.

To obtain the value, use the content of the request body as a string, apply the HMAC-SM3 algorithm on the string to obtain a byte array, and then convert the array into the hexadecimal format. This is the encodeHexString(SM3Digest(body)) method.

Authorization String Yes The authentication method. The format is "acs" + " " + AccessKeyId + ":" + signature.
Parameter description:
  • AccessKeyId: the AccessKey ID that you can obtain from the Alibaba Cloud Management Console. For more information about how to obtain the AccessKey ID, see Create an AccessKey pair.
  • signature: the request signature. For more information about the signature encryption algorithm, see Signature method.

Common request parameters

The following table describes common request parameters that can be used when you send HTTP POST requests by using URLs to call the Content Moderation API.
Parameter Type Required Description
clientInfo String No The information about the client that sends the request. The information is serialized from the ClientInfo structure in the JSON format. The information includes the unique machine identifier (UMID) and International Mobile Equipment Identity (IMEI) of the client. For more information, see ClientInfo.
Table 1. ClientInfo
Parameter Type Required Description
sdkVersion String No The version of the Content Moderation SDK.

This parameter is required when an operation is called by using the Content Moderation SDK. For more information, see SDK overview.

cfgVersion String No The version of the configuration.

This parameter is required when an operation is called by using the Content Moderation SDK. For more information, see SDK overview.

userType String No The type of the user account. Valid values:
  • taobao: indicates a Taobao account.
  • others: indicates an account other than a Taobao account.
userId String No The unique ID of the user in the business system.

We strongly recommend that you set this parameter to analyze the violations of the user.

userNick String No The nickname of the user.
avatar String No The URL that can be used to access the profile picture of the user over the Internet. You can pass the value of this parameter to analyze the behaviors of the user.
imei String No The IMEI of the device.
imsi String No The International Mobile Subscriber Identity (IMSI) of the device.
umid String No The UMID of the device.
ip String No The public IP address of the user in the business system.

If the request is initiated from the device, this parameter can be left empty. If the request is initiated from the server, this parameter is set to the logon IP address of the user or the public IP address of the device.

We recommend that you set this parameter to analyze the violations of the user. If this parameter is not specified in the request, the server attempts to obtain the IP address from the request URL or HTTP request headers.

os String No The operating system of the device. Example: Android 6.0.
channel String No The channel number.
hostAppName String No The name of the host application.
hostPackage String No The name of the host application package.
hostVersion String No The version of the host application.

Sample requests

POST /green/image/scan?clientInfo=%7b%22userId%22%3a%22120234234%22%2c%22userNick%22%3a%22Mike%22%2c%22userType%22%3a%22others%22%7d HTTP/1.1
Accept: application/json
Content-Type: application/json
Content-MD5: C+5Y0crpO4sYgC2DNjycug==
Date: Tue, 15 May 2018 10:16:36 GMT
x-acs-version: 2018-05-09
x-acs-signature-nonce: adfkjfaHKslkjf
x-acs-signature-version: 1.0
x-acs-signature-method: HMAC-SHA1
Authorization: acs q23Q9K4PaGi12Wyk:adFff0FFO6sGcDbDNjRtso==
Host: green.cn-shanghai.aliyuncs.com/
Content-Length: 191
{
    "scenes": [
        "porn"
    ],
    "tasks": [
        {
            "dataId": "test2NInmO$tAON6qYUrtCRgLo-1mwxdi",
            "url": "https://img.alicdn.com/tfs/TB1urBOQFXXXXbMXFXXXXXXXXXX-1442-257.png"
        }
    ]
}
Parameter description:
  • POST specifies the request method.
  • /green/image/scan is the request path.
  • clientInfo=%7b%22userId%22%3a%22120234234%22%2c%22userNick%22%3a%22Mike%22%2c%22userType%22%3a%22others%22%7d is the encoded common request parameters.
  • The part from Accept:application/json to Content-Length:191 are HTTP request headers. In this part, the headers from Accept: application/json to Authorization: acs q23Q9K4PaGi12Wyk:adFff0FFO6sGcDbDNjRtso== are the common request headers used for signature.
  • The content enclosed in braces {} is the JSON-formatted request body. The structure of the request body depends on the definition of different API operations. For more information, see List of operations by function.