The Content Moderation service performs identity authentication for every access request. Therefore, you must contain the signature information in the request no matter whether you submit a request through the HTTP or HTTPS protocol. Content Moderation verifies the requester identity using symmetric encryption of the Access Key ID and Access Key Secret. The Access Key ID and Access Key Secret are officially issued to visitors by Alibaba Cloud (you can apply for and manage them on the Alibaba Cloud official website).
- The Access Key ID indicates the identity of the visitor.
- The Access Key Secret is the secret key used to encrypt the signature string and to verify the signature string on the server. It must be kept strictly confidential and only be known to Alibaba Cloud and the user.
When you visit a server, the following method is used to sign the request:
- Serialize the request header. For all HTTP headers beginning with “x-acs-“, concatenate into a string in the following stepsA. Extract all HTTP headers beginning with “x-acs-“B. Sort the extracted headers in ascending orderC. For each header, concatenate
+ “:” + + “\n”
- Serialize URI and query parameters. As there is only one parameter (ClientInfo), concatenate
+ “?clientInfo=” + , note that no URL encoding is required
- Build the complete signature string, in order to be signed,“POST\napplication/json\n” +
+ “\n” + “application/json” + “\n” + + “\n” + +
- Based on the signature string built in step #3, encrypt it with the HMAC-SHA1 algorithm, and base64 encoding; and then put it into Authorization signature in the HTTP header: “acs ” +
+ “:” + . Note that the secret key within algorithm HMAC-SHA1 is the same as Access Key Id secret.
Example of the signature string in the image synchronous API:
Tue, 14 Mar 2017 06:29:50 GMT