This topic describes the signature method for calling the Content Moderation API.

Signing process

Step 1. Serialize request headers.

Combine all the HTTP headers that start with x-acs- to create a string based on the following rules:
  • Extract all the HTTP headers that start with x-acs-.
  • Sort the extracted HTTP headers in lexicographic order.
  • For each HTTP header, create a "HTTP header name" + ":" + "HTTP header value" + "\n" string.

Step 2. Serialize the URI and query parameters.

Use the uri + "? clientInfo =" + "JSON string of ClientInfo" format to concatenate the URI and clientInfo parameters.
Note URL encoding is not required here. However, it is required in an HTTP request.

Step 3. Construct a complete string to be signed.

Construct a complete string to be signed in the following syntax:
"POST\napplication/json\n" + "Content-MD5 value in HTTP header" + "\n" + "application/json" + "\n" + "Date value in HTTP header" + "\n" + "Serialized request header" + "Serialized uri and query parameters"

Step 4. Generate a signature.

Use the AccessKey secret to perform HMAC-SHA1 encryption on the string obtained in step 3, and perform Base64 encoding. Place the result in signature of Authorization in the HTTP header.

"acs" + " " + AccessKeyId + ":" + signature
Note There is a space between acs and AccessKeyId. The secret key in the HMAC-SHA1 algorithm corresponds to the secret in AccessKeyId.

Examples

The following is an example of a complete string to be signed for calling a synchronous image moderation task:
POST
application/json
C+5Y0crpO4sYgC2DNjycug==
application/json
Tue, 14 Mar 2017 06:29:50 GMT
x-acs-signature-method:HMAC-SHA1
x-acs-signature-nonce:339497c2-d91f-4c17-a0a3-1192ee9e2202
x-acs-signature-version:1.0
x-acs-version:2018-05-09
/green/image/scan? clientInfo={"ip":"127.0.0.2","userId":"120234234","userNick":"Mike","userType":"others"}