This topic describes the signature method that you can use to call the Content Moderation API.

Note We recommend that you directly use Content Moderation SDKs. The signature process is encapsulated in the SDKs, and you do not need to write the code for signature. For more information about SDKs, see Content Moderation SDK for Java, Content Moderation SDK for Python, Content Moderation SDK for PHP, Content Moderation SDK for Go, and Content Moderation SDK for .NET.

Procedure with the HMAC-SHA1 algorithm (default)

  1. Serialize request headers.
    Concatenate all the request headers that start with x-acs- to create a string based on the following rules:
    1. Extract all the HTTP headers that start with x-acs-.
    2. Sort the extracted HTTP headers in alphabetical order.
    3. Write each HTTP header in the format of "HTTP header name" + ":" + "HTTP header value" + "\n".
  2. Serialize the URI and query parameters.
    Concatenate the URI and clientInfo parameters in the uri + "?clientInfo =" + "JSON string of ClientInfo" format.
    Note In this step, URL encoding is not required.
  3. Create a string-to-sign.
    Use the following syntax:
    "POST\napplication/json\n" + 
"Value of the Content-MD5 header" + "\n" + 
"application/json" + "\n" + 
"Value of the Date header" + "\n" + 
"Serialized request header" + "\n" 
"Serialized URI and query parameters"
    The following example shows a complete string-to-sign that can be used to call a synchronous operation for image moderation:
    POST
application/json
C+5Y0crpO4sYgC2DNjycug==
application/json
Tue, 14 Mar 2017 06:29:50 GMT
x-acs-signature-method:HMAC-SHA1
x-acs-signature-nonce:339497c2-d91f-4c17-a0a3-1192ee9e2202
x-acs-signature-version:1.0
x-acs-version:2018-05-09
/green/image/scan?clientInfo={"ip":"127.xxx.xxx.2","userId":"12023xxxx","userNick":"Mike","userType":"others"}
  4. Generate the signature string.
    1. Use the HMAC-SHA1 algorithm to calculate the HMAC value of the string-to-sign that is created in Step 3. The AccessKey secret is used as the key for the HMAC calculation. The HMAC value is an array of bytes.
      Note In this step, do not perform other operations on the HMAC value.
    2. Encode the HMAC value in Base64 to obtain the signature string.
    3. Set the value of signature to the obtained signature string in the Authorization header. The value of the Authorization header follows the syntax: "acs" + " " + AccessKeyId + ":" + signature.
      Note In the preceding syntax, a space is added between acs and AccessKeyId.

Procedure with the HMAC-SM3 algorithm

  1. Serialize request headers.
    Concatenate all the request headers that start with x-acs- to create a string based on the following rules:
    1. Extract all the HTTP headers that start with x-acs-.
    2. Sort the extracted HTTP headers in alphabetical order.
    3. Write each HTTP header in the format of "HTTP header name" + ":" + "HTTP header value" + "\n".
  2. Serialize the URI and query parameters.
    Concatenate the URI and clientInfo parameters in the uri + "?clientInfo =" + "JSON string of ClientInfo" format.
    Note In this step, URL encoding is not required.
  3. Create a string-to-sign.
    Use the following syntax:
    "POST" + "\n" +
"application/json" + "\n" +
"Value of the Date header" + "\n" +
"Serialized request header" + "\n"
"Serialized URI and query parameters"
    The following example shows a complete string-to-sign that can be used to call a synchronous operation for image moderation:
    POST
application/json

application/json
Wed, 29 Mar 2023 01:44:08 GMT
x-acs-content-sm3:690c6c542ac53eaa1e2ad724f34d60e689d11db88a2d89469be1fdb2f20fc35c
x-acs-signature-method:HMAC-SM3
x-acs-signature-nonce:339497c2-d91f-4c17-a0a3-1192ee9e2202
x-acs-signature-version:1.0
x-acs-version:2018-05-09
/green/image/scan?clientInfo={"ip":"127.xxx.xxx.2","userId":"12023xxxx","userNick":"Mike","userType":"others"}
  4. Generate the signature string.
    1. Use the HMAC-SM3 algorithm to calculate the HMAC value of the string-to-sign that is created in Step 3. The AccessKey secret is used as the key for the HMAC calculation. The HMAC value is an array of bytes.
      Note In this step, do not perform other operations on the HMAC value.
    2. Encode the HMAC value in Base64 to obtain the signature string.
    3. Set the value of signature to the obtained signature string in the Authorization header. The value of the Authorization header follows the syntax: "acs" + " " + AccessKeyId + ":" + signature.
      Note In the preceding syntax, a space is added between acs and AccessKeyId.