Signing API requests.

  1. Prepares the access secret key for the available Alibaba Cloud.

    The API Request to generate a signature that requires a pair of access secret keys (AccessKeyId/AccessKeySecret ). You can use an existing AccessKey pair or create a new one. The AccessKey pair must be in the "Active" state.

  2. Generate the request's signature string.

    The API signature string is used by the method, header, and body in the HTTP request. The information is generated together.

    SignString = VERB + "\n"
                 + CONTENT-MD5 + "\n"
                 + CONTENT-TYPE + "\n"
                 + DATE + "\n"
                 + CanonicalizedHeaders + "\n"
                 + CanonicalizedResource

    \n from the formula above Represents a wrap escape character, + (plus sign) means a string connection operation, and other sections are defined as follows.

    Name Defining Example
    VERB Method Name for HTTP Request PUT, GET, POST, etc.
    CONTENT-MD5 The MD5 value of the body section in the HTTP request (must be an upper-case string) 875264590688CA6171F6228AF5BBB3D2
    CONTENT-TYPE HTTP The type of body section in the request: application/json
    DATE Standard timestamp header in an HTTP request (following the RFC 1123 format, using the GMT Standard Time) Mon, 3 Jan 2010 08:33:47 GMT
    CanonicalizedHeaders A string constructed by a custom header prefixed with X-CMS and X-ACS in an HTTP request x-cms-api-version:0.1.0\nx-cms-signature
    CanonicalizedResource A string constructed by an HTTP request Resource (specific construction method to meet in detail) /event/custom/upload
    The "CanonicalizedSLSHeaders" construction method is as follows:
    1. All HTTP prefixed with x-cms and x-acs The name of the request header is converted to lower case letters.
    2. All SLS custom request headers obtained in the previous step are sorted alphabetically in ascending order.
    3. Any space separators at either end of the request headers and content are deleted.
    4. Separate all the headers and content using the \n separator to form the final CanonicalizedLOGHeader.

    The CanonicalizedResource construction method is as follows:

    1. Set CanonicalizedResource to an empty string ("").
    2. Put the URI you want to access, such as/event/custom/upload
    3. If the request contains a query string (QUERY_STRING), then add "?" and the query string String tail add at the end of the CanonicalizedResource string.

      WhereQUERY_STRING  is The string in the URL where the request parameters are sorted in classical order, where the parameter names and values are used = The string is formed, and the parameter name-value pair is sorted in ascending order, and then & The symbolic connection constitutes a string. This formula is illustrated below:

      QUERY_STRING = "KEY1=VALUE1" + "&" + "KEY2=VALUE2"
  3. Generate the request's digital signature
    Currently, event reporting only supports one digital signature algorithm, that is, the default signature algorithm. hmac-sha1。 The entire signature formula is as follows:
    Signature = base16(hmac-sha1(UTF8-Encoding-Of(SignString),AccessKeySecret))