Signing API requests.
- Prepares the access secret key for the available Alibaba Cloud.
The API Request to generate a signature that requires a pair of access secret keys (AccessKeyId/AccessKeySecret ). You can use an existing AccessKey pair or create a new one. The AccessKey pair must be in the "Active" state.
- Generate the request's signature string.
The API signature string is used by the method, header, and body in the HTTP request. The information is generated together.
SignString = VERB + "\n" + CONTENT-MD5 + "\n" + CONTENT-TYPE + "\n" + DATE + "\n" + CanonicalizedHeaders + "\n" + CanonicalizedResource
\nfrom the formula above Represents a wrap escape character,
+(plus sign) means a string connection operation, and other sections are defined as follows.
Name Defining Example VERB Method Name for HTTP Request PUT, GET, POST, etc. CONTENT-MD5 The MD5 value of the body section in the HTTP request (must be an upper-case string) 875264590688CA6171F6228AF5BBB3D2 CONTENT-TYPE HTTP The type of body section in the request: application/json DATE Standard timestamp header in an HTTP request (following the RFC 1123 format, using the GMT Standard Time) Mon, 3 Jan 2010 08:33:47 GMT CanonicalizedHeaders A string constructed by a custom header prefixed with X-CMS and X-ACS in an HTTP request x-cms-api-version:0.1.0\nx-cms-signature CanonicalizedResource A string constructed by an HTTP request Resource (specific construction method to meet in detail) /event/custom/uploadThe "CanonicalizedSLSHeaders" construction method is as follows:
- All HTTP prefixed with
x-acsThe name of the request header is converted to lower case letters.
- All SLS custom request headers obtained in the previous step are sorted alphabetically in ascending order.
- Any space separators at either end of the request headers and content are deleted.
- Separate all the headers and content using the
\nseparator to form the final CanonicalizedLOGHeader.
The CanonicalizedResource construction method is as follows:
- Set CanonicalizedResource to an empty string ("").
- Put the URI you want to access, such as
- If the request contains a query string (
QUERY_STRING), then add "?" and the query string String tail add
？at the end of the CanonicalizedResource string.
QUERY_STRINGis The string in the URL where the request parameters are sorted in classical order, where the parameter names and values are used
=The string is formed, and the parameter name-value pair is sorted in ascending order, and then
&The symbolic connection constitutes a string. This formula is illustrated below:
QUERY_STRING = "KEY1=VALUE1" + "&" + "KEY2=VALUE2"
- All HTTP prefixed with
- Generate the request's digital signature
Currently, event reporting only supports one digital signature algorithm, that is, the default signature algorithm. hmac-sha1。 The entire signature formula is as follows:
Signature = base16(hmac-sha1(UTF8-Encoding-Of(SignString)，AccessKeySecret))