This topic explains how to request ACM services.
Domain name of the address servers
| Region | Domain name of the address server |
|---|---|
| Internet | acm.aliyun.com |
| China (Hangzhou) | addr-hz-internal.edas.aliyun.com |
| China (Qingdao) | addr-qd-internal.edas.aliyun.com |
| China (Shanghai) | addr-sh-internal.edas.aliyun.com |
| China (Beijing) | addr-bj-internal.edas.aliyun.com |
| China (Shenzhen) | addr-sz-internal.edas.aliyun.com |
| China (Hong Kong) | addr-hk-internal.edas.aliyuncs.com |
| Singapore | addr-singapore-internal.edas.aliyun.com |
| Australia (Sydney) | addr-ap-southeast-2-internal.edas.aliyun.com |
| US (Silicon Valley) | addr-us-west-1-internal.acm.aliyun.com |
| US (Virginia) | addr-us-east-1-internal.acm.aliyun.com |
| China (Shanghai) Financial Cloud | addr-cn-shanghai-finance-1-internal.edas.aliyun.com |
Get ACM server list
Retrieve the IP addresses of ACM server through Address Server, so that you can get configurations by sending requests to the server IP.
http://${Address_Server_Domain}:8080/diamond-server/diamondFor example:
curl http://acm.aliyun.com:8080/diamond-server/diamond
139.196.XXX.XXXCommunication protocols
Supports request communication using HTTP.
Request method
Allows sending HTTP GET or POST requests. In the HTTP GET request, the parameters must be included in the request URL.
Request parameters
Each request must contain the request parameters related to public authentication and signatures, as well as the specific operation-related parameters.
Character encoding
Both requests and returned results are encoded using the GBK character set.
Signature mechanism
The ACM service performs authentication on each access request. Therefore, each request being sent over HTTP protocol must contain signature information. By using the AccessKey and SecretKey, the ACM performs symmetric encryption to authenticate the request sender.
The accessKey and the secretKey are issued to the visitor by ACM. The accessKey is used for authenticating the visitor, and the secretKey is the key that encrypts the signature string and then validates it on the server. Only you and ACM know them, and they must remain strictly confidential.
Signature algorithm
The HMACSHA1 algorithm is used for signing. The following describes the examples of a Java and Shell signature algorithms.
- Example of a Java signature algorithm
public static void main(String[] args) throws Exception { String tenant= "tenant"; String group = "group"; String timeStamp = String.valueOf(System.currentTimeMillis()); String abc = HmacSHA1Encrypt(tenant+ "+" + group + "+" + timeStamp , "1234"); System.out.println(abc); } public static String HmacSHA1Encrypt(String encryptText, String encryptKey) throws Exception { byte[] data = encryptKey.getBytes("UTF-8"); // Construct a key based on the given byte array and specify the name of a key algorithm in the second parameter. SecretKey secretKey = new SecretKeySpec(data, "HmacSHA1"); // Generate a Mac object for the specified Mac algorithm Mac mac = Mac.getInstance("HmacSHA1"); // Initialize the Mac object with the given key mac.init(secretKey); byte[] text = encryptText.getBytes("UTF-8"); byte[] textFinal = mac.doFinal(text); // Complete the Mac operation and Base64 encoding. Convert the byte array to a string. return new String(Base64.encodeBase64(textFinal)); } - Shell signature algorithm
## config sign timestamp=`echo $[$(date +%s%N)/1000000]` signStr=$namespace+$group+$timestamp signContent=`echo -n $signStr | openssl dgst -hmac $sk -sha1 -binary | base64` echo $signContent
Signature procedure
- Use request parameters to construct a canonicalized query string (QueryParam).
- Follow the subsequent rules to construct the string for signature calculation using
the canonicalized query string constructed in the previous step.
Signature= HMAC-SHA1(QueryParam)Note The QueryParam varies with requests. - Use the preceding signature sting to calculate the signature’s HMAC value based on RFC2104 definitions. Note: The key used for signature calculation is the Access Key Secret held by the user (ASCII:38), and the hash algorithm used is SHA1.
- According to Base64 encoding rules, encode the preceding HMAC value, which gives you the signature value.
- Add the obtained signature value to the request parameters as the “Signature” parameter, which completes the request signing process.
Code examples
This is an example of constructing an ACM request with Shell.
#! /bin/bash
## config param
dataId="xxx"
group="xxx"
namespace="xxx"
accessKey="xxx"
secretKey="xxx"
endpoint="xxx"
## config param end
## get serverIp from address server
serverIp=`curl $endpoint:8080/diamond-server/diamond -s | awk '{a[NR]=$0}END{srand();i=int(rand()*NR+1);print a[i]}'`
## config sign
timestamp=`echo $[$(date +%s%N)/1000000]`
signStr=$namespace+$group+$timestamp
signContent=`echo -n $signStr | openssl dgst -hmac $secretKey -sha1 -binary | base64`
## request to get a config
curl -H "Spas-AccessKey:"$accessKey -H "timeStamp:"$timestamp -H "Spas-Signature:"$signContent "http://"$serverIp":8080/diamond-server/config.co?dataId="$dataId"&group="$group"&tenant="$namespace -v