edit-icon download-icon

Prerequisites

Last Updated: May 07, 2018

Request structure

This section describes how to request the ACM service.

Address Server

Address Server Domain

Region Address Server Domain
Public network (test) acm.aliyun.com
East China 1 (Hangzhou) addr-hz-internal.edas.aliyun.com
North China 1 (Qingdao) addr-qd-internal.edas.aliyun.com
East China 2 (Shanghai) addr-sh-internal.edas.aliyun.com
North China 2 (Beijing) addr-bj-internal.edas.aliyun.com
South China 1 (Shenzhen) addr-sz-internal.edas.aliyun.com

Get ACM Server List

Retrieve the IP addresses of ACM server through Address Server,so that you can get configurations by sending requests to the server IP.

  1. http://${Address_Server_Domain}:8080/diamond-server/diamond

Example:

  1. curl http://acm.aliyun.com:8080/diamond-server/diamond
  2. 139.196.135.144

Communication protocol

Supports request communication using HTTP.

Request methods

Allows sending HTTP GET or POST requests. In the HTTP GET request, the parameters must be included in the request URL.

Request parameters

Each request must contain the common request parameters related to authentication and signatures, and specific request parameters of the specified operations.

Character encoding

Both requests and returned results are encoded using the GBK character set.

Signature mechanism

The ACM service performs authentication on each access request. Therefore, each request being sent over HTTP protocol must contain signature information. By using the AccessKey and SecretKey, the ACM performs symmetric encryption to verify the request sender.

The AccessKey and SecretKey are issued to visitors by ACM. The AccessKey indicates the identity of the visitor. The SecretKey is the key used to encrypt and verify the signature string on the server. It must be kept strictly confidential and only be known to the ACM and the user.

Signature algorithm

The HMACSHA1 algorithm is used to generate signatures. The following are examples of Java and Shell signature algorithms.

Example of a Java signature algorithm

  1. public static void main(String[] args) throws Exception {
  2. String tenant= "tenant";
  3. String group = "group";
  4. String timeStamp = String.valueOf(System.currentTimeMillis());
  5. String abc = HmacSHA1Encrypt(tenant+ "+" + group + "+" + timeStamp , "1234");
  6. System.out.println(abc);
  7. }
  8. public static String HmacSHA1Encrypt(String encryptText, String encryptKey) throws Exception {
  9. byte[] data = encryptKey.getBytes("UTF-8");
  10. // Construct a key based on the given byte array and specify the name of a key algorithm in the second parameter.
  11. SecretKey secretKey = new SecretKeySpec(data, "HmacSHA1");
  12. // Generate a Mac object for the specified Mac algorithm
  13. Mac mac = Mac.getInstance("HmacSHA1");
  14. // Initialize the Mac object with the given key
  15. mac.init(secretKey);
  16. byte[] text = encryptText.getBytes("UTF-8");
  17. byte[] textFinal = mac.doFinal(text);
  18. // Complete the Mac operation and Base64 encoding. Convert the byte array to a string.
  19. return new String(Base64.encodeBase64(textFinal));
  20. }

Shell signature algorithm

  1. ## config sign
  2. timestamp=`echo $[$(date +%s%N)/1000000]`
  3. signStr=$namespace+$group+$timestamp
  4. signContent=`echo -n $signStr | openssl dgst -hmac $sk -sha1 -binary | base64`
  5. echo $signContent

Signature procedure

  1. Use request parameters to construct a canonicalized query string (QueryParam).

  2. Follow the subsequent rules to construct the string for signature calculation using the canonicalized query string constructed in the previous step.

    1. Signature=
    2. HMAC-SHA1(QueryParam)

    QueryParam varies by different requests.

  3. As defined in RFC 2104, the preceding signature string is used to calculate the signature’s HMAC value.

    Note: The key used for signature calculation is the Access Key Secret held by the user (ASCII:38), and the hash algorithm used is SHA1.

  4. Encode the preceding HMAC value into a string based on Base64 encoding rules and you can get the signature value (Signature).

  5. Add this signature value to the request parameters as the Signature parameter to sign the request.

Example

Shell code example for ACM request.

  1. #!/bin/bash
  2. ## config param
  3. dataId="xxx"
  4. group="xxx"
  5. namespace="xxx"
  6. accessKey="xxx"
  7. secretKey="xxx"
  8. endpoint="xxx"
  9. ## config param end
  10. ## get serverIp from address server
  11. serverIp=`curl $endpoint:8080/diamond-server/diamond -s | awk '{a[NR]=$0}END{srand();i=int(rand()*NR+1);print a[i]}'`
  12. ## config sign
  13. timestamp=`echo $[$(date +%s%N)/1000000]`
  14. signStr=$namespace+$group+$timestamp
  15. signContent=`echo -n $signStr | openssl dgst -hmac $secretKey -sha1 -binary | base64`
  16. ## request to get a config
  17. curl -H "Spas-AccessKey:"$accessKey -H "timeStamp:"$timestamp -H "Spas-Signature:"$signContent "http://"$serverIp":8080/diamond-server/config.co?dataId="$dataId"&group="$group"&tenant="$namespace -v
Thank you! We've received your feedback.