edit-icon download-icon


Last Updated: Apr 16, 2018

Request structure

CEN APIs belong to the RPC type. You can call CEN APIs by sending HTTP requests.

The request structure is as follows:



  • Endpoint is the entry of the Alibaba Cloud service to call. The endpoint of CEN is cbn.aliyuncs.com.

  • Action is the action to perform. For example, use the DescribeCens action to query created CEN instances.

  • Parameters are request parameters separated by ampersands (&).

    Request parameters consist of common parameters and API specific parameters. Common parameters include VPI version, credentials and so on.

    The API version of CEN is 2017-09-12.

The following is an example using the DescribeCens API to query the created CEN instances:


To make it easy to read, the API request is displayed in the following format in the document:

  1. https://cbn.aliyuncs.com/?Action=DescribeCens
  2. &Format=xml
  3. &Version=2017-09-12
  4. &Signature=xxxx%xxxx%3D
  5. &SignatureMethod=HMAC-SHA1
  6. &SignatureNonce=15215528852396
  7. &SignatureVersion=1.0
  8. &AccessKeyId=key-test
  9. &Timestamp=2012-06-01T12:00:00Z

API authorization

For the security of your account, we recommend that you use a RAM user to call APIs. Before using a RAM user to call an API, you must grant the RAM user the corresponding permission to call the API by creating an authorization policy and attaching the policy to the RAM user.

For more information, see RAM authentication.

API signature

To ensure the security of your API, you must sign the API request. Alibaba Cloud uses the signature in the request to verify the identity of the person who calls the API.

Each time you manually call an API, you must use the AccessKey secret to calculate the HMAC value of the encoded and sorted request string as defined RFC 2104. The calculated HMAC value is the value of the signature parameter in the request.

Note: Alibaba Cloud provides multiple SDKs and third-party SDKs to make the manual signature process more efficient.

Add the signature to the API request in the following format:


Take the DescribeCens as an example. If the AccessKey ID is testid, and the AccessKey Secret is testsecret, and the original request URL is as follows:


Follow these steps to calculate the signature:

  1. Use the request parameters to create a canonicalized query string to sign.

    The constructed string to sign is as follows:

    1. GET&%2F&AccessKeyId%3Dtestid&Action%3DDescribeCens&Format%3DXML&SignatureMethod%3DHMAC-SHA1&SignatureNonce%3D3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&SignatureVersion%3D1.0&Timestamp%3D2016-02-23T12%253A46%253A24Z&Version%3D2014-05-26
  2. Calculate the HMAC value of the string to sign.

    Append an ampersand to the AccessKey secret as the key to calculate the HMAC value. In this example, the key is testsecret&.

    The calculated signature in this example is as follows:


  3. Add the signature to the request URL.

    The final request URL is as follows:

    http://cbn.aliyuncs.com/?Action=DescribeCens &SignatureVersion=1.0 SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf &Version=2014-05-26 &AccessKeyId=testid &Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D &SignatureMethod=HMAC-SHA1&Timestamp=2016-02-23T12%3A46%3A24Z &Format=XML&

Thank you! We've received your feedback.