To send a Cloud Enterprise Network (CEN) API request, you must send an HTTP GET request to the CEN endpoint. You must add the request parameters that correspond to the API operation being called. After you call the API, the system returns a response. The request and response are encoded in UTF-8.

Request syntax

CEN API operations use the RPC protocol. You can call CEN API operations by sending HTTP requests.

The request syntax is as follows:

http://Endpoint/?Action=xx&Parameters
where:
  • Endpoint: the endpoint of the CEN API is cbn.aliyuncs.com.
  • Action: the name of the operation being performed. For example, to query the CEN instances that you created, you must set the Action parameter to DescribeCens.
  • Version: the version of the API to be called. The current CEN API version is 2017-09-12.
  • Parameters: the request parameters for the operation. Separate multiple parameters with ampersands (&).

    Request parameters include both common parameters and operation-specific parameters. Common parameters specify the API version number and authentication information.

The following example demonstrates how to call the DescribeCens operation in CEN.
Note The sample request is formatted to improve the readability.
https://cbn.aliyuncs.com/?Action=DescribeCens
&Format=xml
&Version=2017-09-12
&Signature=xxxx%xxxx%3D
&SignatureMethod=HMAC-SHA1
&SignatureNonce=15215528852396
&SignatureVersion=1.0
&AccessKeyId=key-test
&Timestamp=2012-06-01T12:00:00Z
...

API authorization

To ensure the security of your account, we recommend that you call API operations as a Resource Access Management (RAM) user. To call API operations as a RAM user, you must create and attach a policy to the RAM user.

For more information, see RAM authentication.

Signature

You must sign all API requests to ensure security. Alibaba Cloud uses the request signature to verify the identity of the API caller.

CEN implements symmetric encryption with an AccessKey pair to verify the identity of the request sender. An AccessKey pair is an identity credential issued to Alibaba Cloud accounts and RAM users that is similar to a logon username and password. An AccessKey pair consists of an AccessKey ID and an AccessKey secret. The AccessKey ID is used to verify the identity of the user, while the AccessKey secret is used to encrypt and verify the signature string. You must keep your AccessKey secret strictly confidential.

You must add the signature to the CEN API request in the following format:

https://endpoint/?SignatureVersion=1.0&SignatureMethod=HMAC-SHA1&Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf

The following example demonstrates how to sign a request sent to DescribeVpcs. Assume that the AccessKey ID is testid and the AccessKey secret is testsecret. The original request URL is:

http://cbn.aliyuncs.com/?Action=DescribeCens
&Timestamp=2016-02-23T12:46:24Z
&Format=XML
&AccessKeyId=testid
&SignatureMethod=HMAC-SHA1
&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
&Version=2017-09-12
Perform the following operations to calculate the signature:
  1. Use the request parameters to create a string-to-sign.
    GET&%2F&AccessKeyId%3Dtestid&Action%3DDescribeCens&Format%3DXML&SignatureMethod%3DHMAC-SHA1&SignatureNonce%3D3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&SignatureVersion%3D1.0&TimeStamp%3D2016-02-23T12%253A46%253A24Z&Version%3D2014-05-15
  2. Calculate the HMAC value of the string-to-sign.

    Append an ampersand (&) to the AccessKey secret as the key for calculating the HMAC value. In this example, the key is testsecret&.

    CT9X0VtwR86fNWSnsc6v****juE=
  3. Add the signature string to the request.
    http:/cbn.aliyuncs.com/?Action=DescribeCens
    &Timestamp=2016-02-23T12:46:24Z
    &Format=XML
    &AccessKeyId=testid
    &SignatureMethod=HMAC-SHA1
    &SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
    &Version=2017-09-12
    &SignatureVersion=1.0
    &Signature=CT9X0VtwR86fNWSnsc6v****juE%3D