When you call a WAF API, an HTTP GET request is sent to the WAF API end point. You must add the Web Application Firewall in the request based on the API operation description. After the call, the system returns a response.

The following Python Sample code demonstrates how to add common parameters and interface request parameters, how to use request parameters to construct a canonicalized query string, how to construct a StringToSign string, and how to obtain an OpenAPI server address. The system sends an HTTP request by using the Get method to obtain the response.

Download the Python Sample code

Note To use the following examples, you need to replace common request parameters and request parameters in request parameters examples.

Define common parameters

#! /usr/bin/env python
# -*- coding: utf-8 -*-
import hashlib
import urllib
import requests
import hmac
import random
import datetime
import sys

class OpenAPI(object):
    def __init__(self, signature_version='1.0', api_url=None, ak=None, sk=None, api_version=None):
        assert api_url is not None
        assert ak is not None
        assert sk is not None
        assert api_version is not None

        self.signature_once = 0
        self.signature_method = 'HMAC-SHA1'
        self.signature_version = signature_version
        self.api_version = api_version
        self.format = 'json'
        self.signature_method = 'HMAC-SHA1'
        self.api_url = api_url
        self.access_key = ak
        self.access_secret = sk

    def __gen_common_params(self, req_type, api_version, access_key, access_secret, http_params):
        while 1:
            rand_int = random.randint(10, 999999999)
            if rand_int! =self.signature_once:
                self.signature_once = rand_int
                break

        # Indicates whether the current step contains the AccessKey parameter.
        if access_key == None:
            return None

        http_params.append(('AccessKeyId', access_key))
        http_params.append(('Format', self.format))
        http_params.append(('Version', api_version))
        timestamp = datetime.datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")
        http_params.append(('Timestamp', timestamp))
        http_params.append(('SignatureMethod', self.signature_method))
        http_params.append(('SignatureVersion', self.signature_version))
        http_params.append(('SignatureNonce', str(self.signature_once)))
        # Signature
        http_params = self.sign(req_type, http_params, access_secret)
        return urllib.urlencode(http_params)

    def get(self, http_params=[], host=None, execute=True):
        data = self.__gen_common_params('GET', self.api_version, self.access_key, self.access_secret, http_params)
        api_url = self.api_url

        if data == None:
            url = "%s" % (api_url)
        else:
            url = "%s/? " % api_url + data
        print ("URL: %s"%url)
        if execute is False:
            return url
        ret = {}
        try:
            if host is not None:
                response = requests.get(url,headers={'Host':host}, verify=False)
            else:
                response = requests.get(url, verify=False)
            ret['code'] = response.status_code
            ret['data'] = response.text
        except Exception as e:
            ret['data'] = str(e)

        return ret

    def __get_data(self, http_params):
        params = self.__gen_common_params('POST', self.api_version, self.access_key, self.access_secret, http_params)
        if params == []:
            data = None
        else:
            data = params.replace("+", "%20")
            data = data.replace("*", "%2A")
            data = data.replace("%7E", "~")
        return data

    def post(self, http_params=[], out_fd=sys.stdout):
        data = self.__get_data(self.api_version, self.access_key, self.access_secret, http_params)
        api_url = self.api_url
        out_fd.write(u"[%s] --> (POST):%s\n%s\n" % (datetime.datetime.now(), api_url, data))
        ret = requests.post(api_url, data, verify=False)
        print (ret.text)
        return ret

    def sign(self, http_method, http_params, secret):
        list_params = sorted(http_params, key=lambda d: d[0])
        # print list_params
        url_encode_str = urllib.urlencode(list_params)
        # print url_encode_str
        url_encode_str = url_encode_str.replace("+", "%20")
        url_encode_str = url_encode_str.replace("*", "%2A")
        url_encode_str = url_encode_str.replace("%7E", "~")
        string_to_sign = http_method + "&%2F&" + urllib.quote(url_encode_str)
        # print string_to_sign
        hmac_key = str(secret + "&")
        sign_value = str(hmac.new(hmac_key, string_to_sign, hashlib.sha1).digest().encode('base64').rstrip())
        http_params.append(('Signature', sign_value))
        return http_params

Generate an API call request

Note The following code example is used to call the ModifyWafSwitch example: enable Web application protection through the API.
from open_api import OpenAPI

class Waf(OpenAPI):
    def __init__(self, api_url, ak, sk, api_version, instance_id, region):

        super(Waf, self).__init__(api_url=api_url, ak=ak, sk=sk, api_version=api_version)
        self.instance_id = instance_id
        self.region = region

    def ModifyWafSwitch(self,domain, instance_id=None, region='cn', service_on=1, execute=True):
        if instance_id is None:
            instance_id = self.instance_id
        if region is None:
            region = self.region

        params = [
            ('Action', 'ModifyWafSwitch'),
            ('InstanceId', instance_id),
            ('Domain', domain),
            ('Region',region),
            ('ServiceOn', service_on)
        ]

        print (params)

        return self.get(http_params=params,execute=execute)

if __name__ == "__main__":
    api_url = "https://wafopenapi.cn-hangzhou.aliyuncs.com"
    # Enter the accesskey ID of your account
    ak = ""
    # Enter the AccessKeyScecret information of your account.
    sk = ""
    # Enter the ID of your WAF instance. You can obtain the instance ID by calling the GetPayInfo operation.
    instance_id = ""
    # Enter the region information of your WAF instance.
    region = ""
    api_version = "2018-01-17"

    t = Waf(api_url=api_url, ak=ak, sk=sk, api_version=api_version, instance_id=instance_id, region=region)
    print (t.ModifyWafSwitch(domain="", service_on=1))

Send an HTTP GET request

You can use the preceding code to obtain an HTTP request and send the HTTP GET request to the WAF API endpoint.

Sample requests
https://wafopenapi.cn-hangzhou.aliyuncs.com/? Action=ModifyWafSwitch&Domain=www.aliyun.com&ServiceOn=1&Region=cn&InstanceId=waf_elasticity-cn-0xldbqtm005&TimeStamp=2018-08-23T12:46:24Z&Format=JSON&AccessKeyId=testid&SignatureMethod=HMAC-SHA1&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&Version=2018-01-17&SignatureVersion=1.0&Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D

Get response results

Finally, a response is received from the WAF API server.

Sample responses

{
 "RequestId":"D7861F61-5B61-46CE-A47C-6B19160D5EB0",
 "Result":{
    "Status":2,
    "WafTaskId":"aliyun.waf.20180712214032277.qmxI9a"
 }
}