When an Anti-DDoS Pro API is called, an HTTP GET request is sent to the server address of the Anti-DDoS Pro API. You must add corresponding request parameters in the request according to the API description. After the calling, the system returns the handling result. The request and response results are encoded using the UTF-8 character set.

Request structure

Anti-DDoS Pro APIs are of RPC type. You can call Anti-DDoS Pro APIs by sending HTTP GET requests.

The request structure is as follows:
https://Endpoint/?Action=xx&Parameters
In the preceding structure:
  • Endpoint indicates the endpoint of Anti-DDoS Pro APIs is ddospro.cn-hangzhou.aliyuncs.com.
  • Action indicates the action to be performed. For example, call DescribeInstancePage to query all the Anti-DDoS Pro instances.
  • Version indicates the version of the API. The current Anti-DDoS Pro API version is 2017-07-25.
  • Parameters indicates the request parameters. Use “&” to separate multiple parameters.
  • Request parameters consist of common parameters and API specific parameters. Common parameters include such variables as VPI version and credentials. For more information, see Common parameters.
The following example uses the DescribeInstancePage API to query the created Anti-DDoS Pro instances.
Note For easier readability, the API request is displayed in the following format in this article.
https://ddospro.cn-hangzhou.aliyuncs.com/?Action=DescribeInstancePage
&Region=cn
&InstanceId=ddospro-cn-XXXX1
&Format=xml
&Version=2017-07-25
&Signature=xxxx%xxxx%3D
&SignatureMethod=HMAC-SHA1
&SignatureNonce=15215528852396
&SignatureVersion=1.0
&AccessKeyId=key-test
&TimeStamp=2012-06-01T12:00:00Z
…

API authorization

To maintain account security, we recommend that you use a RAM user to call APIs. Before using a RAM user to call an API, you must grant the RAM user the corresponding permission to call the API by creating an authorization policy and attaching the policy to the RAM user.

API signature

To guarantee the security of your API, you must sign the API request. Alibaba Cloud uses the signature in the request to verify the identity of the person who calls the API.

Anti-DDoS Pro uses AccessKey ID and AccessKey Secret for symmetrical encryption to verify the identity of the requester. AccessKey is an identity credential issued to Alibaba Cloud accounts and the RAM users (similar to a logon password). The AccessKey ID is used to verify the identity of the user, and the AccessKey Secret is used to encrypt the signature string and is also the key used by the server to verify the signature string. The AccessKey Secret must be kept strictly confidential.

For an RPC API, you must add the signature to the API request in the following format:
https://endpoint/?SignatureVersion=1.0&SignatureMethod=HMAC-SHA1&Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
Using the DescribeInstancePage API as an example, if the AccessKey ID is testid, and the AccessKey Secret is testsecret, the original request URL is as follows:
https://ddospro.cn-hangzhou.aliyuncs.com/?Action=DescribeInstancePage
&Region=cn
&InstanceId=ddospro-cn-XXXX1
&TimeStamp=2016-02-23T12:46:24Z
&Format=XML
&AccessKeyId=testid
&SignatureMethod=HMAC-SHA1
&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
&Version=2017-07-25
&SignatureVersion=1.0
To calculate the signature, follow these steps:
  1. Use the request parameters to create a canonicalized query string to sign.
    GET&%2F&AccessKeyId%3Dtestid&Action%3DDescribeDomainNames&Region%3Dcn&InstanceId%3Dwaf_elasticity-cn-0xldbqtm005&Format%3DXML&SignatureMethod%3DHMAC-SHA1&SignatureNonce%3D3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&SignatureVersion%3D1.0&TimeStamp%3D2016-02-23T12%253A46%253A24Z&Version%3D2018-01-17
    
  2. Calculate the HMAC value of the string to sign.
    Append an ampersand (&) to the AccessKey Secret and use the new string as the key to calculate the HMAC value. In this example, the key is testsecret&.
    CT9X0VtwR86fNWSnsc6v8YGOjuE=
    
  3. Add the signature to the request URL.
    https://ddospro.cn-hangzhou.aliyuncs.com/?Action=DescribeInstancePage
    &Region=cn
    &InstanceId=ddospro-cn-XXXX1
    &TimeStamp=2016-02-23T12:46:24Z
    &Format=XML
    &AccessKeyId=testid
    &SignatureMethod=HMAC-SHA1
    &SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
    &Version=2017-07-25
    &SignatureVersion=1.0
    &Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D