To send a Cloud Firewall API request, you must send an HTTP GET request to the Cloud Firewall endpoint. You must add the request parameters that correspond to the API operation being called. After you call the API, the system returns a response. The request and response are encoded in UTF-8.

Request syntax

Cloud Firewall API operations use the RPC protocol. You can call Cloud Firewall API operations by sending HTTP GET requests.

The request syntax is as follows:

https://Endpoint/?Action=xx&Parameters
where:
  • Endpoint: the endpoint of the Cloud Firewall API is cloudfw.cn-hangzhou.aliyuncs.com.
  • Action: the name of the operation being performed. For example, to add an access control policy, you must set the Action parameter to AddControlPolicy.
  • Version: the version of the Cloud Firewall API is 2017-12-07.
  • Parameters: the request parameters for the operation. Separate multiple parameters with ampersands (&).

    Request parameters include both common parameters and operation-specific parameters. Common request parameters include the API version number and authentication information. For more information about common request parameters, see Common parameters.

The following example demonstrates how to call the AddControlPolicy operation to add an access control policy:
Note The following code has been edited to ease reading.
http(s)://cloudfw.cn-hangzhou.aliyuncs.com/? Action=AddControlPolicy
&Format=xml
&Version=2017-12-07
&Signature=xxxx%xxxx%3D
&SignatureMethod=HMAC-SHA1
&SignatureNonce=15215528852396
&SignatureVersion=1.0
&AccessKeyId=key-test
&TimeStamp=2012-06-01T12:00:00Z
...

API signature

You must sign all API requests to ensure security. Cloud Firewall uses the request signature to verify the identity of the API caller.

Cloud Firewall implements symmetric encryption with an AccessKey pair to verify the identity of the request sender. An AccessKey pair is an identity credential issued to Alibaba Cloud accounts and RAM users that is similar to a logon username and password. An AccessKey pair consists of an AccessKey ID and an AccessKey secret. The AccessKey ID is used to verify the identity of the user, while the AccessKey secret is used to encrypt and verify the signature string. You must keep your AccessKey secret strictly confidential.

You must add the signature to the Cloud Firewall API request in the following format:
https://endpoint/?SignatureVersion=1.0&SignatureMethod=HMAC-SHA1&Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
Take AddControlPolicy as an example. If the AccessKey ID is testid and the AccessKey secret is testsecret, the original request URL is as follows:
https://cloudfw.cn-hangzhou.aliyuncs.com/?Action=AddControlPolicy
&TimeStamp=2016-02-23T12:46:24Z
&Format=XML
&AccessKeyId=testid
&SignatureMethod=HMAC-SHA1
&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
&Version=2017-12-07
&SignatureVersion=1.0
To calculate the signature, perform the following operations:
  1. Use the request parameters to create the string to be signed.
    GET&%2F&AccessKeyId%3Dtestid&Action%3DAddControlPolicy&Format%3DXML&SignatureMethod%3DHMAC-SHA1&SignatureNonce%3D3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&SignatureVersion%3D1.0&TimeStamp%3D2016-02-23T12%253A46%253A24Z&Version%3D2018-12-03
  2. Calculate the HMAC value of the string.
    Add an ampersand (&) to the end of the AccessKey secret. The result is used as the key to calculate the HMAC value. In this example, the key is testsecret&.
    CT9X0VtwR86fNWSnsc6v8YGOjuE=
  3. Add the signature to the request parameters.
    https://cloudfw.cn-hangzhou.aliyuncs.com/?Action=AddControlPolicy
    &TimeStamp=2016-02-23T12:46:24Z
    &Format=XML
    &AccessKeyId=testid
    &SignatureMethod=HMAC-SHA1
    &SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
    &Version=2017-12-07
    &SignatureVersion=1.0
    &Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D
Note Alibaba Cloud offers SDKs and third-party SDKs in multiple languages, helping you to calculate the signature. For more information about Alibaba Cloud SDKs, see Alibaba Cloud SDKs.