All Products
Search

This Product

    ApsaraMQ for RabbitMQ:CreateAccount

    Document Center

    ApsaraMQ for RabbitMQ:CreateAccount

    Last Updated:Nov 02, 2023

    Creates a pair of static username and password.

    Background information

    If you access an ApsaraMQ for RabbitMQ broker from an open source RabbitMQ client, you must use a pair of username and password for authentication. You can access the ApsaraMQ for RabbitMQ broker only after the authentication is passed.

    ApsaraMQ for RabbitMQ allows you to generate usernames and passwords by using AccessKey pairs provided by Alibaba Cloud Resource Access Management (RAM).

    Usage notes

    • The ApsaraMQ for RabbitMQ instance for which you want to create a pair of static username and password must be in the Running state.
    • You can use an AccessKey pair to create only one pair of static username and password for an ApsaraMQ for RabbitMQ instance.
    • If you want to update an existing pair of static username and password, you must delete the existing pair and create another pair.

    Sample code on how to generate a username

    The value of the userName parameter in the request is a Base64-encoded string that is generated by using the instance ID and AccessKey ID. The following sample code provides an example on how to generate a username:

        public class Base64Utils {
         public static final Charset UTF8 = Charset.forName("UTF-8");
         /**
         * Decode the Base64 string.
         * @param str
         * @return
         */
         public static String decode(String str) {
              return new String(Base64.getDecoder().decode(str.getBytes(UTF8)), UTF8);
         }
         /**
         * Encode the instance ID and AccessKey ID into a Base64 string.
         * @param bytes = "2" + ":" + "{instanceId}" + ":" + "{ak}"
         * @return
         */
         public static String encode(String bytes) {
              return new String(Base64.getEncoder().encode(bytes.getBytes(UTF8)), UTF8);
          }
         public static void main(String[] args) {
              String example = "this is a example";
              System.out.println(encode(example));
              System.out.println(decode(encode(example)));
        }
    }

    Sample code on how to generate a signature

    The system uses the encryption algorithm to generate the values of the signature and secretSign parameters in the request based on the timestamp that indicates when the specified static username is created and the AccessKey ID. The following sample code provides an example on how to generate the values of the signature and secretSign parameters:

    public static String hamcsha1(byte[] data, byte[] key) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec signingKey = new SecretKeySpec(key, "HmacSHA1");
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(signingKey);
        return byte2hex(mac.doFinal(data));
    }
    public static String byte2hex(byte[] b) {
        StringBuilder hs = new StringBuilder();
        String stmp;
        for (int n = 0; b != null && n < b.length; n++) {
            stmp = Integer.toHexString(b[n] & 0XFF);
            if (stmp.length() == 1) {
                hs.append('0');
            }
            hs.append(stmp);
       } 
       return hs.toString().toUpperCase();
    }
     // If value1 is the timestamp that indicates when the static username is created and value2 is the AccessKey ID, the value of the secretSign parameter is generated. If value1 is the AccessKey ID, value2 is the timestamp that indicates when the static username is created, the value of the signature parameter is generated. 
     public static void main(String[] args) throws InvalidKeyException, NoSuchAlgorithmException {
         String value1 = "XXX";
         String value2 = "XXX";
         System.out.println(hamcsha1(value1.getBytes(), value2.getBytes()));
     }

    Request parameters

    Parameter

    Type

    Required

    Example

    Description
    Action String Yes CreateAccount

    The operation that you want to perform. Set this parameter to CreateAccount.

    instanceId String Yes amqp-cn-*********

    The ID of the instance for which you want to create a pair of static username and password.

    accountAccessKey String Yes LTAI5t8be*******tEJ6vfo

    The AccessKey ID of your Alibaba Cloud account or RAM user. For information about how to obtain an AccessKey pair, see Create an AccessKey pair.

    Note If you use a pair of static username and password that is created by using the AccessKey pair of a RAM user to access ApsaraMQ for RabbitMQ to send and receive messages, make sure that the required permissions are granted to the RAM user. For more information, see RAM policies.
    userName String Yes LTAI5***********eRZtEJ6vfo

    The static username that you want to create.

    The value of this parameter is a Base64-encoded string that is generated based on the instance ID and AccessKey ID. For more information, see the "Sample code on how to generate a username" section of this topic.

    signature String Yes 22c2d7d1769cb53c5a6d9213248e2de524******

    The signature. The system generates the static password based on the signature in the request, the AccessKey secret signature, and the username.

    The system uses the HMAC-SHA1 algorithm to generate the signature based on the timestamp that indicates when the username is created and the AccessKey ID. For more information, see the "Sample code on how to generate a signature" section of this topic.

    createTimestamp Long Yes 1671175303522

    The timestamp that indicates when the password is created. Unit: milliseconds.

    Note This timestamp is specified by you and is used to generate a static password. This is not the timestamp that indicates when the system generates the password.
    secretSign String Yes 4c1a6367ce4c4255e9617326f9133ac635******

    The AccessKey secret signature. The system generates a static password based on the signature in the request, the AccessKey secret signature, and the username.

    The system uses the HMAC-SHA1 algorithm to generate the AccessKey secret signature based on the timestamp that indicates when the username is created and the AccessKey ID. For more information, see the "Sample code on how to generate a signature" section of this topic.

    Response parameters

    Parameter

    Type

    Example

    Description
    RequestId String FEBA5E0C-50D0-4FA6-A794-4901E5465***

    The request ID.

    Code Integer 200

    The HTTP status code. The status code 200 indicates that the request was successful.

    Message String operation success

    The returned message.

    Success Boolean true

    Indicates whether the request was successful.

    Data Object

    The returned data.

    AccessKey String LTAI5***********eRZtEJ6vfo

    The AccessKey ID that is used to create the password.

    Password String OUYwQzM2QjZBRkUxNDRFM***************MzZCNzdDQzoxNjcxNDMwMzkyODI1

    The created static password.

    CreateTimeStamp Long 1671175303522

    The timestamp that indicates when the password was created. Unit: milliseconds.

    InstanceId String amqp-cn-*********

    The ID of the ApsaraMQ for RabbitMQ instance.

    MasterUId Long 1565*******973901

    The Alibaba Cloud account ID or RAM user to which the AccessKey pair that is used to create the pair of static username and password belongs.

    UserName String MjphbXFwLWNuLXVxbTJ6cjc2djAwMzpMVEFJNX*******ZNMWVSWnRFSjZ2Zm8=

    The created static username.

    Examples

    Sample requests

    http(s)://[Endpoint]/?Action=CreateAccount
&instanceId=amqp-cn-*********
&accountAccessKey=LTAI5t8be*******tEJ6vfo
&userName=LTAI5***********eRZtEJ6vfo
&signature=22c2d7d1769cb53c5a6d9213248e2de524******
&createTimestamp=1671175303522
&secretSign=4c1a6367ce4c4255e9617326f9133ac635******
&Common request parameters

    Sample success responses

    XML format

    HTTP/1.1 200 OK
Content-Type:application/xml

<CreateAccountResponse>
    <RequestId>FEBA5E0C-50D0-4FA6-A794-4901E5465***</RequestId>
    <Code>200</Code>
    <Message>operation success</Message>
    <Success>true</Success>
    <Data>
        <AccessKey>LTAI5***********eRZtEJ6vfo</AccessKey>
        <Password>OUYwQzM2QjZBRkUxNDRFM***************MzZCNzdDQzoxNjcxNDMwMzkyODI1</Password>
        <CreateTimeStamp>1671175303522</CreateTimeStamp>
        <InstanceId>amqp-cn-*********</InstanceId>
        <UserName>MjphbXFwLWNuLXVxbTJ6cjc2djAwMzpMVEFJNX*******ZNMWVSWnRFSjZ2Zm8=</UserName>
    </Data>
</CreateAccountResponse>

    JSON format

    HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "FEBA5E0C-50D0-4FA6-A794-4901E5465***",
  "Code" : 200,
  "Message" : "operation success",
  "Success" : true,
  "Data" : {
    "AccessKey" : "LTAI5***********eRZtEJ6vfo",
    "Password" : "OUYwQzM2QjZBRkUxNDRFM***************MzZCNzdDQzoxNjcxNDMwMzkyODI1",
    "CreateTimeStamp" : 1671175303522,
    "InstanceId" : "amqp-cn-*********",
    "UserName" : "MjphbXFwLWNuLXVxbTJ6cjc2djAwMzpMVEFJNX*******ZNMWVSWnRFSjZ2Zm8="
  }
}

    Error codes

    For a list of error codes, see Service error codes.

    Console operations

    You can also create a pair of static username and password in the ApsaraMQ for RabbitMQ console. For more information, see Manage static usernames and passwords.