This topic lists the common request and response headers used in API operations of Web+.

Common request headers

Common request parameters are request parameters that you must use when you call each API operation.

Parameter Example Required? Description
Authorization acs <yourAccessKeyId>:<yourSignature> Yes The authentication information used to check the authenticity of a request. Format: AccessKeyId:Signature.
Content-Length 0 Yes The length of the HTTP request body defined in RFC 2616.
Content-Type application/json Yes The type of the HTTP request body defined in RFC 2616.
Content-MD5 0e30656xxxxxxxxx0bc6f70bbdfe Yes The 128-bit MD5 hash value of the request body represented as a Base64 string. We recommend that you set this parameter to prevent requests from being tampered with.
Date Fri, 16 Aug 2019 11:18:47 GMT Yes The timestamp when a request was sent. Currently, only GMT format is supported. If the difference between the timestamp when the request was sent and the timestamp when the request was received exceeds 15 minutes, the request is deemed invalid.
Host Yes The endpoint of Web+, for example,
Accept application/json Yes The return value type required by the client. Valid values: application/json and application/xml.
x-acs-version 1.0 Yes The API version. The current version is 2019-03-20.
x-acs-region-id cn-hangzhou Yes The ID of the region.
x-acs-signature-nonce f63659d4-10ac-483b-99da-ea8fde61eae3 Yes A unique number that is randomly generated to prevent network replay attacks. A different random number is required for each request.
x-acs-signature-method HMAC-SHA1 Yes The signature algorithm. Currently, only HMAC-SHA1 is supported.


GET /pop/v1/wam/appEnv HTTP/1.1
Accept: application/json
UserAgent : Apache-HttpClient/4.5.7 (Java/1.8.0_152)
x-acs-signature-nonce: f63659d4-10ac-483b-99da-ea8fde61eae3
Authorization: acs <yourAccessKeyId>:<yourSignature>
x-acs-signature-version: 1.0
Date: Fri, 16 Aug 2019 11:18:47 GMT
x-acs-signature-method: HMAC-SHA1
Content-Type: application/json;charset=utf-8
X-Acs-Region-Id: cn-hangzhou
Content-Length: 0

Common response headers

The system returns a unique identifier (specified by RequestId) each time you send a request to call an API, whether the call is successful or not. API responses use a unified format. If status code 2xx is returned, the API call is successful. If status code 4xx or 5xx is returned, the API call has failed.

XML example:

<? xml version="1.0" encoding="UTF-8"? >
<!--Result root node-->
<API operation name + response>
 | <!--Request ID-->
 | <RequestId>4C467B38-3910-447D-87BC-AC049166F216</RequestId>
 | <!--Result data-->
</API operation name + response>

JSON example:

    "RequestId": "4C467B38-3910-447D-87BC-AC049166F216"
    /* Result data */