All Products
Search

This Product

    HTTPDNS:Signature method

    Document Center

    HTTPDNS:Signature method

    Last Updated:Feb 18, 2025

    The HTTPDNS service requires identity authentication for each request. Therefore, you must include the signature information in HTTP requests or HTTPS requests. This service implements symmetric encryption with an AccessKey pair to verify the identity of the request sender.

    AccessKey pairs are issued by Alibaba Cloud. You can visit the Alibaba Cloud International site (alibabacloud.com) to apply for and manage an AccessKey pair. The AccessKey ID is used to verify the identity of the user, whereas the AccessKey secret is used to encrypt and verify the signature string. You must keep your AccessKey secret strictly confidential.

    Perform the following steps to sign a request:

    1. Use the request parameters to construct a canonicalized query string. (a) Arrange the request parameters, including all common request parameters and operation-specific parameters except Signature, in alphabetical order based on the initial letters of parameter names.

      Note

      Parameter names are case-sensitive.

      When you use the GET method to submit a request, the request parameters are included as a part of the URI. The request parameters in the URI are between the question mark (?) and the ampersand (&). (b) Encode the name and value of each request parameter. Encode the names and values of all parameters in UTF-8 based on the following rules: i. Letters, digits, and special characters such as hyphens (-), underscores (_), periods (.), and tildes (~) are not encoded. ii. Other characters must be percent encoded in the %XY format. XY represents the ASCII code of the characters in hexadecimal notation. For example, the double quotation mark (") is encoded as %22. iii. Extended UTF-8 characters are encoded in the %XY%ZA… format. iv. Spaces must be encoded as %20. Do not encode spaces as plus signs (+). Note: Most libraries that support URL encoding, such as java.net.URLEncoder, are created based on the encoding rules of application/x-www-form-urlencoded. application/x-www-form-urlencoded is a subtype of Multipurpose Internet Mail Extensions (MIME). If you use java.net.URLEncoder, replace the plus signs (+) in the encoded strings with %20, the asterisks (*) with %2A, and %7E with a tilde (~). This way, you can obtain an encoded string that is created based on the preceding encoding rules. (c) Join the encoded name and value of each parameter by using an equal sign (=). (d) Specify the encoded parameters in alphabetical order based on the first letter of the name of each parameter and join the parameters by using ampersands (&) to create a canonicalized query string.

    2. Use the canonicalized query string to create a string-to-sign based on the following rules: StringToSign= HTTPMethod + "&" + percentEncode("/") + "&" + percentEncode(CanonicalizedQueryString) HTTPMethod specifies the HTTP method that is used to submit a request, such as GET. percentEncode("/") specifies the encoded value for the forward slash (/) based on the URL encoding rules that are described in Step 1.b. The value is %2F. percentEncode(CanonicalizedQueryString) specifies the canonicalized query string generated in Step 1. The encoding is performed based on the URL encoding rules that are described in Step 1.b.

    3. Calculate the hash-based message authentication code (HMAC) value of the string-to-sign based on the HMAC algorithm that is described in RFC 2104. Note: The key that can be used for signature calculation is the combination of your AccessKey secret and an ampersand (&) (ASCII 38). The hash algorithm Secure Hash Algorithm 1 (SHA1) is used.

    4. Encode the HMAC value in Base64 to obtain the signature string.

    5. Add the signature string to the request as the Signature parameter. This way, the API request is signed.

    The following example shows the URL of the request that specifies the DescribeDomains operation before the request is signed.

    http://httpdns-api.aliyuncs.com/?Format=XML&AccessKeyId=testid&Action=DescribeDomains&AccountId=100000&SignatureMethod=HMAC-SHA1&RegionId=cn-hangzhou&SignatureNonce=1d1620f8-0b3e-464c-9967-7b54a867945b&SignatureVersion=1.0&Version=2016-02-01&Timestamp=2016-03-29T03%3A33%3A18Z

    The following string is the string-to-sign.

    GET&%2F&AccessKeyId%3Dtestid%26AccountId%3D100000%26Action%3DDescribeDomains%26Format%3DXML%26RegionId%3Dcn-hangzhou%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3D1d1620f8-0b3e-464c-9967-7b54a867945b%26SignatureVersion%3D1.0%26Timestamp%3D2016-03-29T03%253A33%253A18Z%26Version%3D2016-02-01

    In this example, the AccessKey ID is testid, the AccessKey secret is testsecret, and the key used for HMAC calculation is testsecret&. The following signature string is obtained:

    fHjifLgCEFdF3VMsNW5PCLa1Ds8=

    The following URL is used as the signed request URL after the signature is added to the request as the Signature parameter:

    http://httpdns-api.aliyuncs.com/?Format=XML&AccessKeyId=testid&Action=DescribeDomains&AccountId=100000&SignatureMethod=HMAC-SHA1&RegionId=cn-hangzhou&SignatureNonce=1d1620f8-0b3e-464c-9967-7b54a867945b&SignatureVersion=1.0&Version=2016-02-01&Signature=fHjifLgCEFdF3VMsNW5PCLa1Ds8%3D&Timestamp=2016-03-29T03%3A33%3A18Z