This topic describes how to encapsulate custom APIs.
Before describing the details about the custom encapsulation of HTTP requests, we recommend that you prioritize the use of Alibaba Cloud SDKs for calling API operations.
Scenarios where custom encapsulation is required
If the existing methods for API calls cannot meet your business requirements, you need to encapsulate custom APIs.
Step 1: Check the API style of the cloud product that you use
APIs of different styles encapsulate HTTP requests using different methods. See the API documentation of Alibaba Cloud products to check whether the style is Remote Procedure Call (RPC) or Resource-Oriented Architecture (ROA). For more information, see API styles.
Step 2: Assemble the request parameters
Step 3: Sign the request
Reasons for signing HTTP requests
Signing HTTP requests is to protect the cloud service from malicious requests and intercept invalid requests in advance. The signing is implemented by adding specific information to the request, such as keys, timestamps, and random numbers.
The following purposes can be achieved by signing HTTP requests:
Prevent request forgery: The signature can help the API gateway identify whether the request comes from a legitimate client. This can prevent invalid requests from entering the system.
Prevent replay attacks: The signature contains information such as timestamps and random numbers. They can avoid requests from being replayed and ensure that each request is only executed once.
Prevent request tampering: The signature contains credential information, which can ensure that the request has not been tampered with or forged during transmission.
Support auditing: The signature can record the source information and timestamp of the request. This way, service providers can audit and track the system.
Step 4: Process the returned data
If you already know the return value, you can convert the returned data into a pre-defined object. Otherwise, you can only perform generic processing.
Step 5: Capture exceptions
Due to issues in network anomaly or parameter passing, request exceptions may occur. In this scenario, you need to capture exceptions.