All Products
Search

This Product

    OpenAPI Explorer:Custom encapsulation

    Document Center

    OpenAPI Explorer:Custom encapsulation

    Last Updated:Oct 27, 2023

    This topic describes how to encapsulate custom APIs.

    Usage notes

    Note

    Before describing the details about the custom encapsulation of HTTP requests, we recommend that you prioritize the use of Alibaba Cloud SDKs for calling API operations.

    Scenarios where custom encapsulation is required

    If the existing methods for API calls cannot meet your business requirements, you need to encapsulate custom APIs.

    Procedure

    Step 1: Check the API style of the cloud product that you use

    APIs of different styles encapsulate HTTP requests using different methods. See the API documentation of Alibaba Cloud products to check whether the style is Remote Procedure Call (RPC) or Resource-Oriented Architecture (ROA). For more information, see API styles.

    Step 2: Assemble the request parameters

    APIs of different styles assemble parameters using different methods. For more information, see RPC mechanism and ROA mechanism.

    Step 3: Sign the request

    Reasons for signing HTTP requests

    Signing HTTP requests is to protect the cloud service from malicious requests and intercept invalid requests in advance. The signing is implemented by adding specific information to the request, such as keys, timestamps, and random numbers.

    The following purposes can be achieved by signing HTTP requests:

    1. Prevent request forgery: The signature can help the API gateway identify whether the request comes from a legitimate client. This can prevent invalid requests from entering the system.

    2. Prevent replay attacks: The signature contains information such as timestamps and random numbers. They can avoid requests from being replayed and ensure that each request is only executed once.

    3. Prevent request tampering: The signature contains credential information, which can ensure that the request has not been tampered with or forged during transmission.

    4. Support auditing: The signature can record the source information and timestamp of the request. This way, service providers can audit and track the system.

    APIs of different styles are signed using different methods. For more information, see RPC mechanism and ROA mechanism.

    Step 4: Process the returned data

    If you already know the return value, you can convert the returned data into a pre-defined object. Otherwise, you can only perform generic processing.

    Step 5: Capture exceptions

    Due to issues in network anomaly or parameter passing, request exceptions may occur. In this scenario, you need to capture exceptions.

    Sample code for encapsulation

    RPC style for Java

    ROA style for Java

    RPC style for PHP

    ROA style for PHP

    RPC style for Python

    ROA style for Python

    RPC style for Go

    ROA style for Go

    RPC style for Node.js

    ROA style for Node.js

    RPC style for .NET

    ROA style for .NET