All Products
Document Center

OpenAPI Explorer:Custom encapsulation

Last Updated:Oct 27, 2023

This topic describes how to encapsulate custom APIs.

Usage notes


Before describing the details about the custom encapsulation of HTTP requests, we recommend that you prioritize the use of Alibaba Cloud SDKs for calling API operations.

Scenarios where custom encapsulation is required

If the existing methods for API calls cannot meet your business requirements, you need to encapsulate custom APIs.


Step 1: Check the API style of the cloud product that you use

APIs of different styles encapsulate HTTP requests using different methods. See the API documentation of Alibaba Cloud products to check whether the style is Remote Procedure Call (RPC) or Resource-Oriented Architecture (ROA). For more information, see API styles.

Step 2: Assemble the request parameters

APIs of different styles assemble parameters using different methods. For more information, see RPC mechanism and ROA mechanism.

Step 3: Sign the request

Reasons for signing HTTP requests

Signing HTTP requests is to protect the cloud service from malicious requests and intercept invalid requests in advance. The signing is implemented by adding specific information to the request, such as keys, timestamps, and random numbers.

The following purposes can be achieved by signing HTTP requests:

  1. Prevent request forgery: The signature can help the API gateway identify whether the request comes from a legitimate client. This can prevent invalid requests from entering the system.

  2. Prevent replay attacks: The signature contains information such as timestamps and random numbers. They can avoid requests from being replayed and ensure that each request is only executed once.

  3. Prevent request tampering: The signature contains credential information, which can ensure that the request has not been tampered with or forged during transmission.

  4. Support auditing: The signature can record the source information and timestamp of the request. This way, service providers can audit and track the system.

APIs of different styles are signed using different methods. For more information, see RPC mechanism and ROA mechanism.

Step 4: Process the returned data

If you already know the return value, you can convert the returned data into a pre-defined object. Otherwise, you can only perform generic processing.

Step 5: Capture exceptions

Due to issues in network anomaly or parameter passing, request exceptions may occur. In this scenario, you need to capture exceptions.

Sample code for encapsulation

RPC style for Java

ROA style for Java

RPC style for PHP

ROA style for PHP

RPC style for Python

ROA style for Python

RPC style for Go

ROA style for Go

RPC style for Node.js

ROA style for Node.js

RPC style for .NET

ROA style for .NET