This topic describes how to call API operations.
As a developer, you need to pay attention to the following information when you call API operations:
Whether logon is required
Whether authorization is required
It is the same with Alibaba Cloud APIs.
The sequence diagram of calling an Alibaba Cloud API operation
The following diagram shows the complete sequence of events, from when a user initiates an API request from the client to when the user receives the response from the Alibaba Cloud service.
The user initiates an HTTP request, calling the operation that is provided by the business server. For example, the request is used to query the status of an Elastic Compute Service (ECS) instance.
The business server receives the request from the business client and verifies the validity of the parameters. The server organizes the parameters based on the API documentation and signs the request. If an Alibaba Cloud SDK is used to call API operations, the business server does not need to sign the request because the SDK already contains the request signing logic.
The business server initiates a request to access the endpoint of the API gateway.
The API gateway receives the request from the business server, verifies the signature, parses the identity of the caller, and performs authentication.
After authentication succeeds, the request is forwarded to the internal service address.
The cloud product receives the request from the gateway, performs operations on the specified cloud resources based on the request and returns the execution result.
The API gateway receives the returned data from the cloud product, converts it into the standard output format, and returns the data to the business server.
The business server receives the returned data from the API gateway, processes the results, and returns them to the business client.
An endpoint is a service address registered in the gateway through which clients can access a cloud product. An endpoint is a URL that specifies the access protocol, hostname, port, and path for the service. Users of the clients can utilize the information to communicate with the cloud service.
Identity, credential, and authentication
Alibaba Cloud APIs are classified into the following two types: anonymous APIs and authenticated APIs. If you call an anonymous API, you need only to make sure that your request is compliant with the style of the API. No authentication is required.
If you call an authenticated API, the gateway needs to verify the request credential to confirm the identity of the caller. The gateway forwards the request to the cloud service only after the identity has passed the permission check.
Alibaba Cloud provides multiple methods for developers to call API operations, including Alibaba Cloud SDKs, Alibaba Cloud CLI, and Resource Orchestration Service (ROS). You can also independently implement HTTP requests.
We recommend using Alibaba Cloud SDKs to call API operations.