Drive and Photo Service:Build a drive system that uses an existing user system

1. Preparations

• Activate PDS. To activate the service, go to the product page.

• Authorize PDS to access your cloud resources. If you log on to the PDS console (https://pds.console.alibabacloud.com) for the first time, the system prompts you to authorize PDS to access your cloud resources. If you have authorized PDS to access your cloud resources, skip this operation.

2. Create a domain

Create a domain in the PDS console

Log on to the PDS console. In the left-side navigation pane, click Domains. On the Domains page, click Create Domain.

In the Create Domain panel, configure parameters to create a domain. Set the Data Storage Mode parameter to Standard Mode.

3. Call the PDS API on the server side

3.1 Use an AccessKey pair

3.1.1 Create a RAM user to generate an AccessKey pair and grant permissions to the RAM user

Log on to the Resource Access Management (RAM) console (https://ram.console.alibabacloud.com). Create a RAM user to generate an AccessKey pair and grant permissions to the RAM user, such as the permissions to obtain an access token.

On the Users page, click Create User.

On the Create User page, select Using permanent AccessKey to access.

Record the AccessKey ID and AccessKey secret generated for the RAM user. The AccessKey secret is displayed only once.

3.1.2 Grant permissions to the RAM user

On the Users page, find the created RAM user and click Add Permissions in the Actions column to grant permissions to the RAM user.

In the Grant Permission panel, search for the AliyunPDSFullAccess policy and attach the policy to the RAM user.

After you perform the preceding operations, the RAM user has the permissions to call all the API operations of PDS.

Call API operations to obtain the access token of a user. For more information, see Access by calling AccessKey-based API operations.

3.2 Use JWT

3.2.1 Create an application

Log on to the PDS console. On the Domains page, find the created domain and click the domain ID or name to go to the domain details page. On the Applications tab, create an application.

3.2.2 Generate a key pair

After the application is created, find the application in the My Applications section and click Set Public Key in the Actions column.

Generate a public key and a private key.

Copy and record the private key. Click OK.

Call API operations to obtain the access token of a user. For more information, see Access for JWT applications.

4. Integrate PDS SDK

4.1 Method 1: Use a self-managed drive application

Procedure:

1. A user logs on to the drive application on the existing user logon page.

2. After the authentication is complete, the server obtains the access token of the user based on the internal user ID.

3. The server returns the access token to the client. The client uses the access token to access the PDS API.

4.2 Method 2: Use BasicUI provided by PDS

If you use BasicUI provided by PDS, you must allow BasicUI to access your domain.

Log on to BasicUI as the super administrator to synchronize data.

The following figure shows how to use BasicUI to access the PDS API.

• A user logs on to the drive application on the existing user logon page.

• After the user logs on, a page appears. You can configure the page of BasicUI by using the following method: window.open('https://'+domainId+'.apps.aliyunpds.com/accesstoken?origin='+location.origin).

• BasicUI returns a message by using the postMessage method to indicate that BasicUI is ready.

• The page requests the server to issue an access token by using JWT.

• After the page obtains the access token, the access token is sent to BasicUI by using the postMessage method.

• After BasicUI obtains the access token, BasicUI uses the access token to access the PDS API.