If the existing SDKs cannot meet your business requirements, you can construct custom HTTP requests.
If an Alibaba Cloud SDK already supports your target service and language, use the SDK instead. SDKs handle request construction and signing automatically. This page is for cases where no suitable SDK is available.
Steps
Step 1: Check the API style of the cloud service
The request construction method depends on the API style of the target service. Check the API reference for your service to confirm whether it uses the remote procedure call (RPC) or resource-oriented architecture (ROA) style. For more information, see API styles.
Step 2: Construct and sign the request
Request syntax varies by API style. For detailed instructions, see Request syntax and signature method V3.
Step 3: Process responses
If you know the expected response structure, deserialize responses into predefined objects. Otherwise, process them as generic data.
Step 4: Add exception handling and retry logic
Network disruptions and invalid request parameters can cause exceptions. Build exception handling and retry logic into your client to handle these cases.
Why requests must be signed
Signing protects cloud services from malicious and invalid requests. A signature is computed from request data — including credentials, a timestamp, and a random number — and attached to each request before it is sent.
Signing achieves four security goals:
Request authentication: The API gateway verifies that the request originates from a legitimate client, blocking unauthorized requests before they reach the service.
Replay attack prevention: Each signature includes a timestamp and random number, ensuring that a captured request cannot be reused.
Tamper detection: The signature encodes the request content, so any modification during transmission invalidates the signature and the request is rejected.
Auditability: The signature carries source information and a timestamp, giving service providers a verifiable trail for tracking and auditing system access.