All Products
Search

This Product

    Alibaba Cloud SDK:Request syntax and signature method

    Document Center

    Alibaba Cloud SDK:Request syntax and signature method

    Last Updated:Feb 02, 2024

    If the existing SDKs cannot meet your business requirements, you can construct custom HTTP requests.

    Procedure

    Step 1: Check the API style of the cloud service that you want to access

    The method that is used to construct custom HTTP requests varies based on the styles of APIs. You can check the API reference for the cloud service that you want to access to determine whether the service uses the remote procedure call (RPC) or resource-oriented architecture (ROA) style. For more information, see API styles.

    Step 2: Construct a request and sign the request

    The request syntax varies based on the styles of APIs. For more information, see Request syntax and signature method V3.

    Step 3: Process the responses

    If you already know the data to be returned by an API operation, you can convert the responses into pre-defined objects. Otherwise, you must process the responses in a generic manner.

    Step 4: Design the exception handing and retry logic

    Exceptions may occur due to issues such as network disconnections or invalid request parameters. Therefore, you must design the exception handing and retry logic.

    Reasons for signing HTTP requests

    Signing HTTP requests is to protect cloud services from malicious requests and intercept invalid requests in advance. The signing is implemented by adding specific information to requests, such as keys, timestamps, and random numbers.

    The following purposes can be achieved by signing HTTP requests:

    1. Prevent request forgery: The signature can help the API gateway identify whether a request is sent by a legitimate client. This can prevent invalid requests from entering the system.

    2. Prevent replay attacks: The signature contains information such as timestamps and random numbers. They can prevent requests from being replayed and ensure that each request is only executed once.

    3. Prevent request tampering: The signature contains credential information, which can ensure that a request has not been tampered with or forged during transmission.

    4. Support auditing: The signature can record the source information and timestamp of a request. This way, service providers can audit and track system usage.