This topic describes how requests are signed. You must sign all HTTP or HTTPS API requests to ensure security. Alibaba Cloud uses the request signature to verify the identity of the request sender. Alibaba Cloud implements symmetric encryption with an AccessKey pair to verify the identity of the request sender. An AccessKey pair consists of an AccessKey ID and an AccessKey secret.
AccessKey pairs
You can obtain the AccessKey ID and AccessKey secret on the AccessKey Management page in the Alibaba Cloud Management Console. The AccessKey ID is used to verify the identity of the user, while the AccessKey secret is used to encrypt and verify the signature string. You must keep your AccessKey secret strictly confidential.
For more information, see Obtain an AccessKey pair.
Procedure
Sample request
Take the SendMessageToGlobe operation as an example. The following request URL is used before signing:
http://dysmsapi.ap-southeast-1.aliyuncs.com/?AccessKeyId=testid&Action=SendMessageToGlobe&Format=XML&From=Alicloud&Message=Hello&RegionId=ap-southeast-1&SignatureMethod=HMAC-SHA1&SignatureNonce=57acef20-c1d8-11eb-8c08-db81fda24dcc&SignatureVersion=1.0&Timestamp=2021-05-31T06%3A20%3A49Z&To=861245567%2A%2A%2A%2A&Version=2018-05-01
GET&%2F&AccessKeyId%3Dtestid%26Action%3DSendMessageToGlobe%26Format%3DXML%26From%3DAlicloud%26Message%3DHello%26RegionId%3Dap-southeast-1%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3D57acef20-c1d8-11eb-8c08-db81fda24dcc%26SignatureVersion%3D1.0%26Timestamp%3D2021-05-31T06%253A20%253A49Z%26To%3D861245567%252A%252A%252A%252A%26Version%3D2018-05-01
Assume that the AccessKey ID is testid and the AccessKey secret is testsecret. Then,
the key used to calculate the HMAC value of the signature is testsecret&. The calculated
signature string is uRpHwaSEt3J+6KQD//svCh/x+pI=
.
http://dysmsapi.ap-southeast-1.aliyuncs.com/?Signature=Lh%2FxyzDi5tn8DXfqatBONMXLErg%3D&AccessKeyId=testid&Action=SendMessageToGlobe&Format=XML&From=Alicloud&Message=Hello&RegionId=ap-southeast-1&SignatureMethod=HMAC-SHA1&SignatureNonce=57acef20-c1d8-11eb-8c08-db81fda24dcc&SignatureVersion=1.0&Timestamp=2021-05-31T06%3A20%3A49Z&To=861245567%2A%2A%2A%2A&Version=2018-05-01