Yes, CloudMonitor supports the HMAC-SHA1 signature algorithm. It is the only signature algorithm that CloudMonitor supports. To use the HMAC-SHA1 signature algorithm, perform the steps described in this topic.


  1. Prepare an Alibaba Cloud AccessKey pair.
    A pair of AccessKey ID and AccessKey secret is required to generate a signature for an HTTP request.
    Note You can use an existing AccessKey pair or create one. The AccessKey pair must be active.
  2. Generate a signature string for an HTTP request.
    The signature string of an HTTP request is generated based on the Method, Header, and Body fields of the HTTP request.
    SignString = VERB + "\n"
                 + CONTENT-MD5 + "\n"
                 + CONTENT-TYPE + "\n"
                 + DATE + "\n"
                 + CanonicalizedHeaders + "\n"
                 + CanonicalizedResource
    In the preceding formula, \n indicates the escaped newline character and the plus sign (+) indicates the string concatenation operator. The following table describes the definitions of other fields.
    Field Description Example
    VERB The HTTP method used to make the request. PUT, GET, or POST
    CONTENT-MD5 The MD5 value of the Body field in the HTTP request.
    Note The MD5 value must be a string consisting of uppercase letters and digits.
    CONTENT-TYPE The type of the Body field in the HTTP request. application/json
    DATE The standard timestamp header of the HTTP request.
    Note This timestamp header follows the RFC 1123 time format and uses the GMT standard time.
    Mon, 3 Jan 2010 08:33:47 GMT
    CanonicalizedHeaders The string constructed from the custom headers that are prefixed with x-cms and x-acs in the HTTP request. x-cms-api-version:0.1.0\nx-cms-signature
    CanonicalizedResource The string constructed from the resources requested by the HTTP request. /event/custom/upload

    The CanonicalizedHeaders and CanonicalizedResource strings in the preceding table are constructed as the following rules:

    • CanonicalizedHeaders
      1. Convert the names of all headers that are prefixed with x-cms and x-acs to lowercase letters.
      2. Sort the case-converted headers generated in the preceding step in lexicographic order.
      3. Delete all spaces on each side of a delimiter between each header and its content.
      4. Separate all the preceding headers with delimiters (\n) to form the final CanonicalizedHeaders string.
    • CanonicalizedResource
      1. Set the CanonicalizedResource string to an empty string ("").
      2. Place the URI that you want to access, such as /event/custom/upload, between the quotation marks.
      3. If the request contains a query string, add a question mark (?) and the query string to the end of the CanonicalizedResource string.

        The sort string is the lexicographically sorted string of the request parameters included in the URI. Equal signs (=) are used between the names and values of parameters to form a string. The parameter name-parameter value pairs are then sorted in lexicographic order and connected with ampersands (&) to form a string. The formula for constructing the query string:

        QUERY_STRING = "KEY1=VALUE1" + "&" + "KEY2=VALUE2"
  3. Generate a digital signature for the HTTP request.
    The formula for generating a digital signature:
    Signature = base16(hmac-sha1(UTF8-Encoding-Of(SignString), AccessKeySecret))
    The sample signature string of an HTTP request:
    SignString="POST" + \n
    +"875264590688CA6171F6228AF5BBB3D2" + \n
    +"application/json" + \n
    +"Tue, 11 Dec 2018 21:05:51 +0800" + \n
    +"x-cms-api-version:1.0" + \n
    +"x-cms-ip:" + \n
    +"x-cms-signature:hmac-sha1" + \n
    accessSecret="testsecret" // The AccessKey secret used to sign the HTTP request.                            
    The signature generated based on the preceding signature string: