edit-icon download-icon

How do I set the request signature?

Last Updated: Apr 11, 2018

Table Store transmits requests and responses through HTTP. Request signatures must be formatted as Uniform Resource Identifiers (URIs). A request must contain APIVersion, Date, OTSAccessKeyId, SignatureMethod, SignatureVersion, and Signature.

  • APIVersion indicates the version of the current Table Store API. The value is 1.

  • Date has the following UTC format only options:

    • %a, %d %b %Y %H:%M:%S GMT, for example, Mon, 3 Jan 2010 08:33:47 GMT

    • %A, %d-%b-%y %H:%M:%S GMT, for example, Monday, 3-Jan-10 08:33:47 GMT

    • %a %b %d %H:%M:%S %Y, for example, Mon Jan 3 08:33:47 2010

    The maximum difference between the time indicated by Date and the time when the server receives the request is 15 minutes. If the time difference exceeds 15 minutes, the server returns the error “OTSAuthFailed”.

  • OTSAccessKeyId indicates the AccessKeyID provided by Table Store.

  • SignatureMethod indicates the signature algorithm. Currently, only HMAC-SHA1 is supported.

  • SignatureVersion indicates the version of the signature algorithm. Currently, only the version whose value is 1 is supported.

  • Signature indicates the string generated after the whole URL is signed. The string used for signature consists of the resource names and parameters of the user request. After the parameter names and values are URL encoded, an equal sign (=) is used between the names and values of these parameters to form a string. Then, the parameter name-value pairs are alphabetically sorted and connected with the & symbol to form a string. The signature calculation method is as follows:

    Base64(hmac-sha1(VERB + " " + "KEY1=VALUE1" + "&" + "KEY2=VALUE2", AccessKey

    VERB indicates the requested resource name, which is followed by the parameter name and value.

    An example user request is as follows:

    http://service.ots.aliyun.com/CreateTable?TableName=CapTable&PK.1.Name=PrimaryKey1&PK.1.Type=STRING&PK.2.Name=PrimaryKey2&PK.2.Type=INTEGER&View.1.Name=View1&View.1.PK.1.Name=PrimaryKey1&View.1.PK.1.Type=STRING&View.1.PK.2.Name=Column1&View.1.PK.2.Type=BOOLEAN&View.1.Column.1.Name=Column2&View.1.Column.1.Type=STRING&View.1.Column.2.Name=Column3&View.1.Column.2.Type=DOUBLE&APIVersion=1&Date=Fri%2C%2016%20Sep%202006%2018%3A07%3A20%20GMT&OTSAccessKeyId=ID1&SignatureMethod=HmacSHA1&SignatureVersion=1

    Then, the string for signature is:

    "/CreateTable" + "" +"APIVersion=1" +"Date=Fri%2C%2016%20Sep%202006%2018%3A07%3A20%20GMT" +"&OTSAccessKeyId=ID1" +"&PK.1.Name=PrimaryKey1" +"&PK.1.Type=STRING" +"&PK.2.Name=PrimaryKey2" +"&PK.2.Type=INTEGER" +"&SignatureMethod=HmacSHA1" +"&SignatureVersion=1" +"&TableName=CapTable" +"&View.1.Column.1.Name=Column2" +"&View.1.Column.1.Type=STRING" +"&View.1.Column.2.Name=Column3" +"&View.1.Column.2.Type=DOUBLE" +"&View.1.Name=View1" +"&View.1.PK.1.Name=PrimaryKey1" +"&View.1.PK.1.Type=STRING" +"&View.1.PK.2.Name=Column1" +"&View.1.PK.2.Type=BOOLEAN"

    The final input format is (assume that the AccessKey of ID1 is KEY 1, and the following signature string is calculated using KEY1):

    http://service.ots.aliyun.com/CreateTable?TableName=CapTable&PK.1.Name=PrimaryKey1&PK.1.Type=STRING&PK.2.Name=PrimaryKey2&PK.2.Type=INTEGER&View.1.Name=View1&View.1.PK.1.Name=PrimaryKey1&View.1.PK.1.Type=STRING&View.1.PK.2.Name=Column1&View.1.PK.2.Type=BOOLEAN&View.1.Column.1.Name=Column2&View.1.Column.1.Type=STRING&View.1.Column.2.Name=Column3&View.1.Column.2.Type=DOUBLE&APIVersion=1&Date=Fri%2C%2016%20Sep%202006%2018%3A07%3A20%20GMT&OTSAccessKeyId=ID1&SignatureMethod=HmacSHA1&SignatureVersion=1&Signature=%2FL034xFZBPO%2BNpxA%2BSufMiOt%2BKQ%3D

Return result:

  • If the AccessKeyID does not exist, Error 403 Forbidden is returned.

  • If the signature verification fails, error 403 Forbidden is returned.

  • If required parameters are not input, Error 400 Bad Request is returned.

  • The request must be input within 15 minutes before or after the current time of the Table Store server; otherwise, Error 403 Forbidden is returned.

Thank you! We've received your feedback.