brief introduction
Perform signature calculation on API requests
be careful:
Only when you manually create an HTTP request (RESTful API call), do you need to know how to perform signature calculation on the request. When you use the SDK provided by Smart Cloud, a complete signature algorithm has been encapsulated in the SDK, and users do not need to implement it themselves.
When do I need to sign an API request?
-
There is no corresponding smart cloud SDK for the programming language you are using or the smart cloud service you need to request. -
You want to be able to fully control your API requests.
Why do you want to perform signature calculation?
-
Verify the identity of the requester
Signing ensures that the request is initiated by a user or service with a valid access key. Please refer to Manage your AKSK -
Protect data in transmission and prevent illegal tampering
If the request is illegally tampered during transmission, the third party cannot calculate the tampered request to obtain a new Authentication string (Authorization), after the smart cloud receives the request, the authentication string matching will fail, so the identity verification cannot pass. -
reassembly attack
Authentication string (Authorization) has a specified effective time. If the request is intercepted, the third party cannot replay the request beyond the effective time.
Sign API request
-
Include authentication string in HTTP header -
Include authentication string in URL The user can also put the authentication string in the authorization parameter of the HTTP request Query String. It is often used in scenarios where a URL is generated for use by a third party, such as temporarily opening a certain data to others for download. For how to include the authentication string in the URL, refer to Include authentication string in URL 。
Signature Version
Video Reference