Signature generation instructions

API Gateway

Release Notes and Announcements

Release Notes

Announcements

[Important] API Gateway Product Sales Discontinuation Announcement

[March 1, 2024] Security Management Notice for the Use of Default Domain Name in API Gateway

[August 15, 2022] Billing of Public Network Outbound Traffic from API Gateway to Backend Services

Product Introduction

Regions and Availability Zones

Purchase Guide (Discontinued)

Billing Overview

Instance Specifications

Shared Instance Billing

Dedicated Instance Billing

Billing Rule

Refund

Resource Pack Billing

Billing Rule

Refund

Payment Overdue

Getting Started

Step 1. Get the Access Permission

Step 2. Create a Service

Step 3. Create an API with Mock as the Backend Type

Step 4. Publish the Service

Step 5. Create a Plugin and Bind It to the API

Step 6. Debug the API

Operation Guide

Instance Management

Instance Parameter Configuration

Service Management

Binding Service to VPC

Migrating Service from Shared Instance to Dedicated Instance

Creating API

API Creation Overview

Creating APIs Connecting to the Public URL/IP Backend

Creating APIs Connecting to the VPC Resource Backend

Creating APIs Connecting to the SCF Backend

Creating API for Interconnecting Backend with COS

Creating APIs Connecting to the Mock Backend

Creating APIs Connecting to the TSF Backend

Importing APIs

API Management

Debugging General APIs

Debugging Microservice APIs

Compressing Responses

Base64 Encoding

Calling API

Calling Key Pair Authentication API

Authentication-Free API

Release and Access

Overview

Service Release and Deactivation

Service Access

Environment Version Switch

Custom Domain Name and Certificate

Configuring Custom Domain Name

Usage Plan

Overview

Working with a Usage Plan

Traffic Control

Backend Upstream

VPC Upstream

Verification and Security

Overview

Application-Enabled Authentication Method

Authentication-Free Mode

OAuth2.0

CAM Policy

Log Statistics

View Log Analysis

Exporting Service Logs

Viewing Operation Logs

Shipping to CLS

Access Monitoring

Viewing Monitoring Charts

Viewing API Statistics

Monitoring Metrics

API Doc Generator

Application Management

Permission Management

Precautions

Private IP Ranges and Public VIPs of API Gateway Regions

Plugin Usage

Overview

IP Access Control

Basic Traffic Throttling

Parameter Traffic Throttling

Practical Tutorial

Making Serverless Service Available quickly through API Gateway

Integrating WAF to API Gateway for Security Protection

Accessing Resources in IDC via API Gateway Dedicated Instance

Quick Access to TEM Application via API Gateway

Integrating ECDN to API Gateway for Acceleration

API Gateway Providing the Access Capability for TKE

Migrating from Region A to Region B

Development Guide

Serverless Framework

Overview

Installing Serverless Framework

Creating and Deploying API Gateway Service

Importing APIs

Defining APIs

Sample for Importing APIs

Generating Application Authentication Signature

Quick Service Deletion Tool

Uploading Files

Serverless Multi-File Upload Processing

Structures Passed by API Gateway to Backend

API Documentation

Making API Requests

Application APIs

DescribeApiAppBindApisStatus

DescribeApiAppsStatus

DescribeApiBindApiAppsStatus

DescribeApiForApiApp

DescribeServiceForApiApp

ModifyApiApp

UnbindApiApp

UpdateApiAppKey

Other APIs

DescribeInstancesNetworkConfig

CreateUpstream

DeleteUpstream

DescribeUpstreamBindApis

DescribeUpstreams

ModifyUpstream

DescribeExclusiveInstanceRegions

Plugin APIs

CreatePlugin

DeletePlugin

DescribeAllPluginApis

Usage Plan APIs

DemoteServiceUsagePlan

DescribeUsagePlan

DescribeUsagePlanEnvironments

DescribeUsagePlanSecretIds

DescribeUsagePlansStatus

IP Policy APIs

DescribeIPStrategyApisStatus

DescribeIPStrategysStatus

ModifyIPStrategy

UnBindIPStrategy

Custom Domain Name APIs

BindSubDomain

DeleteServiceSubDomainMapping

DescribeServiceSubDomainMappings

DescribeServiceSubDomains

API Document APIs

OpenAPI APIs

Key APIs

DescribeApiKeysStatus

Log APIs

Service APIs

DescribeServiceEnvironmentList

DescribeServiceEnvironmentReleaseHistory

DescribeServiceReleaseVersion

DescribeServiceUsagePlan

DescribeServicesStatus

Throttling Policy APIs

DescribeApiEnvironmentStrategy

DescribeServiceEnvironmentStrategy

ModifyApiEnvironmentStrategy

ModifyServiceEnvironmentStrategy

Documentation and SDK APIs

GenerateApiDocument

Data Types

Error Codes

Legacy Features

Key Pair Authentication

Key Management

Key Pair Authentication

Java (Key Pair Authentication)

Go (Key Pair Authentication)

Python (Key Pair Authentication)

JavaScript (Key Pair Authentication)

PHP (Key Pair Authentication)

C++ (Key Pair Authentication)

Erlang (Key Pair Authentication)

Signature generation instructions

FAQs

Service Level Agreement

Glossary

DocumentationAPI GatewayLegacy FeaturesKey Pair AuthenticationSignature generation instructions

Signature generation instructions

Download PDF

Last updated: 2023-12-22 10:09:37

Signature generation instructions

Last updated: 2023-12-22 10:09:37

Download PDF

Precautions
If you select key pair authentication when creating an API, the service where the API resides needs to be published, the release environment needs to be bound to a usage plan, and the usage plan needs to be bound to a key pair. Then, the corresponding key pair will be used to generate signing information to authenticate API access requests.
For a query that contains Chinese characters and spaces, the request body should URL-encode the value with UTF-8.
When a signature is calculated through parameters, the value before encoding should be signed. URL-encoded strings cannot be signed. Please URL-encode the query and body values after signing.
Client Error Codes
Error Code
Status Code
Description
Solution
HMAC signature cannot be verified, a validate authorization header is required
401
The request did not carry the Authorization field.
Please construct this field as instructed in the signature demo for the applicable programming language.
authorization headers is invalidate
403
The format of the Authorization field in the request is incorrect.
Please construct this field as instructed in the signature demo for the applicable programming language.
id or signature missing
403
The ID or signature field is missing in the Authorization field of the request.
Please construct this field as instructed in the signature demo for the applicable programming language.
HMAC signature cannot be verified, a valid $header header is required
403
The headers field in the Authorization field of the request cannot be found in the request header.
Please construct this field as instructed in the signature demo for the applicable programming language.
HMAC signature cannot be verified, a valid date header is required
403
The Authorization of the request must use the date field as one of the authentication fields.
Please construct this field as instructed in the signature demo for the applicable programming language.
Found no validate usage plan
403
Request authentication failed, because the API needs authentication, but the API is not bound to a usage plan.
Please disable API authentication or bind a usage plan to the release environment of the API and bind the key pair to the usage plan.
HMAC signature cannot be verified
403
Request authentication failed, because the Key ID in the Authorization field is not bound to the release environment of the API, the Key ID is invalid, or the Key is disabled.
Please check whether the key pair is available and bound to the corresponding usage plan/release environment.
HMAC signature does not match
403
Request authentication failed, because the calculated HMAC value does not match. Please check and calculate again.
The calculated HMAC value is incorrect. Please construct this field as instructed in the signature demo for the applicable programming language.
Not Found Host
404
The request does not have the Host field.
The request should have the host field, whose value should be the server's domain name in string type.
Get Host Fail
404
The value of the host field in the request is not in string type.
Please change the value of the Host field to string type.
Could not support method
404
The request method type is not supported.
Please check whether the request method is valid.
There is no api match host[$host]
404
Request server domain name/address not found.
Please check whether the request address is correct.
There is no api match env_mapping[$env_mapping]
404
The env_mapping field after the custom domain name is incorrect.
Please check whether the env_mapping configured for the bound custom domain name is the same as the one you entered.
There is no api match default env_mapping[$env_mapping]
404
The value of the env_mapping field after the default domain name should be test/prepub/release.
The value of the env_mapping field after the default domain name should be test/prepub/release.
There is no api match uri[$uri]
404
The API that matches the URI is not found in the service corresponding to the request address.
Please check whether the entered URI is correct.
There is no api match method[$method]
404
The API corresponding to the request address plus URI does not support the request method.
Please check whether the request method is correct.
"Not allow use HTTPS protocol or Not allow use HTTP protocol"
404
The service corresponding to the requested address does not support the HTTP protocol type.
Please check whether the request protocol type is correct.
req is cross origin, api $uri need open cors flag on qcloud apigateway.
429
This is a cross-origin request, but the corresponding API has not enabled cross-origin access.
Please enable cross-origin access for the API.
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Error Code	Status Code	Description	Solution
HMAC signature cannot be verified, a validate authorization header is required	401	The request did not carry the `Authorization` field.	Please construct this field as instructed in the signature demo for the applicable programming language.
authorization headers is invalidate	403	The format of the `Authorization` field in the request is incorrect.	Please construct this field as instructed in the signature demo for the applicable programming language.
id or signature missing	403	The ID or `signature` field is missing in the `Authorization` field of the request.	Please construct this field as instructed in the signature demo for the applicable programming language.
HMAC signature cannot be verified, a valid $header header is required	403	The `headers` field in the `Authorization` field of the request cannot be found in the request header.	Please construct this field as instructed in the signature demo for the applicable programming language.
HMAC signature cannot be verified, a valid date header is required	403	The `Authorization` of the request must use the `date` field as one of the authentication fields.	Please construct this field as instructed in the signature demo for the applicable programming language.
Found no validate usage plan	403	Request authentication failed, because the API needs authentication, but the API is not bound to a usage plan.	Please disable API authentication or bind a usage plan to the release environment of the API and bind the key pair to the usage plan.
HMAC signature cannot be verified	403	Request authentication failed, because the `Key ID` in the `Authorization` field is not bound to the release environment of the API, the `Key ID` is invalid, or the `Key` is disabled.	Please check whether the key pair is available and bound to the corresponding usage plan/release environment.
HMAC signature does not match	403	Request authentication failed, because the calculated HMAC value does not match. Please check and calculate again.	The calculated HMAC value is incorrect. Please construct this field as instructed in the signature demo for the applicable programming language.
Not Found Host	404	The request does not have the `Host` field.	The request should have the `host` field, whose value should be the server's domain name in string type.
Get Host Fail	404	The value of the `host` field in the request is not in string type.	Please change the value of the `Host` field to string type.
Could not support method	404	The request method type is not supported.	Please check whether the request method is valid.
There is no api match host[$host]	404	Request server domain name/address not found.	Please check whether the request address is correct.
There is no api match env_mapping[$env_mapping]	404	The `env_mapping` field after the custom domain name is incorrect.	Please check whether the `env_mapping` configured for the bound custom domain name is the same as the one you entered.
There is no api match default env_mapping[$env_mapping]	404	The value of the `env_mapping` field after the default domain name should be `test/prepub/release`.	The value of the `env_mapping` field after the default domain name should be `test/prepub/release`.
There is no api match uri[$uri]	404	The API that matches the URI is not found in the service corresponding to the request address.	Please check whether the entered URI is correct.
There is no api match method[$method]	404	The API corresponding to the request address plus URI does not support the request method.	Please check whether the request method is correct.
"Not allow use HTTPS protocol or Not allow use HTTP protocol"	404	The service corresponding to the requested address does not support the HTTP protocol type.	Please check whether the request protocol type is correct.
req is cross origin, api $uri need open cors flag on qcloud apigateway.	429	This is a cross-origin request, but the corresponding API has not enabled cross-origin access.	Please enable cross-origin access for the API.

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service Special Offers

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

E-commerce

E-commerce retail solutions

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Financial Services

Financial Services Solution

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

TencentDB for TcaplusDB

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha

Cloud Workload Protection Platform

Data Security Governance Center