- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Instance Management
- Service Management
- Creating API
- API Creation Overview
- Creating APIs Connecting to the Public URL/IP Backend
- Creating APIs Connecting to the VPC Resource Backend
- Creating APIs Connecting to the SCF Backend
- Creating API for Interconnecting Backend with COS
- Creating APIs Connecting to the Mock Backend
- Creating APIs Connecting to the TSF Backend
- Importing APIs
- API Management
- Calling API
- Release and Access
- Custom Domain Name and Certificate
- Usage Plan
- Backend Upstream
- Verification and Security
- Log Statistics
- Access Monitoring
- API Doc Generator
- Application Management
- Permission Management
- Precautions
- Private IP Ranges and Public VIPs of API Gateway Regions
- Plugin Usage
- Practical Tutorial
- Making Serverless Service Available quickly through API Gateway
- Integrating WAF to API Gateway for Security Protection
- Accessing Resources in IDC via API Gateway Dedicated Instance
- Quick Access to TEM Application via API Gateway
- Integrating ECDN to API Gateway for Acceleration
- API Gateway Providing the Access Capability for TKE
- Migrating from Region A to Region B
- Development Guide
- API Documentation
- Legacy Features
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Instance Management
- Service Management
- Creating API
- API Creation Overview
- Creating APIs Connecting to the Public URL/IP Backend
- Creating APIs Connecting to the VPC Resource Backend
- Creating APIs Connecting to the SCF Backend
- Creating API for Interconnecting Backend with COS
- Creating APIs Connecting to the Mock Backend
- Creating APIs Connecting to the TSF Backend
- Importing APIs
- API Management
- Calling API
- Release and Access
- Custom Domain Name and Certificate
- Usage Plan
- Backend Upstream
- Verification and Security
- Log Statistics
- Access Monitoring
- API Doc Generator
- Application Management
- Permission Management
- Precautions
- Private IP Ranges and Public VIPs of API Gateway Regions
- Plugin Usage
- Practical Tutorial
- Making Serverless Service Available quickly through API Gateway
- Integrating WAF to API Gateway for Security Protection
- Accessing Resources in IDC via API Gateway Dedicated Instance
- Quick Access to TEM Application via API Gateway
- Integrating ECDN to API Gateway for Acceleration
- API Gateway Providing the Access Capability for TKE
- Migrating from Region A to Region B
- Development Guide
- API Documentation
- Legacy Features
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
Overview
This document describes how to use the application-enabled authentication mode for the authentication management of your APIs in Python.
Directions
1. In the API Gateway console, create an API and select the authentication type as App authentication. To learn more about the authentication types, find the documentation for different types of backends in Creating API - Overview.
2. Release the service where the API resides to an environment. See Service Release and Deactivation.
3. Create an application on the Application page in the console.
4. Select the created application in the application list, click Bind API, select the service and API, and click Submit to bind the application to the API.
5. Generate signing information in Python by referring to the Sample Code.
Environmental Dependencies
API Gateway provides sample codes for Python 2.7 and Python 3 with the request body in JSON format and form-data format. Select as needed.
Notes
For more information on operations such as application lifecycle management, authorizing an app to access the API, and binding an app to an API, see Application Management.
For the application signature generation process, see Application Authentication.
Sample Code
Sample code for Python 2.7 with the request body in JSON format
# -*- coding: utf-8 -*-import base64import datetimeimport hashlibimport hmacimport jsonimport requestsfrom urlparse import urlparse# Application's `ApiAppKey`ApiAppKey = 'Your ApiAppKey'# Application's `ApiAppSecret`ApiAppSecret = 'Your ApiAppSecret'# apigw access addressUrl = 'http://service-xxx-xxx.gz.apigw.tencentcs.com/'HTTPMethod = 'GET' # methodAccept = 'application/json'ContentType = 'application/json'urlInfo = urlparse(Url)Host = urlInfo.hostnamePath = urlInfo.path# Environment information is not included in the signature pathif Path.startswith(('/release', '/test', '/prepub')) :Path = '/' + Path[1:].split('/',1)[1]Path = Path if Path else '/'# Splice query parameters. The query parameters need to be sorted in lexicographical order.if urlInfo.query :queryStr = urlInfo.querysplitStr = queryStr.split('&')splitStr = sorted(splitStr)sortStr = '&'.join(splitStr)Path = Path + '?' + sortStrContentMD5 = ''GMT_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'xDate = datetime.datetime.utcnow().strftime(GMT_FORMAT)# Modify body contentif HTTPMethod == 'POST' :body = { "arg1": "a", "arg2": "b" }body_json = json.dumps(body)ContentMD5 = base64.b64encode(hashlib.md5(body_json).hexdigest())# Obtain the signature stringsigning_str = 'x-date: %s\\n%s\\n%s\\n%s\\n%s\\n%s' % (xDate, HTTPMethod, Accept, ContentType, ContentMD5, Path)# Compute the signaturesign = hmac.new(ApiAppSecret, msg=signing_str, digestmod=hashlib.sha1).digest()sign = base64.b64encode(sign)auth = "hmac id=\\"" + ApiAppKey + "\\", algorithm=\\"hmac-sha1\\", headers=\\"x-date\\", signature=\\""sign = auth + sign + "\\""# Send the requestheaders = {'Host': Host,'Accept': Accept,'Content-Type': ContentType,'x-date': xDate,'Authorization': sign}if(HTTPMethod == 'GET'):ret = requests.get(Url, headers=headers)if(HTTPMethod == 'POST'):ret = requests.post(Url, headers=headers, data=body_json)print(ret.headers)print(ret.text)
Sample code for Python 2.7 with the request body in form-data format
# -*- coding: utf-8 -*-import base64import datetimeimport hashlibimport hmacimport jsonimport requestsimport urllibfrom urlparse import urlparse# Application's `ApiAppKey`ApiAppKey = 'Your ApiAppKey'# Application's `ApiAppSecret`ApiAppSecret = 'Your ApiAppSecret'# apigw access addressUrl = 'http://service-xxx-xxx.gz.apigw.tencentcs.com/'HTTPMethod = 'POST' # methodAccept = 'application/json'ContentType = 'application/x-www-form-urlencoded'urlInfo = urlparse(Url)Host = urlInfo.hostnamePath = urlInfo.path# Environment information is not included in the signature pathif Path.startswith(('/release', '/test', '/prepub')) :Path = '/' + Path[1:].split('/',1)[1]Path = Path if Path else '/'ContentMD5 = ''GMT_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'xDate = datetime.datetime.utcnow().strftime(GMT_FORMAT)# Modify body contentbody = { "arg1": "a", "arg2": "b" }argBody = urllib.urlencode(body)# When signing, the form parameters are spliced with the query parameters. The parameters need to be sorted in lexicographical order.if urlInfo.query :argBody = argBody + '&' + urlInfo.querysplitStr = argBody.split('&')argBody = sorted(splitStr)sortStr = '&'.join(argBody)Path = Path + '?' + sortStr# Obtain the signature stringsigning_str = 'x-date: %s\\n%s\\n%s\\n%s\\n%s\\n%s' % (xDate, HTTPMethod, Accept, ContentType, ContentMD5, Path)# Compute the signaturesign = hmac.new(ApiAppSecret, msg=signing_str, digestmod=hashlib.sha1).digest()sign = base64.b64encode(sign)auth = "hmac id=\\"" + ApiAppKey + "\\", algorithm=\\"hmac-sha1\\", headers=\\"x-date\\", signature=\\""sign = auth + sign + "\\""# Send the requestheaders = {'Host': Host,'Accept': Accept,'Content-Type': ContentType,'x-date': xDate,'Authorization': sign}if(HTTPMethod == 'GET'):ret = requests.get(Url, headers=headers)if(HTTPMethod == 'POST'):ret = requests.post(Url, headers=headers, data=body)print(ret.headers)print(ret.text)
Sample code for Python 2.7 with the request body in multipart/form-data format
#! /usr/bin/env python# -*- coding: utf-8 -*-import base64import datetimeimport hashlibimport hmacimport httplib, mimetypesfrom urlparse import urlparse# Application's `ApiAppKey`ApiAppKey = 'Your ApiAppKey'# Application's `ApiAppSecret`ApiAppSecret = 'Your ApiAppSecret'Url = 'http://service-xxx-xxx.gz.apigw.tencentcs.com/'# Set form parameters# fields is a sequence of (name, value) elements for regular form fields.# files is a sequence of (name, filename, value) elements for data to be uploaded as files#Example:#Fields = [("arg1", "a"), ("arg2", "b")]#Files = [("file", "@test.txt", open("test.txt", "r").read())]Fields = []Files = []HTTPMethod = 'POST'Accept = 'application/json'urlInfo = urlparse(Url)Host = urlInfo.hostnamePath = urlInfo.path# Environment information is not included in the signature pathif Path.startswith(('/release', '/test', '/prepub')) :Path = '/' + Path[1:].split('/',1)[1]Path = Path if Path else '/'# Splice query parameters. The query parameters need to be sorted in lexicographical order.if urlInfo.query :queryStr = urlInfo.querysplitStr = queryStr.split('&')splitStr = sorted(splitStr)sortStr = '&'.join(splitStr)Path = Path + '?' + sortStrGMT_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'xDate = datetime.datetime.utcnow().strftime(GMT_FORMAT)def post_multipart(host, selector, fields, files):content_type, body = encode_multipart_formdata(fields, files)ContentMD5 = base64.b64encode(hashlib.md5(body).hexdigest())# Obtain the signature stringsigning_str = 'x-date: %s\\n%s\\n%s\\n%s\\n%s\\n%s' % (xDate, HTTPMethod, Accept, content_type, ContentMD5, Path)sign = hmac.new(ApiAppSecret, msg=signing_str, digestmod=hashlib.sha1).digest()sign = base64.b64encode(sign)auth = "hmac id=\\"" + ApiAppKey + "\\", algorithm=\\"hmac-sha1\\", headers=\\"x-date\\", signature=\\""sign = auth + sign + "\\""h = httplib.HTTPConnection(host)h.putrequest(HTTPMethod, selector)h.putheader('content-type', content_type)h.putheader('content-length', str(len(body)))h.putheader('accept', Accept)h.putheader('x-date', xDate)h.putheader('Authorization', sign)h.endheaders()h.send(body)response = h.getresponse()output = response.read()return outputdef encode_multipart_formdata(fields, files):BOUNDARY = '----------ThIs_Is_tHe_bouNdaRY_$'CRLF = '\\r\\n'L = []for (key, value) in fields:L.append('--' + BOUNDARY)L.append('Content-Disposition: form-data; name="%s"' % key)L.append('')L.append(value)for (key, filename, value) in files:L.append('--' + BOUNDARY)L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % (key, filename))L.append('Content-Type: %s' % get_content_type(filename))L.append('')L.append(value)L.append('--' + BOUNDARY + '--')L.append('')body = CRLF.join(L)content_type = 'multipart/form-data; boundary=%s' % BOUNDARYreturn content_type, bodydef get_content_type(filename):return mimetypes.guess_type(filename)[0] or 'application/octet-stream'output = post_multipart(Host, Path, Fields, Files)print(output)
Sample code for Python 3 with the request body in form-data format
# -*- coding: utf-8 -*-import base64import datetimeimport hashlibimport hmacimport jsonimport requestsfrom urllib.parse import urlparsefrom urllib.parse import urlencode# Application's `ApiAppKey`ApiAppKey = 'Your ApiAppKey'# Application's `ApiAppSecret`ApiAppSecret = 'Your ApiAppSecret'# apigw access addressUrl = 'http://service-xxx-xxx.gz.apigw.tencentcs.com/'HTTPMethod = 'POST' # methodAccept = 'application/json'ContentType = 'application/x-www-form-urlencoded'urlInfo = urlparse(Url)Host = urlInfo.hostnamePath = urlInfo.path# Environment information is not included in the signature pathif Path.startswith(('/release', '/test', '/prepub')) :Path = '/' + Path[1:].split('/',1)[1]Path = Path if Path else '/'ContentMD5 = ''GMT_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'xDate = datetime.datetime.utcnow().strftime(GMT_FORMAT)# Modify body contentbody = { "arg1": "a", "arg2": "b" }argBody = urlencode(body)# When signing, the form parameters are spliced with the query parameters. The parameters need to be sorted in lexicographical order.if urlInfo.query :argBody = argBody + '&' + urlInfo.querysplitStr = argBody.split('&')argBody = sorted(splitStr)sortStr = '&'.join(argBody)Path = Path + '?' + sortStr# Obtain the signature stringsigning_str = 'x-date: %s\\n%s\\n%s\\n%s\\n%s\\n%s' % (xDate, HTTPMethod, Accept, ContentType, ContentMD5, Path)# Compute the signaturesign = hmac.new(ApiAppSecret.encode(), msg=signing_str.encode(), digestmod=hashlib.sha1).digest()sign = base64.b64encode(sign).decode()auth = "hmac id=\\"" + ApiAppKey + "\\", algorithm=\\"hmac-sha1\\", headers=\\"x-date\\", signature=\\""sign = auth + sign + "\\""# Send the requestheaders = {'Host': Host,'Accept': Accept,'Content-Type': ContentType,'x-date': xDate,'Authorization': sign}if HTTPMethod == 'GET' :ret = requests.get(Url, headers=headers)if HTTPMethod == 'POST' :ret = requests.post(Url, headers=headers, data=body)print(ret.headers)print(ret.text)
Sample code for Python 3 with the request body in JSON format
# -*- coding: utf-8 -*-import base64import datetimeimport hashlibimport hmacimport jsonimport requestsfrom urllib.parse import urlparse# Application's `ApiAppKey`ApiAppKey = 'Your ApiAppKey'# Application's `ApiAppSecret`ApiAppSecret = 'Your ApiAppSecret'# apigw access addressUrl = 'http://service-xxx-xxx.gz.apigw.tencentcs.com/'HTTPMethod = 'GET' # methodAccept = 'application/json'ContentType = 'application/json'urlInfo = urlparse(Url)Host = urlInfo.hostnamePath = urlInfo.path# Environment information is not included in the signature pathif Path.startswith(('/release', '/test', '/prepub')) :Path = '/' + Path[1:].split('/',1)[1]Path = Path if Path else '/'# Splice query parameters. The query parameters need to be sorted in lexicographical order.if urlInfo.query :queryStr = urlInfo.querysplitStr = queryStr.split('&')splitStr = sorted(splitStr)sortStr = '&'.join(splitStr)Path = Path + '?' + sortStrContentMD5 = ''GMT_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'xDate = datetime.datetime.utcnow().strftime(GMT_FORMAT)# Modify body contentif HTTPMethod == 'POST' :body = { "arg1": "a", "arg2": "b" }body_json = json.dumps(body)body_md5 = hashlib.md5(body_json.encode()).hexdigest()ContentMD5 = base64.b64encode(body_md5.encode()).decode()# Obtain the signature stringsigning_str = 'x-date: %s\\n%s\\n%s\\n%s\\n%s\\n%s' % (xDate, HTTPMethod, Accept, ContentType, ContentMD5, Path)# Compute the signaturesign = hmac.new(ApiAppSecret.encode(), msg=signing_str.encode(), digestmod=hashlib.sha1).digest()sign = base64.b64encode(sign).decode()auth = "hmac id=\\"" + ApiAppKey + "\\", algorithm=\\"hmac-sha1\\", headers=\\"x-date\\", signature=\\""sign = auth + sign + "\\""# Send the requestheaders = {'Host': Host,'Accept': Accept,'Content-Type': ContentType,'x-date': xDate,'Authorization': sign}if HTTPMethod == 'GET' :ret = requests.get(Url, headers=headers)if HTTPMethod == 'POST' :ret = requests.post(Url, headers=headers, data=body_json)print(ret.headers)print(ret.text)
Sample code for Python 3 with the request body in multipart/form-data format
#! /usr/bin/env python# -*- coding: utf-8 -*-import base64import datetimeimport hashlibimport hmacimport http.client as httplibimport mimetypesfrom urllib.parse import urlparse# Application's `ApiAppKey`ApiAppKey = 'Your ApiAppKey'# Application's `ApiAppSecret`ApiAppSecret = 'Your ApiAppSecret'Url = 'http://service-xxx-xxx.gz.apigw.tencentcs.com/'# Set form parameters# fields is a sequence of (name, value) elements for regular form fields.# files is a sequence of (name, filename, value) elements for data to be uploaded as files#Example:#Fields = [("arg1", "a"), ("arg2", "b")]#Files = [("file", "@test.txt", open("test.txt", "r").read())]Fields = []Files = []HTTPMethod = 'POST'Accept = 'application/json'urlInfo = urlparse(Url)Host = urlInfo.hostnamePath = urlInfo.path# Environment information is not included in the signature pathif Path.startswith(('/release', '/test', '/prepub')) :Path = '/' + Path[1:].split('/',1)[1]Path = Path if Path else '/'# Splice query parameters. The query parameters need to be sorted in lexicographical order.if urlInfo.query :queryStr = urlInfo.querysplitStr = queryStr.split('&')splitStr = sorted(splitStr)sortStr = '&'.join(splitStr)Path = Path + '?' + sortStrGMT_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'xDate = datetime.datetime.utcnow().strftime(GMT_FORMAT)def post_multipart(host, selector, fields, files):content_type, body = encode_multipart_formdata(fields, files)body_md5 = hashlib.md5(body.encode()).hexdigest()ContentMD5 = base64.b64encode(body_md5.encode()).decode()#ContentMD5 = base64.b64encode((hashlib.md5(body.encode).hexdigest()).encode).decode()# Obtain the signature stringsigning_str = 'x-date: %s\\n%s\\n%s\\n%s\\n%s\\n%s' % (xDate, HTTPMethod, Accept, content_type, ContentMD5, Path)sign = hmac.new(ApiAppSecret.encode(), msg=signing_str.encode(), digestmod=hashlib.sha1).digest()sign = base64.b64encode(sign).decode()auth = "hmac id=\\"" + ApiAppKey + "\\", algorithm=\\"hmac-sha1\\", headers=\\"x-date\\", signature=\\""sign = auth + sign + "\\""h = httplib.HTTPConnection(host)h.putrequest(HTTPMethod, selector)h.putheader('content-type', content_type)h.putheader('content-length', str(len(body)))h.putheader('accept', Accept)h.putheader('x-date', xDate)h.putheader('Authorization', sign)h.endheaders()h.send(body.encode())response = h.getresponse()output = response.read().decode()return outputdef encode_multipart_formdata(fields, files):BOUNDARY = '----------ThIs_Is_tHe_bouNdaRY_$'CRLF = '\\r\\n'L = []for (key, value) in fields:L.append('--' + BOUNDARY)L.append('Content-Disposition: form-data; name="%s"' % key)L.append('')L.append(value)for (key, filename, value) in files:L.append('--' + BOUNDARY)L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % (key, filename))L.append('Content-Type: %s' % get_content_type(filename))L.append('')L.append(value)L.append('--' + BOUNDARY + '--')L.append('')body = CRLF.join(L)content_type = 'multipart/form-data; boundary=%s' % BOUNDARYreturn content_type, bodydef get_content_type(filename):return mimetypes.guess_type(filename)[0] or 'application/octet-stream'output = post_multipart(Host, Path, Fields, Files)print(output)
Yes
No
Was this page helpful?