API Gateway
- Release Notes and Announcements
- Product Introduction
- Purchase Guide (Discontinued)
- Dedicated Instance Billing
- Resource Pack Billing
- Getting Started
- Operation Guide
- Instance Management
- Service Management
- Creating API
- Custom Domain Name and Certificate
- Backend Upstream
- Verification and Security
- Access Monitoring
- Plugin Usage
- Practical Tutorial
- Development Guide
- Serverless Framework
- Importing APIs
- Generating Application Authentication Signature
- API Documentation
- Making API Requests
- Plugin APIs
- Application APIs
- Other APIs
- Usage Plan APIs
- IP Policy APIs
- Custom Domain Name APIs
- API Document APIs
- OpenAPI APIs
- Key APIs
- Log APIs
- Service APIs
- Throttling Policy APIs
- Documentation and SDK APIs
- Legacy Features
- Key Pair Authentication
PHP
Last updated: 2023-12-22 10:06:06
Overview
This document describes how to manage access to your APIs through application authentication in PHP.
Directions
1. In the API Gateway console, create an API and select the authentication type as App authentication. To learn more about the authentication types, find the documentation for different types of backends in Creating API - Overview.
2. Release the service where the API resides to an environment. See Service Release and Deactivation.
3. Create an application on the Application page in the console.
4. Select the created application in the application list, click Bind API, select the service and API, and click Submit to bind the application to the API.
5. Generate signing information in PHP by referring to the Sample Code.
Environmental Dependencies
This code sample is for PHP 7, and you may need to make changes for other PHP versions as appropriate.
API Gateway provides sample codes with the request body in JSON format and form-data format. Select as needed.
Notes
For more information on operations such as application lifecycle management, authorizing an app to access the API, and binding an app to an API, see Application Management.
For the application signature generation process, see Application Authentication.
Sample Code
Basic code
<?phpconst FORM_URLENCODED = "application/x-www-form-urlencoded";/*** Generate a sorted query parameter string from parameter array.* such as array('b' => 1, 'a' => 2) to "a=1&b=2"** @param array $paramArr* @return string sorted query string*/function getSortedParameterStr($paramArr){ksort($paramArr);$tmpArr = array();foreach ($paramArr as $k => $v) {$tmp = $k;if (!empty($v)) {$tmp .= ("=" . $v);}array_push($tmpArr, $tmp);}return join('&', $tmpArr);}/*** Send a HTTP request with App Authorization** @param $apiAppKey string API App Key* @param $apiAppSecret string API App Secret* @param $method string HTTP Method of API* @param $url string Request URL of API, note that environment path (/release) is not allowed* @param $contentType string Request Content-Type header, set empty if request body is not needed* @param $acceptHeader string Accept HTTP request header* @param $reqBody string Request Body, set null if request body is not needed* @param $formParam array form parameters array, set null if not form request* @param $algorithm string Encryption algorithm: sha1, sha256, sha384, sha512, SM3, default to sha1* @param $customHeaders array Custom HTTP Headers, such as `array('x-header-a' => 1)`*/function sendRequestWithAppAuth($apiAppKey, $apiAppSecret, $method, $url, $contentType, $acceptHeader,$reqBody=null, $formParam=null, $algorithm=null, $customHeaders=null){$contentMD5 = "";$isForm = ($contentType == FORM_URLENCODED);// Note: ContentMd5 is empty for application/x-www-form-urlencoded requestif ($isForm) {assert(!is_null($formParam), "formParam is required for form request");// generate request body from form parameters$reqBody = getSortedParameterStr($formParam);} elseif (!is_null($reqBody)) {// get content md5 for signing the request later$contentMD5 = base64_encode(md5($reqBody));}if (null === $algorithm) {$algorithm = "sha1";}// ===================================// STEP 1: Generate the string to sign// ===================================echo "1. URL:\n $url\n";// Note:// 1. parameters needs to be sorted in alphabetical order// 2. parameters include both query parameters and form parameters$paramArr = array();$parsedUrl = parse_url($url);if (!is_null($parsedUrl['query']) && !empty($parsedUrl['query'])) {parse_str($parsedUrl['query'], $paramArr);}if (!empty($formParam)) {$paramArr = array_merge($paramArr, $formParam);}$pathAndParam = $parsedUrl['path'];if (!empty($paramArr)){$pathAndParam = $pathAndParam . '?' . getSortedParameterStr($paramArr);}$xDateHeader = gmstrftime('%a, %d %b %Y %T %Z', time());$strToSign = sprintf("x-date: %s\n%s\n%s\n%s\n%s\n%s",$xDateHeader, $method, $acceptHeader, $contentType, $contentMD5, $pathAndParam);// Print stringToSign for debugging if authorization failed with 401$strToSignDebug = str_replace("\n", "#", $strToSign);echo "2. StringToSign:\n $strToSignDebug\n";// ===============================================================================// STEP 2: Generate the signature (Authorization header) based on the stringToSign// ===============================================================================// Encode the string with HMAC and base64.$sign = base64_encode(hash_hmac($algorithm, $strToSign, $apiAppSecret, TRUE));$authHeader = sprintf('hmac id="%s", algorithm="hmac-%s", headers="x-date", signature="%s"',$apiAppKey, $algorithm, $sign);$headers = array('Host:' . $parsedUrl['host'],'Accept:' . $acceptHeader,'X-Date:' . $xDateHeader,'Authorization:' . $authHeader,);if (!empty($contentType)) {array_push($headers, "Content-Type:" . $contentType);}if (!empty($contentMD5)) {array_push($headers, "Content-MD5:" . $contentMD5);}if (!is_null($customHeaders) && is_array($customHeaders)) {foreach ($customHeaders as $k => $v) {array_push($headers, $k . ":" . $v);}}echo "3. Request Headers:\n";var_dump($headers);// ============================// STEP 3: Send the API request// ============================$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_TIMEOUT, 60);if (!empty($reqBody)) {curl_setopt($ch, CURLOPT_POSTFIELDS, $reqBody); // only required if request body is present}curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);$data = curl_exec($ch);if (curl_errno($ch)) {print "Error: " . curl_error($ch);} else {echo "Response: \n";var_dump($data);curl_close($ch);}}
GET sample request
// ==========================================================// Example 1: Send a GET request without a request body// ==========================================================$apiAppKey = '<your_app_key>';$apiAppSecret = '<your_app_secret>';$httpMethod = "GET";$acceptHeader = "application/json";// Note: environment path, such as `/release`, is not supported with App Authorization$url = 'https://service-xxxx-xxxx.gz.apigw.tencentcs.com/testmock?b=1&a=2';sendRequestWithAppAuth($apiAppKey, $apiAppSecret, $httpMethod, $url, "", $acceptHeader);
POST JSON sample request
// ==========================================================// Example 2: Send a POST request with JSON request body// ==========================================================$apiAppKey = '<your_app_key>';$apiAppSecret = '<your_app_secret>';$httpMethod = "POST";$acceptHeader = "application/json";$contentType = "application/json";// Note: environment path, such as `/release`, is not supported with App Authorization$url = 'https://service-xxxx-xxxx.gz.apigw.tencentcs.com/testmock?b=1&a=2';$jsonBody = "{\"data\":1}";sendRequestWithAppAuth($apiAppKey, $apiAppSecret, $httpMethod, $url,$contentType, $acceptHeader, $jsonBody);
POST form-urlencoded sample request
$apiAppKey = '<your_app_key>';$apiAppSecret = '<your_app_secret>';$httpMethod = "POST";$acceptHeader = "application/json";$contentType = "application/x-www-form-urlencoded";// Note: environment path, such as `/release`, is not supported with App Authorization$url = 'https://service-xxxx-xxxx.gz.apigw.tencentcs.com/testmock?b=1&a=2';$customHeaders = array("x-custom-header" => 1);$formParam = array('id' => 1, 'name' => 'tencent');sendRequestWithAppAuth($apiAppKey, $apiAppSecret, $httpMethod, $url,$contentType, $acceptHeader, null, $formParam, null, $customHeaders);
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No