TencentCloud API authenticates each access request using the signature algorithm (Signature), so each request is required to include Signature
for user authentication.
Before using a TencentCloud API for the first time, you need to apply for security credentials in the Tencent Cloud Console. The security credential consists of SecretId and SecretKey. SecretId is used to identify the API requester, while SecretKey is used to encrypt the strings to create a signature so that Tencent Cloud server can validate the identity of the requester. Keep your SecretKey private and avoid disclosure. If you already have the security credential, skip to the “Generating a Signature String” section.
Before using a TencentCloud API for the first time, you need to apply for security credentials.
Suppose that the SecretId and SecretKey obtained from the last step are:
To make a request for querying the list of CVM instances, the request parameters are:
Parameter | Parameter Format |
---|---|
Action | Action=DescribeInstances |
SecretId | SecretId= AKID****J5yKBZQpn74WFkmLPx3gnPhESA |
Current timestamp | Timestamp=1408704141 |
Random positive integer | Nonce=345122 |
Region | Region=gz |
First CVM instance ID to query | instanceIds.0=qcvm12345 |
Second CVM instance to query | instanceIds.1=qcvm56789 |
To generate an API signature, do as follows:
Sort the request parameters in an ascending lexicographical order by their names (such as using the ksort
function in PHP), and the result is as follows:
{
'Action' : 'DescribeInstances',
'Nonce' : 345122,
'Region' : 'gz',
'SecretId' : 'AKID****J5yKBZQpn74WFkmLPx3gnPhESA',
'Timestamp' : 1408704141
'instanceIds.0' : 'qcvm12345',
'instanceIds.1' : 'qcvm56789',
}
Format the above sorted request parameters as k=v, and then combine them with "&". Please note that v is the original value, instead of the URL-encoded value.
Action=DescribeInstances&Nonce=345122&Region=gz&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA&Timestamp=1408704141& instanceIds.0=qcvm12345&instanceIds.1=qcvm56789
The following parameters are required for constructing original signature strings:
/v2/index.php
.Construct an original signature string in the format of:
Request method + request CVM + request path + ? + request string.
The resulting string in the example is:
GETcvm.api.qcloud.com/v2/index.php?Action=DescribeInstances&Nonce= 345122&Region=gz&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA&Timestamp=1408704141
The sample code in PHP is as follows:
$secretKey = 'Gu5t9xGARNpq86cd98joQYCN3Cozk1qA';
$srcStr = 'GETcvm.api.qcloud.com/v2/index.php?Action=DescribeInstances&Nonce=345122&Region=gz&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA&Timestamp=1408704141';
$signStr = base64_encode(hash_hmac('sha1', $srcStr, $secretKey, true));
echo $signStr;
The signature string obtained is as follows:
HgIY****5lN6gz8JsCFBNAWp2oQ=
You can use any other programming languages as long as the resulting signature is the same as the one in this example.
Add the Signature
parameter, which is the signature string generated in the previous step, to the request parameter, and convert the signature to a URL-encoded one. The HgIY****5lN6gz8JsCFBNAWp2oQ=
signature generated above is encoded to HgIY****5lN6gz8JsCFBNAWp2oQ%3D
.
If you use the GET request method, all the request parameter values must be URL-encoded. If you use the POST request method, URL encoding is only needed for Signature parameter.
Send HTTPS protocol request to obtain the returned value of API in JSON string format.
The final request URL in the example is as follows:
https://cvm.api.qcloud.com/v2/index.php?Action=DescribeInstances
&Nonce=345122
&Region=gz
&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA
&Signature=HgIY****5lN6gz8JsCFBNAWp2oQ%3D
&Timestamp=1408704141
&instanceIds.0=qcvm12345
&instanceIds.1=qcvm56789
本页内容是否解决了您的问题?