All Products
Search
Document Center

ApsaraMQ for RabbitMQ:CreateAccount

Last Updated:Nov 25, 2024

Creates a pair of static username and password. If you access an ApsaraMQ for RabbitMQ broker from an open source RabbitMQ client, you must use a pair of username and password for authentication. You can access the ApsaraMQ for RabbitMQ broker only after the authentication is passed. ApsaraMQ for RabbitMQ allows you to generate usernames and passwords by using AccessKey pairs provided by Alibaba Cloud Resource Access Management (RAM).

Operation description

Background information

If you access an ApsaraMQ for RabbitMQ broker from an open source RabbitMQ client, you must use a pair of username and password for authentication. You can access the ApsaraMQ for RabbitMQ broker only after the authentication is passed. ApsaraMQ for RabbitMQ allows you to generate usernames and passwords by using AccessKey pairs provided by Alibaba Cloud RAM.

Precautions

  • The ApsaraMQ for RabbitMQ instance for which you want to create a pair of static username and password must be in the Running state.
  • You can use an AccessKey pair to create only one pair of static username and password for an ApsaraMQ for RabbitMQ instance.
  • If you want to update an existing pair of static username and password, you must delete the existing pair and create another pair.

Sample code on how to generate a username

The value of the userName parameter in the request is a Base64-encoded string that is generated by using the instance ID and AccessKey ID. The following sample code provides an example on how to generate a username:

    public class Base64Utils {
         public static final Charset UTF8 = Charset.forName("UTF-8");
         /\*\*
         * Decode the Base64 string.
         \* @param str
         \* @return
         \*/
         public static String decode(String str) {
              return new String(Base64.getDecoder().decode(str.getBytes(UTF8)), UTF8);
         }
         /\*\*
         * Encode the instance ID and AccessKey ID into a Base64 string.
         \* @param bytes = "2" + ":" + "{instanceId}" + ":" + "{ak}"
         \* @return
         \*/
         public static String encode(String bytes) {
              return new String(Base64.getEncoder().encode(bytes.getBytes(UTF8)), UTF8);
          }

         public static void main(String[] args) {
              String example = "this is a example";
              System.out.println(encode(example));
              System.out.println(decode(encode(example)));

        }
    }

Sample code on how to generate a signature

The system uses the encryption algorithm to generate the values of the signature and secretSign parameters in the request based on the timestamp that indicates when the specified static username is created and the AccessKey ID. The following sample code provides an example on how to generate the values of the signature and secretSign parameters:

public static String hamcsha1(byte[] data, byte[] key) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec signingKey = new SecretKeySpec(key, "HmacSHA1");
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(signingKey);
        return byte2hex(mac.doFinal(data));
    }

    public static String byte2hex(byte[] b) {
        StringBuilder hs = new StringBuilder();
        String stmp;
        for (int n = 0; b != null && n < b.length; n++) {
            stmp = Integer.toHexString(b[n] & 0XFF);
            if (stmp.length() == 1) {
                hs.append('0');
            }
            hs.append(stmp);
       } 
       return hs.toString().toUpperCase();
    }
     // If value1 is the timestamp that indicates when the static username is created and value2 is the AccessKey ID, the value of the secretSign parameter is generated. If value1 is the AccessKey ID, value2 is the timestamp that indicates when the static username is created, the value of the signature parameter is generated.
     public static void main(String[] args) throws InvalidKeyException, NoSuchAlgorithmException {
         String value1 = "XXX";
         String value2 = "XXX";
         System.out.println(hamcsha1(value1.getBytes(), value2.getBytes()));
     }

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
amqp:FetchStaticAccountcreate
*Instance
acs:amqp:{#regionId}:{#accountId}:/instances/{#instanceId}
    none
  • amqp:GetInstance

Request parameters

ParameterTypeRequiredDescriptionExample
instanceIdstringYes

The ID of the instance for which you want to create a pair of static username and password.

amqp-cn-*********
accountAccessKeystringYes

The AccessKey ID of your Alibaba Cloud account or RAM user. For information about how to obtain an AccessKey pair, see Create an AccessKey pair.

Note If you use the pair of static username and password that is created by using the Accesskey pair of a RAM user to access ApsaraMQ for RabbitMQ to send and receive messages, make sure that the RAM user is granted the required permissions. For more information, see RAM policies.
LTAI5t8be*******tEJ6vfo
userNamestringYes

The static username that you want to create.

The value of this parameter is a Base64-encoded string that is generated based on the instance ID and AccessKey ID. For more information, see the "Sample code on how to generate a username" section of this topic.

MjphbXFwLWNuLXp***********************Q4YmVNbVZNMWVSWnRFSjZ2Zm8=
signaturestringYes

The signature. The system generates a static password based on the signature in the request, the AccessKey secret signature, and the username.

The system uses the HMAC-SHA1 algorithm to generate the signature based on the timestamp that indicates when the username is created and the AccessKey ID. For more information, see the "Sample code on how to generate a signature" section of this topic.

22c2d7d1769cb53c5a6d9213248e2de524c4f799
createTimestamplongYes

The timestamp that indicates when the password is created. Unit: milliseconds.

Note This timestamp is specified by you and is used to generate a static password. The timestamp is not the timestamp that indicates when the system generates the password.
1671175303522
secretSignstringYes

The AccessKey secret signature. The system generates a static password based on the signature in the request, the AccessKey secret signature, and the username.

The system uses the HMAC-SHA1 algorithm to generate the AccessKey secret signature based on the timestamp that indicates when the username is created and the AccessKey ID. For more information, see the "Sample code on how to generate a signature" section of this topic.

4c1a6367ce4c4255e9617326f9133ac6359533f6

Response parameters

ParameterTypeDescriptionExample
object

The returned results.

RequestIdstring

The request ID.

92385FD2-624A-48C9-8FB5-753F2AFA***
Codeinteger

The HTTP status code. The status code 200 indicates that the request was successful.

200
Messagestring

The returned message.

operation success
Successboolean

Indicates whether the call is successful.

true
Dataobject

The returned data.

AccessKeystring

The AccessKey ID that is used to create the password.

LTAI5***********eRZtEJ6vfo
Passwordstring

The created static password.

NEMxQTYzNjdDRTVDNDI1NUU5NjE3**************1MzNGODoxNjcxMTc1MzEzNTIy
CreateTimeStamplong

The timestamp that indicates when the password was created. Unit: milliseconds.

1671175303522
InstanceIdstring

The ID of the ApsaraMQ for RabbitMQ instance.

amqp-cn-*********
MasterUIdlong

The Alibaba Cloud account ID or RAM user to which the AccessKey pair that is used to create the static username and password belongs.

15657*********01
UserNamestring

The created static username.

MjphbXFwLWNuLXVxbTJ6cjc2djAwMzpMVEFJNX*******ZNMWVSWnRFSjZ2Zm8=

Examples

Sample success responses

JSONformat

{
  "RequestId": "92385FD2-624A-48C9-8FB5-753F2AFA***",
  "Code": 200,
  "Message": "operation success",
  "Success": true,
  "Data": {
    "AccessKey": "LTAI5***********eRZtEJ6vfo\n",
    "Password": "NEMxQTYzNjdDRTVDNDI1NUU5NjE3**************1MzNGODoxNjcxMTc1MzEzNTIy",
    "CreateTimeStamp": 1671175303522,
    "InstanceId": "amqp-cn-*********",
    "MasterUId": 0,
    "UserName": "MjphbXFwLWNuLXVxbTJ6cjc2djAwMzpMVEFJNX*******ZNMWVSWnRFSjZ2Zm8="
  }
}

Error codes

For a list of error codes, visit the Service error codes.