CloudMonitor:Does CloudMonitor support the HMAC-SHA1 signature algorithm and how do I use it?

Yes, CloudMonitor supports the HMAC-SHA1 signature algorithm. It is the only signature algorithm that CloudMonitor supports. To use the HMAC-SHA1 signature algorithm, perform the steps described in this topic.

1. Prepare an Alibaba Cloud AccessKey pair.
   A pair of AccessKey ID and AccessKey secret is required to generate a signature for an HTTP request.

   Note You can use an existing AccessKey pair or create one. The AccessKey pair must be active.
2. Generate a signature string for an HTTP request.
   The signature string of an HTTP request is generated based on the Method, Header, and Body fields of the HTTP request.

   SignString = VERB + "\n"
                + CONTENT-MD5 + "\n"
                + CONTENT-TYPE + "\n"
                + DATE + "\n"
                + CanonicalizedHeaders + "\n"
                + CanonicalizedResource

   In the preceding formula, \n indicates the escaped newline character and the plus sign (+) indicates the string concatenation operator. The following table describes the definitions of other fields.

   Parameter	Description	Example
   VERB	The HTTP method used to make the request.	PUT, GET, or POST
   CONTENT-MD5	The MD5 value of the Body field in the HTTP request. Note The MD5 value must be a string consisting of uppercase letters and digits.	0B9BE351E56C90FED853B32524253E8B
   CONTENT-TYPE	The type of the HTTP request body.	application/json
   DATE	The standard timestamp header of the HTTP request. Note This timestamp header follows the RFC 1123 time format and uses the GMT standard time.	Mon, 3 Jan 2010 08:33:47 GMT
   CanonicalizedHeaders	The string constructed from the custom headers that are prefixed with x-cms and x-acs in the HTTP request.	x-cms-api-version:0.1.0 x-cms-signature
   CanonicalizedResource	The string constructed from the resources requested by the HTTP request.	/event/custom/upload

   The CanonicalizedHeaders and CanonicalizedResource strings in the preceding table are constructed based on the following rules:

   • CanonicalizedHeaders
     1. Convert the names of all headers that are prefixed with x-cms and x-acs to lowercase letters.
     2. Sort the case-converted headers generated in the preceding step in lexicographic order.
     3. Delete all spaces on each side of the delimiter between each header and value.
     4. Separate all the preceding headers with delimiters (\n) to form the final CanonicalizedHeaders string.
   • CanonicalizedResource
     1. Set the CanonicalizedResource string to an empty string ("").
     2. Place the URI that you want to access, such as /event/custom/upload, between the quotation marks.
     3. If the request contains a query string, add a question mark (?) and the query string to the end of the CanonicalizedResource string.

        The sort string is the lexicographically sorted string of the request parameters included in the URI. Equal signs (=) are used between the names and values of parameters to form a string. The parameter name-parameter value pairs are then sorted in lexicographic order and connected with ampersands (&) to form a string. The following formula is used to construct the query string:

        QUERY_STRING = "KEY1=VALUE1" + "&" + "KEY2=VALUE2"

3. Generate a digital signature for the HTTP request.
   Formula for generating a digital signature:

   Signature=base16(hmac-sha1(UTF8-Encoding-Of(SignString),AccessKeySecret))

   Sample signature string of an HTTP request:

   SignString="POST" + "\n"
   +"0B9BE351E56C90FED853B32524253E8B" + "\n"
   +"application/json" + "\n"
   +"Tue, 11 Dec 2018 21:05:51 +0800" + "\n"
   +"x-cms-api-version:1.0" + "\n"
   +"x-cms-ip:127.0.0.1" + "\n"
   +"x-cms-signature:hmac-sha1" + "\n"
   +"/metric/custom/upload"
   accesskey="testkey"
   accessSecret="testsecret" // The AccessKey secret used to sign the HTTP request. 

   Signature generated based on the preceding signature string:

   1DC19ED63F755ACDE203614C8A1157EB1097E922