ID Verification:Integrate Real ID with an app

Procedure

1. Log on to the RAM console and obtain the AccessKey pair. For more information, see Obtain an AccessKey pair.
   You can use an Alibaba Cloud account or a RAM user for development and management.
2. Sign the API request. For more information, see API signatures.
3. Integrate Real ID with your app.
   For more information, see ZoloZ Real ID>Integrate Real ID with an app.

API signatures

You must sign all HTTP and HTTPS API requests to ensure security. Alibaba Cloud verifies the identity of a request sender based on the request signature. Real ID implements symmetric encryption with an AccessKey pair to verify the identity of the request sender. An AccessKey pair consists of an AccessKey ID and an AccessKey secret.

1. Construct a canonicalized query string. After you complete the preceding steps, a canonicalized query string (CanonicalizedQueryString) that follows the request syntax is generated.
   1. Sort the request parameters. Sort all common request parameters in alphabetical order.
      Note If you use the GET method to send a request, the request parameters are included as part of the request URL. The parameters follow the question mark (?) and are connected by ampersands (&) in the URL.
   2. Encode the parameters. Follow RFC 3986 to encode parameters and their values in UTF-8 based on the following rules:

      private static final String ENCODING = "UTF-8"; private static String percentEncode(String value) throws UnsupportedEncodingException {   return value != null ? URLEncoder.encode(value, ENCODING).replace("+", "%20").replace("*", "%2A").replace("%7E", "~") : null; }

      Note

      • Uppercase letters, lowercase letters, digits, and some special characters such as hyphens (-), underscores (_), periods (.), and tildes (~) do not need to be encoded.
      • Other characters must be percent-encoded in the %XY format. XY represents the ASCII code of the characters in hexadecimal notation. For example, double quotation marks (") are encoded as %22.
      • Extended UTF-8 characters are encoded in the %XY%ZA… format.
      • Spaces must be encoded as %20. Do not encode spaces as plus signs (+). The preceding encoding method is similar to but slightly different from the application/x-www-form-urlencoded MIME encoding algorithm. If you use java.net.URLEncoder in the Java standard library, use percentEncode to encode request parameters and their values. In the encoded query string, replace the plus sign (+) with %20, the asterisk (*) with %2A, and %7E with a tilde (~). This way, you can obtain an encoded string that matches the preceding encoding rules.
   3. Use an equal sign (=) to concatenate each encoded request parameter and its value.
   4. Use ampersands (&) to concatenate different request parameters. Note that the order of the parameters must be the same as the order used in Step i.
2. Create a string-to-sign.
   1. Create a string-to-sign. You can also use percentEncode to encode the canonicalized query string constructed in the previous step. Take note of the following rules to create a string-to-sign:

      StringToSign=   HTTPMethod + "&" + //HTTPMethod: the HTTP method that is used to send a request, such as GET.    percentEncode("/") + "&" + //percentEncode("/"): Encode the forward slash (/) in UTF-8 as %2F.    percentEncode(CanonicalizedQueryString) // Encode the canonicalized query string that is created in the previous step. 

   2. Calculate the HMAC-SHA1 value of string-to-sign based on RFC 2104. In this example, the Java Base64 encoding method is used.

      Signature = Base64( HMAC-SHA1( AccessSecret, UTF-8-Encoding-Of(StringToSign) ) )

      Note When you calculate the signature, the key value specified by RFC 2104 is your AccessKey secret with an ampersand (&) appended to it. The ASCII value of an ampersand (&) is 38. For more information, see Obtain an AccessKey pair.
   3. Encode the Signature parameter based on RFC 3986 and add it to the canonicalized query string.