You can access the Drive and Photo Service API by using access tokens. Access tokens are used to verify user identities. If your application uses an Open Authorization (OAuth) user system of Drive and Photo Service, access tokens are generated by the OAuth service after the authentication is complete. If your application uses a custom user system, access tokens are generated by using trusted private keys.
1. OAuth user systems supported by Drive and Photo Service
(1) Configure an OAuth user system for a domain
Drive and Photo Service supports the following OAuth user systems:
Mobile number: By default, users can register with and log on to applications to access Drive and Photo Service by using mobile numbers.
DingTalk: Users can log on to applications by scanning DingTalk QR codes or entering DingTalk accounts and passwords.
Resource Access Management (RAM) user: Users can log on to applications that use OAuth user systems as Alibaba Cloud RAM users.
Please refer to the specific configuration process:
(2) Example of an OAuth logon page
After you configure user systems for a domain, you can find the corresponding logon methods on the OAuth logon page.
(3) Enable OAuth logon for an application
BasicUI supports OAuth logon. On the Applications tab of the domain details page, find BasicUI and click Allow Access in the Actions column. In the message that appears, click OK. Then, log on to BasicUI as the super administrator to synchronize data.
Other self-built applications that want to access the OAuth login process need to follow the following process to access it:
2. Third-party account system access
A custom application is an AccessToken generated by a trusted private key calculation and can access any third-party account system by itself. There are two specific access schemes:
(1) Access in JWT mode (Recommended)
Direct calculation through private key (recommended) Generate Token access through standard JWT, see here for the specific implementation method: Access process for JWT applications
(2) Use the AccessKey pair to invoke the API
Obtain Token access through AccessKey Access interface, and see here for the specific implementation method: Calling PDS API By Using An AccessKey Pair