If the existing SDKs cannot meet your business requirements, you can construct custom HTTP requests.
Procedure
Step 1: Check the API style of the cloud service that you want to access
The method that is used to construct custom HTTP requests varies based on the styles of APIs. You can check the API reference for the cloud service that you want to access to determine whether the service uses the remote procedure call (RPC) or resource-oriented architecture (ROA) style. For more information, see API styles.
Step 2: Construct a request and sign the request
The request syntax varies based on the styles of APIs. For more information, see Request syntax and signature method V3.
Step 3: Process the responses
If you already know the data to be returned by an API operation, you can convert the responses into pre-defined objects. Otherwise, you must process the responses in a generic manner.
Step 4: Design the exception handing and retry logic
Exceptions may occur due to issues such as network disconnections or invalid request parameters. Therefore, you must design the exception handing and retry logic.
Reasons for signing HTTP requests
Signing HTTP requests is to protect cloud services from malicious requests and intercept invalid requests in advance. The signing is implemented by adding specific information to requests, such as keys, timestamps, and random numbers.
The following purposes can be achieved by signing HTTP requests:
Prevent request forgery: The signature can help the API gateway identify whether a request is sent by a legitimate client. This can prevent invalid requests from entering the system.
Prevent replay attacks: The signature contains information such as timestamps and random numbers. They can prevent requests from being replayed and ensure that each request is only executed once.
Prevent request tampering: The signature contains credential information, which can ensure that a request has not been tampered with or forged during transmission.
Support auditing: The signature can record the source information and timestamp of a request. This way, service providers can audit and track system usage.