All Products
Search
Document Center

Alibaba Cloud SDK:Request syntax and signature method V2 for RPC APIs

Last Updated:Nov 08, 2024

This topic describes how to construct requests to call Alibaba Cloud API operations in the remote procedure call (RPC) style, including the request syntax, responses, and signature method. You can call Alibaba Cloud API operations in the RPC style by sending HTTP requests. You can also develop SDKs to call the API operations in the RPC style.

Important

The request syntax and signature method V2 are discontinued. Use the request syntax and signature method V3.

HTTP methods for RPC APIs

RPC is a protocol that allows a client to remotely call a server method in a manner similar to a local function. Alibaba Cloud supports the following HTTP methods for RPC APIs:

  • GET: obtains resources from a server.

  • POST: submits data or requests to a server.

HTTP request syntax

The following table describes the components of an Alibaba Cloud API request in the RPC style.

Component

Required

Description

Example

Protocol

Yes

The protocol that is used to send the API request. You can send a request over HTTP or HTTPS. To ensure data security, we recommend that you send requests over HTTPS.

https://

Endpoint

Yes

The endpoint of the Alibaba Cloud service API. You can view the endpoint of a specific Alibaba Cloud service in a specific region in the API reference of the service.

ecs.aliyuncs.com

Common request parameters

Yes

The parameters that must be included in all Alibaba Cloud API requests. For more information, see the Common request parameters section of this topic.

Action

Operation-specific request parameters

No

The request parameters that are specific to the API operation. For more information, visit OpenAPI Portal.

RegionId

HTTP method

Yes

The request method of the RPC request. Valid values: POST and GET.

GET

Common request parameters

The following table describes the common request parameters of Alibaba Cloud API requests.

Parameter

Type

Required

Description

Example

Action

String

Yes

The operation that you want to perform. You can search for the API operation that you want to call in OpenAPI Portal.

CreateInstance

Version

String

Yes

The version number of the API. You can view the API version of the service that you want to access in OpenAPI Portal. For example, you can view the API version of Short Message Service (SMS) in OpenAPI Portal. The API version is 2017-05-25.

2014-05-26

Format

String

No

The format in which to return the response. Valid values: JSON and XML. Default value: XML.

JSON

AccessKeyId

String

Yes

The AccessKey ID provided to you by Alibaba Cloud. You can view your AccessKey ID in the Resource Access Management (RAM) console. For more information about how to create an AccessKey pair, see Create an AccessKey pair.

yourAccessKeyId

SignatureNonce

String

Yes

A unique, random number used to prevent network replay attacks. We recommend that you use different numbers for different requests. The length of the numbers is not limited.

15215528852396

Timestamp

String

Yes

The timestamp of the request. The timestamp is valid for 31 minutes. You must initiate the request within 31 minutes after the timestamp is generated. Specify the time in the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time must be in UTC.ISO 8601 Time Format

For example, 2018-01-01T12:00:00Z specifies 20:00:00 on January 1, 2018 in UTC+8.

2018-01-01T12:00:00Z

SignatureMethod

String

Yes

The encryption method of the signature string. Set the value to HMAC-SHA1.

HMAC-SHA1

SignatureVersion

String

Yes

The version of the signature encryption algorithm. Set the value to 1.0.

1.0

Signature

String

Yes

The signature string of the current request. For more information about how signatures are calculated, see the Signature method section of this topic.

Pc5WB8gokVn0xfeu%2FZV%2BiNM1dgI%3D

API request construction

Step 1: Construct a URL

  • Construct a URL for an API request in the following format: [Protocol][Endpoint]?[Common request parameters][Operation-specific request parameters].

  • For a POST request, we recommended that you include operation-specific request parameters in the request body. For a GET request, pass the parameters in the URL query string.

  • Encode the request parameters. For example, if the value of Timestamp is 2016-02-23T12:46:24Z, the encoded value is 2016-02-23T12%3A46%3A24Z. For more information about encoding rules, see the Encoding rules section of this topic.

Sample URL:

http://ecs.aliyuncs.com/?SignatureVersion=1.0&Action=DescribeDedicatedHosts&Format=XML&SignatureNonce=3ee8c1b8-xxxx-xxxx-xxxx-xxxxxxxxx&Version=2014-05-26&AccessKeyId=testid&Signature=OLeaidS1JvxuMvnyHOwuJ%2BuX5qY%3D&SignatureMethod=HMAC-SHA1&Timestamp=2016-02-23T12%3A46%3A24Z&RegionId=cn-hangzhou&Status=Available

Step 2: Initiate an API request

  • For a GET request, you can initiate the request by using a tool such as a browser, cURL, or wget.

  • For a POST request, you must pass the operation-specific request parameters in the request body. You must also set the Content-Type request header to application/x-www-form-urlencoded.

Responses

Responses can be returned in either the JSON or XML format. The default response format is XML. You can specify the response format by using the common request parameter Format.

Note

The sample responses that are provided in the API reference are formatted with line breaks and indentations for better readability. The actual responses do not have line breaks or indentations.

If an API call is successful, a request ID is returned. The HTTP status code is 2xx, which is not displayed in the response. Sample success responses:

  • XML format:

<?xml version="1.0" encoding="UTF-8"?> <!--Result Root Node-->
<ActionResponse> <!--Return Request Tag-->
    <RequestId>4C467B38-3910-447D-87BC-AC049166F216</RequestId> <!--Return Result Data-->
</ActionResponse>
  • JSON format:

{
    "RequestId": "4C467B38-3910-447D-87BC-AC049166F216" /* Return Result Data */
}

If an API call fails, a request ID, a service node, an error code, and an error message are returned. The HTTP status code is 4xx or 5xx. Sample error responses:

  • XML format:

<?xml version="1.0" encoding="UTF-8"?><!--Result Root Node-->
<Error>
    <RequestId>540CFF28-407A-40B5-B6A5-74Bxxxxxxxxx</RequestId> <!--Request ID-->
    <HostId>ecs.aliyuncs.com</HostId> <!--Endpoint-->
    <Code>MissingParameter.CommandId</Code> <!--Error Code-->
    <Message>The input parameter "CommandId" that is mandatory for processing this request is not supplied.</Message> <!--Error Message-->
</Error>
  • JSON format:

{
    "RequestId": "540CFF28-407A-40B5-B6A5-74Bxxxxxxxxx", /* Request ID */
    "HostId": "ecs.aliyuncs.com", /* Endpoint */
    "Code": "MissingParameter.CommandId", /* Error Code */
    "Message": "The input parameter "CommandId" that is mandatory for processing this request is not supplied." /* Error Message */
}
Note

If an API call fails, you can troubleshoot the error on the Alibaba Cloud OpenAPI Diagnostics page based on the request ID that is returned. For more information about error codes, visit the Global error code and Error Codes pages. If the error persists, you can submit a ticket and provide the endpoint and request ID.

Signature method

You must sign all API requests to ensure security. Alibaba Cloud uses the request signature to verify the identity of the API caller. This section describes how to calculate signatures.

Step 1: Create a canonicalized query string

1. Arrange the request parameters in alphabetical order to construct a canonicalized query string. These request parameters include all common parameters and operation-specific parameters except Signature. For more information, see the Common request parameters section of this topic. The following pseudocode shows how to arrange parameters:

// Example: Parameters {b, a, C} are arranged as {C, a, b}.
sortParams = sorted(params.keys())

2. Encode the request parameters and values in UTF-8 based on RFC 3986. For more information, see the Encoding rules section of this topic. The encoding method in this step is referred to as encodeURIComponent. The following pseudocode shows how to encode request parameters and values:

// Example: A request parameter and its value are encoded as %E6%B5%8B%E8%AF%95 and %E4%B8%AD%E6%96%87.
encodeURIComponent(sortParams.keys, sortParams.values)

3. Use an equal sign (=) to concatenate each encoded request parameter and its value. Then, use ampersands (&) to concatenate the encoded request parameters. The parameters must be arranged in the order specified in the first step in Step 1. The following pseudocode shows how to encode request parameters and values:

// Example: The encoded parameter is test and the encoded value of the parameter is testvalue. The parameter and its value can be concatenated as test=testvalue.
encodeURIComponentParam.key=encodeURIComponentParam.value

The canonicalized query string is obtained and referred to as CanonicalizedQueryString.

Step 2: Construct a string-to-sign and calculate the signature string

1. Construct a string-to-sign. The following pseudocode shows how to construct a string-to-sign:

String stringToSign =
  HTTPMethod + "&" + // HTTPMethod specifies the HTTP method that is used to send a request, such as GET. 
  encodeURIComponent("/") + "&" + // encodeURIComponent specifies the encoding method that is used in the second step of Step 1.
  encodeURIComponent(CanonicalizedQueryString) // CanonicalizedQueryString specifies the canonicalized query string that is obtained in Step 1.

2. Calculate the signature string for StringToSign by using the AccessKey secret of the specified AccessKey ID. You must follow RFC 2104 and use the HMAC-SHA1 algorithm. In this example, Base64() is the encoding function, HMAC_SHA1() is the function for generating the HMAC_SHA1 value, and UTF_8_Encoding_Of() is the function for UTF-8 encoding. The return value of HMAC_SHA1() is the raw data that is encoded other than a hexadecimal string. The following pseudocode shows how to calculate the signature string:

String signature = Base64(HMAC_SHA1(AccessSecret + "&", UTF_8_Encoding_Of(stringToSign)))

In this example, the signature algorithm HMAC-SHA1 is used, and the calculated signature string for the common request parameter Signature is referred to as signature.

Signature example

In this example, the DescribeDedicatedHosts operation of Elastic Compute Service (ECS) is called to query the details of one or more dedicated hosts. The AccessKey ID is testid, the AccessKey secret is testsecret, the value of SignatureNonce is edb2b34af0af9a6d14deaf7c1a5315eb, and the timestamp of the request is 2023-03-13T08:34:30Z. To calculate the signature string, perform the following steps:

  1. Construct a canonicalized query string.

    http://ecs.aliyuncs.com/?AccessKeyId=testid&Action=DescribeDedicatedHosts&Format=JSON&RegionId=cn-beijing&SignatureMethod=HMAC-SHA1&SignatureNonce=edb2b34af0af9a6d14deaf7c1a5315eb&SignatureVersion=1.0&Tag.1.Key=testkey&Tag.1.Value=testvalue&Timestamp=2023-03-13T08%3A34%3A30Z&Version=2014-05-26
  2. Construct a string-to-sign.

    GET&%2F&AccessKeyId%3Dtestid%26Action%3DDescribeDedicatedHosts%26Format%3DJSON%26RegionId%3Dcn-beijing%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3Dedb2b34af0af9a6d14deaf7c1a5315eb%26SignatureVersion%3D1.0%26Tag.1.Key%3Dtestkey%26Tag.1.Value%3Dtestvalue%26Timestamp%3D2023-03-13T08%253A34%253A30Z%26Version%3D2014-05-26
  3. Calculate the signature string. In this example, the AccessKey secret is testsecret and the encryption key used for HMAC calculation is testsecret&. The calculated signature string is fRmq1o6saIIjVlawOy+o6jDU9JQ=. The following pseudocode shows how to calculate the signature string:

    String Signature = Base64(HMAC_SHA1(AccessSecret + "&",UTF_8_Encoding_Of(stringToSign)))
  4. Obtain a complete URL. Add the Signature=fRmq1o6saIIjVlawOy%2Bo6jDU9JQ%3D string that is encoded based on RFC 3986 to the URL obtained in Step 1.

    https://ecs.cn-beijing.aliyuncs.com/?AccessKeyId=testid&Action=DescribeDedicatedHosts&Format=JSON&RegionId=cn-beijing&SignatureMethod=HMAC-SHA1&SignatureNonce=edb2b34af0af9a6d14deaf7c1a5315eb&SignatureVersion=1.0&Tag.1.Key=testkey&Tag.1.Value=testvalue&Timestamp=2023-03-13T08%3A34%3A30Z&Version=2014-05-26&Signature=fRmq1o6saIIjVlawOy%2Bo6jDU9JQ%3D
Important

The API version that you specify must match the endpoint that you use. Otherwise, an InvalidVersion error occurs. You can view the API version and endpoints of an Alibaba Cloud service on the homepage of the service in OpenAPI Portal.

After you obtain the new URL in Step 4, you can use a tool, such as a browser, cURL, or wget, to send an HTTP request to call the DescribeDedicatedHosts operation. This operation is used to query the details about one or more dedicated hosts.

Appendix

Encoding rules

When you call Alibaba Cloud API operations, you must encode the request parameters and values in UTF-8 based on RFC 3986. Encode the request parameters and values based on the following encoding rules:

  • Uppercase letters, lowercase letters, digits, hyphens (-), underscores (_), periods (.), and tildes (~) do not need to be encoded.

  • Other ASCII characters must be encoded in the %XY format. XY represents the ASCII code of the characters in hexadecimal notation. For example, double quotation marks (") are encoded as %22.

  • Non-ASCII characters are encoded in UTF-8.

  • Spaces must be encoded as %20. Do not encode spaces as plus signs (+).

References

Check the styles of APIs section of the "API styles" topic