All Products
Search
Document Center

Alibaba Cloud SDK:Request syntax and signature method

最終更新日:Feb 02, 2024

If the existing SDKs cannot meet your business requirements, you can construct custom HTTP requests.

Procedure

Step 1: Check the API style of the cloud service that you want to access

The method that is used to construct custom HTTP requests varies based on the styles of APIs. You can check the API reference for the cloud service that you want to access to determine whether the service uses the remote procedure call (RPC) or resource-oriented architecture (ROA) style. For more information, see API styles.

Step 2: Construct a request and sign the request

The request syntax varies based on the styles of APIs. For more information, see Request syntax and signature method V3.

Step 3: Process the responses

If you already know the data to be returned by an API operation, you can convert the responses into pre-defined objects. Otherwise, you must process the responses in a generic manner.

Step 4: Design the exception handing and retry logic

Exceptions may occur due to issues such as network disconnections or invalid request parameters. Therefore, you must design the exception handing and retry logic.

Reasons for signing HTTP requests

Signing HTTP requests is to protect cloud services from malicious requests and intercept invalid requests in advance. The signing is implemented by adding specific information to requests, such as keys, timestamps, and random numbers.

The following purposes can be achieved by signing HTTP requests:

  1. Prevent request forgery: The signature can help the API gateway identify whether a request is sent by a legitimate client. This can prevent invalid requests from entering the system.

  2. Prevent replay attacks: The signature contains information such as timestamps and random numbers. They can prevent requests from being replayed and ensure that each request is only executed once.

  3. Prevent request tampering: The signature contains credential information, which can ensure that a request has not been tampered with or forged during transmission.

  4. Support auditing: The signature can record the source information and timestamp of a request. This way, service providers can audit and track system usage.