tencent cloud

Cloud Load Balancer

릴리스 정보 및 공지 사항
릴리스 노트
제품 공지
제품 소개
제품 개요
제품 장점
시나리오
기술 원리
Product Comparison
사용 제한
Service Regions and Service Providers
구매 가이드
과금 개요
비용 계산 항목
구매 방식
연체 안내
제품 속성 선택
시작하기
도메인 이름 기반 CLB 시작하기
CLB 시작하기
CentOS에서 Nginx 배포하기
CentOS에서 Java Web 배포하기
운영 가이드
CLB 인스턴스
CLB 리스너
리얼 서버
상태 확인
인증서 관리
로그 관리
모니터링 및 알람
액세스 관리
사례 튜토리얼
CLB에 인증서 배치(양방향 인증)
HTTPS 포워딩 구성
리얼 클라이언트 IP 가져오기
로드 밸런싱 구성 모니터링 및 알람에 대한 모범 사례
다중 가용존에서 HA 구현
로드 밸런싱 알고리즘 선택 및 가중치 구성 예시
CLB 수신 도메인 이름에 대한 WAF 보호 구성하기
OPS 가이드
과도한 TIME_WAIT 상태의 클라이언트에 대한 솔루션
CLB HTTPS 서비스 성능 테스트
스트레스 테스트 FAQ
CLB 인증서 작업 권한
문제 해결
UDP 상태 확인 예외 발생
API 참조
History
Introduction
API Category
Instance APIs
Listener APIs
Backend Service APIs
Target Group APIs
Redirection APIs
Other APIs
Classic CLB APIs
Load Balancing APIs
Making API Requests
Data Types
Error Codes
CLB API 2017
FAQ
과금 관련
CLB 구성
헬스체크 이상 점검
HTTPS
WS/WSS 프로토콜 지원
HTTP/2 프로토콜 지원
연락처
용어집
문서Cloud Load BalancerAPI 참조CLB API 2017Making API RequestsAPI Authentication

API Authentication

PDF
포커스 모드
폰트 크기
마지막 업데이트 시간: 2024-12-19 10:54:08
TencentCloud API authenticates each access request using the signature algorithm (Signature), so each request is required to include Signature for user authentication.
Before using a TencentCloud API for the first time, you need to apply for security credentials in the Tencent Cloud Console. The security credential consists of SecretId and SecretKey. SecretId is used to identify the API requester, while SecretKey is used to encrypt the strings to create a signature so that Tencent Cloud server can validate the identity of the requester. Keep your SecretKey private and avoid disclosure. If you already have the security credential, skip to the “Generating a Signature String” section.

Applying for Security Credentials

Before using a TencentCloud API for the first time, you need to apply for security credentials.
1. Log in to the API Key Management console.
2. Click Create Key to create one SecretId/SecretKey pair. Each account can have at most two keys.

Generating a Signature String

Suppose that the SecretId and SecretKey obtained from the last step are:
SecretId: AKID****J5yKBZQpn74WFkmLPx3gnPhESA.
SecretKey: Gu5t****pq86cd98joQYCN3Cozk1qA.
To make a request for querying the list of CVM instances, the request parameters are:
Parameter
Parameter Format
Action
Action=DescribeInstances
SecretId
SecretId= AKID****J5yKBZQpn74WFkmLPx3gnPhESA
Current timestamp
Timestamp=1408704141
Random positive integer
Nonce=345122
Region
Region=gz
First CVM instance ID to query
instanceIds.0=qcvm12345
Second CVM instance to query
instanceIds.1=qcvm56789
To generate an API signature, do as follows:

Sorting parameters

Sort the request parameters in an ascending lexicographical order by their names (such as using the ksort function in PHP), and the result is as follows:
{
  'Action' : 'DescribeInstances',
  'Nonce' : 345122,
  'Region' : 'gz',
  'SecretId' : 'AKID****J5yKBZQpn74WFkmLPx3gnPhESA',
  'Timestamp' : 1408704141
  'instanceIds.0' : 'qcvm12345',
  'instanceIds.1' : 'qcvm56789',
}

Concatenating request strings

Format the above sorted request parameters as k=v, and then combine them with "&". Please note that v is the original value, instead of the URL-encoded value.
Action=DescribeInstances&Nonce=345122&Region=gz&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA&Timestamp=1408704141& instanceIds.0=qcvm12345&instanceIds.1=qcvm56789

Concatenating original signature strings

The following parameters are required for constructing original signature strings:
Request method: POST and GET methods are supported. The GET request method is used here.
Request CVM: cvm.api.qcloud.com. Domain names vary depending on the module to which the API belongs. For more information, see the descriptions of each API.
Request path: /v2/index.php.
Request string: the string generated in the previous 2 steps.
Construct an original signature string in the format of: Request method + request CVM + request path + ? + request string.
The resulting string in the example is:
GETcvm.api.qcloud.com/v2/index.php?Action=DescribeInstances&Nonce= 345122&Region=gz&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA&Timestamp=1408704141

Generating a signature string

1. Sign the original signature string obtained in the previous step using the HMAC-SHA1 algorithm.
2. Encode the generated signature using Base64 to obtain the final signature string.
The sample code in PHP is as follows:
$secretKey = 'Gu5t9xGARNpq86cd98joQYCN3Cozk1qA';
$srcStr = 'GETcvm.api.qcloud.com/v2/index.php?Action=DescribeInstances&Nonce=345122&Region=gz&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA&Timestamp=1408704141';
$signStr = base64_encode(hash_hmac('sha1', $srcStr, $secretKey, true));
echo $signStr;
The signature string obtained is as follows:
HgIY****5lN6gz8JsCFBNAWp2oQ=
You can use any other programming languages as long as the resulting signature is the same as the one in this example.

Adding a signature and sending requests

Add the Signature parameter, which is the signature string generated in the previous step, to the request parameter, and convert the signature to a URL-encoded one. The HgIY****5lN6gz8JsCFBNAWp2oQ= signature generated above is encoded to HgIY****5lN6gz8JsCFBNAWp2oQ%3D.
If you use the GET request method, all the request parameter values must be URL-encoded. If you use the POST request method, URL encoding is only needed for Signature parameter.
Send HTTPS protocol request to obtain the returned value of API in JSON string format.
The final request URL in the example is as follows:
https://cvm.api.qcloud.com/v2/index.php?Action=DescribeInstances
&Nonce=345122
&Region=gz
&SecretId=AKID****J5yKBZQpn74WFkmLPx3gnPhESA
&Signature=HgIY****5lN6gz8JsCFBNAWp2oQ%3D
&Timestamp=1408704141
&instanceIds.0=qcvm12345
&instanceIds.1=qcvm56789
이전 주제: Signature Algorithm다음 주제: Successful Response

도움말 및 지원

문제 해결에 도움이 되었나요?

피드백