yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
0b3a43371a4bcc99577594de0a685249d676a567
doc-exports/docs/modelarts/api-ref/modelarts_03_0004.html
Wuwan, Qi 78d5ebfce8 ModelArts API 25.3.0 20250710 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: Wuwan, Qi <wuwanqi1@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-committed-by: Wuwan, Qi <wuwanqi1@noreply.gitea.eco.tsi-dev.otc-service.com>
2025-07-28 12:24:54 +00:00

120 lines
16 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000002340898762"></a><a name="EN-US_TOPIC_0000002340898762"></a>
<h1 class="topictitle1">Authentication</h1>
<div id="body1536114969127"><div class="p" id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_p34423277184242">You can use either of the authentication methods below to call APIs. AK/SK-based authentication is recommended because it is more secure than token-based authentication.<ul id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_ul41374043184242"><li id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_li36822067184242">Token-based authentication: General requests are authenticated using tokens.</li><li id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_li62963152184242">AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK.</li></ul>
</div>
<div class="section" id="EN-US_TOPIC_0000002340898762__en-us_topic_0170917208_en-us_topic_0168405764_section2417768214391"><h4 class="sectiontitle">Token-based Authentication</h4><div class="note" id="EN-US_TOPIC_0000002340898762__en-us_topic_0170917208_en-us_topic_0168405764_note133321911123"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000002340898762__en-us_topic_0170917208_en-us_topic_0168405764_p1254514271026">The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.</p>
</div></div>
<p id="EN-US_TOPIC_0000002340898762__en-us_topic_0170917208_en-us_topic_0168405764_p18703477214">A token specifies certain permissions in a computer system. During token-based authentication, the token is added to requests to get permissions for calling the API.</p>
<p id="EN-US_TOPIC_0000002340898762__p4938113918117">In <a href="modelarts_03_0005.html">Making an API Request</a>, the process of calling the API used to obtain a user token is described. </p>
<pre class="screen" id="EN-US_TOPIC_0000002340898762__screen84049561000">{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "<em id="EN-US_TOPIC_0000002340898762__i10299121512419">user_name</em>",
"password": "<em id="EN-US_TOPIC_0000002340898762__i175561812414">user_password</em>",
"domain": {
"name": "<em id="EN-US_TOPIC_0000002340898762__i1258621154113">domain_name</em>"
}
}
}
},
"scope": {
"project": {
"name": "<em id="EN-US_TOPIC_0000002340898762__i032612424111">project_name</em>"
}
}
}
}</pre>
<p id="EN-US_TOPIC_0000002340898762__p175512042712">After a token is obtained, the <strong id="EN-US_TOPIC_0000002340898762__b1805432330112559">X-Auth-Token</strong> header must be added to requests to specify the token when calling other APIs. For example, if the token is <strong id="EN-US_TOPIC_0000002340898762__b6916217120">ABCDEFJ....</strong>, add <strong id="EN-US_TOPIC_0000002340898762__b49177118119">X-Auth-Token: ABCDEFJ....</strong> to a request as follows:</p>
<pre class="screen" id="EN-US_TOPIC_0000002340898762__en-us_topic_0170917208_en-us_topic_0168405764_screen11189101154015">POST https://<em id="EN-US_TOPIC_0000002340898762__i9375175113450">{endpoint}</em>/v1/<em id="EN-US_TOPIC_0000002340898762__i15733621175217">{project_id}</em>/services
Content-Type: application/json
<strong id="EN-US_TOPIC_0000002340898762__en-us_topic_0170917208_en-us_topic_0168405764_b172853338430">X-Auth-Token: ABCDEFJ....</strong></pre>
</div>
<div class="section" id="EN-US_TOPIC_0000002340898762__section7694258719"><h4 class="sectiontitle">AK/SK-based Authentication</h4><p id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_p38992551184055">You can use AK/SK encryption to verify the identity of a request sender. In AK/SK-based authentication, a signature needs to be obtained and then added to requests.</p>
<div class="note" id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_note15388641184055"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_p4280047184055">AK: access key ID, which is a unique identifier used with a secret access key to sign requests cryptographically.</p>
<p class="text" id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_p38520424184055">SK: secret access key, which is used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.</p>
</div></div>
<p id="EN-US_TOPIC_0000002340898762__p1869494712339">The following demo shows how to sign a request and use an HTTP client to send an HTTPS request.</p>
<p id="EN-US_TOPIC_0000002340898762__p5694174711333">Download the demo project at <a href="https://github.com/api-gate-way/SdkDemo" target="_blank" rel="noopener noreferrer">https://github.com/api-gate-way/SdkDemo</a>.</p>
<div class="note" id="EN-US_TOPIC_0000002340898762__note1390973912213"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000002340898762__p890914393214">ModelArts is a regional service. Specify the project ID when calling the API. Therefore, before running the demo project, add the project ID (<strong id="EN-US_TOPIC_0000002340898762__b1585635716717">X-Project-Id</strong>) in line 110 of access() in <strong id="EN-US_TOPIC_0000002340898762__b17856125720710">AccessServicelmpl.java</strong>. For details about how to obtain a project ID, see <a href="modelarts_03_0147.html">Obtaining a Project ID and Name</a>.</p>
</div></div>
<p id="EN-US_TOPIC_0000002340898762__p1694154793314">If you do not need the demo project, visit the following URL to download the API Gateway signing SDK:</p>
<p id="EN-US_TOPIC_0000002340898762__p19866332181318">Obtain the API Gateway signature tool package from the enterprise administrator.</p>
<p id="EN-US_TOPIC_0000002340898762__p146941947123310">Decompress the downloaded package and reference the obtained JAR files as dependencies, as shown below.</p>
<p id="EN-US_TOPIC_0000002340898762__p12389340338"><span><img id="EN-US_TOPIC_0000002340898762__image1417181311514" src="figure/en-us_image_0000002385752073.png" title="Click to enlarge" class="imgResize"></span></p>
<ol id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_ol11139503184055"><li id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_li33146668184055"><span>Generate an AK/SK. (If an AK/SK file has already been obtained, skip this step and locate the downloaded AK/SK file. Generally, the file name will be <strong id="EN-US_TOPIC_0000002340898762__b756942612913">credentials.csv</strong>.)</span><p><div class="note" id="EN-US_TOPIC_0000002340898762__note322121052310"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000002340898762__p16148151217238">If you use a RightCloud account, contact the administrator to obtain the AK/SK.</p>
</div></div>
<ol type="a" id="EN-US_TOPIC_0000002340898762__ol527210192713"><li id="EN-US_TOPIC_0000002340898762__li206391249162717">Log in to the console, enter the <strong id="EN-US_TOPIC_0000002340898762__b1668216376911">My Credentials</strong> page, and choose <strong id="EN-US_TOPIC_0000002340898762__b14682183713910">Access Keys</strong> &gt; <strong id="EN-US_TOPIC_0000002340898762__b26823371093">Create Access Key</strong>.</li><li id="EN-US_TOPIC_0000002340898762__li727212120279">In the <span class="wintitle" id="EN-US_TOPIC_0000002340898762__wintitle1733019411190"><b>Create Access Key</b></span> dialog box that is displayed, use the login password for verification.</li><li id="EN-US_TOPIC_0000002340898762__li6272913275">Click <strong id="EN-US_TOPIC_0000002340898762__b12300124511917">OK</strong>, open the <strong id="EN-US_TOPIC_0000002340898762__b1430014515920">credentials.csv</strong> file, and save the key file as prompted. The access key file is saved to the default download location in your browser. Then, the access key (<strong id="EN-US_TOPIC_0000002340898762__b13197259995">Access Key Id</strong> and <strong id="EN-US_TOPIC_0000002340898762__b3198135918919">Secret Access Key</strong>) is obtained.</li></ol>
</p></li><li id="EN-US_TOPIC_0000002340898762__li157891312153613"><span>Obtain and decompress the demo project.</span></li><li id="EN-US_TOPIC_0000002340898762__li94791126103617"><a name="EN-US_TOPIC_0000002340898762__li94791126103617"></a><a name="li94791126103617"></a><span>Import the demo project to Eclipse.</span><p><div class="fignone" id="EN-US_TOPIC_0000002340898762__fig10881944183710"><span class="figcap"><b>Figure 1 </b>Select an existing project</span><br><span><img id="EN-US_TOPIC_0000002340898762__image14999227121114" src="figure/en-us_image_0000002351867010.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="fignone" id="EN-US_TOPIC_0000002340898762__fig15961458113717"><span class="figcap"><b>Figure 2 </b>Selecting the demo project</span><br><span><img id="EN-US_TOPIC_0000002340898762__image399928151817" src="figure/en-us_image_0000002351876486.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="fignone" id="EN-US_TOPIC_0000002340898762__fig74501929113815"><span class="figcap"><b>Figure 3 </b>Structure of the demo project</span><br><span><img id="EN-US_TOPIC_0000002340898762__image106008101191" src="figure/en-us_image_0000002352037350.png"></span></div>
</p></li><li id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_li55824361184055"><span>Sign the request.</span><p><p id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_p32657207184055">The request signing method is integrated in the JAR files imported in <a href="#EN-US_TOPIC_0000002340898762__li94791126103617">3</a>. Before sending the request, sign the requested content. The obtained signature is included in the HTTP header of the request.</p>
<p id="EN-US_TOPIC_0000002340898762__p48653222398">The demo code is classified into the following classes to demonstrate signing and sending the HTTP request:</p>
<ul id="EN-US_TOPIC_0000002340898762__ul1486512220397"><li id="EN-US_TOPIC_0000002340898762__li38651222193913"><strong id="EN-US_TOPIC_0000002340898762__b201745201416">AccessService</strong>: An abstract class that merges the GET, POST, PUT, and DELETE methods into the access method.</li><li id="EN-US_TOPIC_0000002340898762__li586517224394"><strong id="EN-US_TOPIC_0000002340898762__b10553125391412">Demo</strong>: An execution entry used to simulate the sending of GET, POST, PUT, and DELETE requests.</li><li id="EN-US_TOPIC_0000002340898762__li1786522203918"><strong id="EN-US_TOPIC_0000002340898762__b165392101516">AccessServiceImpl</strong>: Implements the access method, which contains the code required for communication with APIG.</li></ul>
<p id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_p27988144184055">The following describes how to invoke the POST method to sign the request.</p>
<ol type="a" id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_ol50566709184055"><li id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_li52447197184055">Add a request header.<p id="EN-US_TOPIC_0000002340898762__p11504143117410"><a name="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_li52447197184055"></a><a name="en-us_topic_0094388456_li52447197184055"></a>Comment out the following second line of code in the <strong id="EN-US_TOPIC_0000002340898762__b2091331141610">AccessServiceImpl.java</strong> file, and specify the project ID.</p>
<pre class="codeblock" id="EN-US_TOPIC_0000002340898762__codeblock9890155315414">//<strong id="EN-US_TOPIC_0000002340898762__b48999530411">TODO</strong>: Add special headers.
//request.addHeader("X-Project-Id", "<strong id="EN-US_TOPIC_0000002340898762__b9899165315411">xxxxx</strong>");</pre>
</li><li id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_li49063522184055">Edit the main method in the <strong id="EN-US_TOPIC_0000002340898762__b12619193691719">Demo.java</strong> file.<p id="EN-US_TOPIC_0000002340898762__p17237183119420">Replace the bold texts with actual values. If you use other methods, such as POST, PUT, and DELETE, see the corresponding annotations. Replace the values of <strong id="EN-US_TOPIC_0000002340898762__b812765015178">region</strong>, <strong id="EN-US_TOPIC_0000002340898762__b14128185031713">serviceName</strong>, <strong id="EN-US_TOPIC_0000002340898762__b17128105019178">ak</strong>, <strong id="EN-US_TOPIC_0000002340898762__b612817509179">sk</strong>, and <strong id="EN-US_TOPIC_0000002340898762__b41281850181719">url</strong>. The URL for obtaining the VPC is used in the sample project. Replace it with the actual URL. For details about how to obtain the endpoint, see <a href="modelarts_03_0141.html">Regions and Endpoints</a>.</p>
<pre class="codeblock" id="EN-US_TOPIC_0000002340898762__codeblock13684120204813">//TODO: Replace region with the name of the region in which the service to be accessed is located.
private static final String region = "";
//TODO: Replace vpc with the name of the service you want to access. For example, ecs, vpc, iam, and elb.
private static final String serviceName = "";
public static void main(String[] args) throws UnsupportedEncodingException
{
//TODO: Replace the AK and SK with those obtained on the My Credential page.
String ak = "<strong id="EN-US_TOPIC_0000002340898762__b18861248596">ZIRRKMTWP******1WKNKB</strong>";
String sk = "<strong id="EN-US_TOPIC_0000002340898762__b1682213519118">Us0mdMNHk******YrRCnW0ecfzl</strong>";
//TODO: To specify a project ID (multi-project scenarios), add the X-Project-Id header.
//TODO: To access a global service, such as IAM, DNS, CDN, and TMS, add the X-Domain-Id header to specify an account ID.
//TODO: To add a header, find "Add special headers" in the AccessServiceImple.java file.
//TODO: Test the API
String url = "<strong id="EN-US_TOPIC_0000002340898762__b1665025412113">https://{Endpoint}/v1/{project_id}/vpcs</strong>";
get(ak, sk, url);
//TODO: When creating a VPC, replace {project_id} in postUrl with the actual value.
//String postUrl = "https://serviceEndpoint/v1/{project_id}/cloudservers";
//String postbody ="{\"vpc\": {\"name\": \"vpc\",\"cidr\": \"192.168.0.0/16\"}}";
//post(ak, sk, postUrl, postbody);
//TODO: When querying a VPC, replace {project_id} in url with the actual value.
//String url = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}";
//get(ak, sk, url);
//TODO: When updating a VPC, replace {project_id} and {vpc_id} in putUrl with the actual values.
//String putUrl = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}";
//String putbody ="{\"vpc\":{\"name\": \"vpc1\",\"cidr\": \"192.168.0.0/16\"}}";
//put(ak, sk, putUrl, putbody);
//TODO: When deleting a VPC, replace {project_id} and {vpc_id} in deleteUrl with the actual values.
//String deleteUrl = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}";
//delete(ak, sk, deleteUrl);
}</pre>
</li><li id="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_li65392176184055">Compile and run the code to call an API.<p id="EN-US_TOPIC_0000002340898762__p723410494918"><a name="EN-US_TOPIC_0000002340898762__en-us_topic_0094388456_li65392176184055"></a><a name="en-us_topic_0094388456_li65392176184055"></a>In the <strong id="EN-US_TOPIC_0000002340898762__b99461212131913">Package Explorer</strong> area on the left, right-click <strong id="EN-US_TOPIC_0000002340898762__b794716123198">Demo.java</strong>, choose <strong id="EN-US_TOPIC_0000002340898762__b9947512101910">Run AS</strong> &gt; <strong id="EN-US_TOPIC_0000002340898762__b1694731281913">Java Application</strong> from the shortcut menu to run the demo code.</p>
<p id="EN-US_TOPIC_0000002340898762__p4234124134916">You can view the calling logs on the console.</p>
</li></ol>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="modelarts_03_0144.html">Calling APIs</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink