API requests sent by third-party applications to public cloud services must be authenticated using signatures.