• Cloud Server Backup Service

  1. Help Center
  2. Cloud Server Backup Service
  3. API Reference
  4. Environment Preparations
  5. Obtaining Request Authentication Information

Obtaining Request Authentication Information

You can use either of the following authentication methods when calling APIs:
  • Token authentication: Requests are authenticated using tokens.
  • AK/SK authentication: Requests are encrypted using the access key ID (AK)/secret access key (SK). AK/SK authentication is recommended because it is more secure than token authentication.

Token Authentication

If you use a token for authentication, you must obtain the token and add X-Auth-Token to the request header of the API when making a call.

  1. Send POST https://IAM endpoint/v3/auth/tokens. Obtain the Identity and Access Management (IAM) endpoint and region name in the message body.

    See Regions and Endpoints.

    An example request message is as follows:

    Replace the item in italic in the following example with actual ones. For details, see Obtaining a User Token.

      "auth": {
        "identity": {
          "methods": [
          "password": {
            "user": {
              "name": "username",
              "password": "password",
              "domain": {
                "name": "domainname"
        "scope": {
          "project": {
             "name": "aaa" 

  2. Obtain the token. After the request is processed, the value of X-Subject-Token in the header is the token value.
  3. Make a call to the API, add X-Auth-Token to the request header, and set its value of X-Auth-Token to the token obtained in 2.

AK/SK Authentication

Use AK/SK encryption to verify the identity of a request sender. If you use the AK/SK for authentication, you must obtain the signature through the request signing process and add the signature to the headers of API requests.


AK: indicates the ID of the access key. AK is used together with SK to obtain an encrypted signature for a request.

SK: indicates the secret access key used together with the access key ID to sign requests. AK and SK can be used together to identify a request sender to prevent the request from being modified.

The following uses a demo to show how to sign a request and use an HTTP client to send an HTTPS request.

Download the demo from https://docs.otc.t-systems.com/en-us/api/apiug/apig-en-api-180328008.html.

If you do not need the demo, download the API Gateway signing SDK from the following link:


Decompress the downloaded demo package to obtain a JAR file and reference the file to a dependency path.

Figure 1 Introducing the API Gateway signing SDK

  1. Generate the AK/SK. (If an AK/SK file has been obtained, skip this step and find the downloaded AK/SK file. Generally, the file name is credentials.csv.)

    1. Log in to the management console.
    2. Hover the mouse over the username and select My Credential from the drop-down list.
    1. On the My Credentials page, click Access Keys.
    2. Click Add Access Key.
    3. Enter the authentication code received in the email.
    4. Click OK to download the access key.

      To prevent the access key from being leaked, keep it secure.

  2. Obtain and decompress the demo to obtain a JAR file.
  3. Import the demo to Eclipse.

    Figure 2 Importing the demo
    Figure 3 Selecting the decompressed demo
    Figure 4 Example structure

  4. Sign the request.

    The signature method is integrated into the JAR file imported in 3. Before sending the request, you need to sign the requested content. The obtained signature is included in the HTTP header of the request.

    The code is classified into the following parts to demonstrate request signing and HTTP request sending.

    • AccessService: indicates the abstract class that converts the GET, POST, PUT, and DELETE methods into the access method.
    • Demo: indicates the execution entry used to simulate GET, POST, PUT, and DELETE request sending.
    • AccessServiceImpl: indicates the implementation of the access method, which contains the code required for API Gateway communication.
    1. Edit the main() method in the Demo.java file to replace the following content with actual values.

      If you use other methods such as POST, PUT, or DELETE, see the corresponding comment method.

      Replace region, serviceName, AK/SK, and URL. In the demo, the URL for obtaining the VPC is used. Replace it with the required URL.

      For how to obtain the project ID in the URL, see Obtaining a Project ID. For details about the endpoint, .

      //TODO: Replace region with the name of the region in which the service to be accessed is located. 
      private static final String region = "";
      //TODO: Replace vpc with the name of the service you want to access. For example, ecs, vpc, iam, and elb.
      private static final String serviceName = "";
      public static void main(String[] args) throws UnsupportedEncodingException
      //TODO: Replace the AK and SK with those obtained on the My Credential page.
      String ak = "ZIRRKMTWP******1WKNKB";
      String sk = "Us0mdMNHk******YrRCnW0ecfzl";
      //TODO: To specify a project ID (multi-project scenarios), add the X-Project-Id header.
      //TODO: To access a global service, such as IAM, DNS, CDN, and TMS, add the X-Domain-Id header to specify an account ID.
      //TODO: To add a header, find "Add special headers" in the AccessServiceImple.java file.
      //TODO: Test the API
      String url = "https://{Endpoint}/v1/{project_id}/vpcs";
      get(ak, sk, url);
      //TODO: When creating a VPC, replace {project_id} in postUrl with the actual value.
      //String postUrl = "https://serviceEndpoint/v1/{project_id}/cloudservers";
      //String postbody ="{\"vpc\": {\"name\": \"vpc\",\"cidr\": \"\"}}";
      //post(ak, sk, postUrl, postbody);
      //TODO: When querying a VPC, replace {project_id} in url with the actual value.
      //String url = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}";
      //get(ak, sk, url);
      //TODO: When updating a VPC, replace {project_id} and {vpc_id} in putUrl with the actual values.
      //String putUrl = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}";
      //String putbody ="{\"vpc\":{\"name\": \"vpc1\",\"cidr\": \"\"}}";
      //put(ak, sk, putUrl, putbody);
      //TODO: When deleting a VPC, replace {project_id} and {vpc_id} in deleteUrl with the actual values.
      //String deleteUrl = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}";
      //delete(ak, sk, deleteUrl);
    2. Compile and call the API.

      In the Package Explorer area on the left, locate Demo.java, choose Run AS > Java Application, and click Run.

      You can view API call logs on the console.