Management Credential

The management credential accessToken is a security token used by the object storage service to verify the legitimacy of resource management interface requests. It is recommended to use such credentials only on the business server side to avoid abuse due to accidental authorization.

To construct the management credential, the following two pieces of data are needed:

• Security Key (SecretKey)
  Please obtain the SK from the key administrator of the object storage platform.
• Access Key (AccessKey)
  Please obtain the AK from the key administrator of the object storage platform.

Management Credential Generation Algorithm

1. Construct the String to be Signed (signingStr)

Extract the following elements from the HTTP request:

• <path>: API path (e.g., /list)
• <query>: URL query parameters (e.g., bucket=test&limit=100)
• <body>: Raw data of the request body

Combination rules (select based on the scenario):

Practical usage examples:

# Example 1: List resources interface
path = "/list"
query = "bucket=user-data&limit=50"
signingStr = f"{path}?{query}\n"  # Must end with a newline

# Example 2: Audio/video processing interface
path = "/fops"
body = '{"operation":"transcode","format":"mp4"}'
signingStr = f"{path}\n{body}"    # Separated by a newline between path and body

2. Generate HMAC-SHA1 Signature

Use the SecretKey to provide an HMAC-SHA1 signature for signingStr to obtain Sign

Sign = hmac_sha1(signingStr, "<SecretKey>")

3. URL-Safe Base64 Encode the Signature Data

Perform URL-safe Base64 encoding on the signature data Sign to obtain encodeSign

encodeSign = urlsafe_base64_encode(Sign)

4. Construct the Management Credential

Join AccessKey and encodeSign according to the rules below to obtain the management credential accessToken

accessToken = <AccessKey>:<encodeSign>