Management Credential

最終更新日:2022-03-01 18:00:49

Description

The management credential accessToken is used by cloud storage to verify the validity of the resource management interface request. This type of credential is recommended for use only at the business server side to avoid abuse due to accidental authorization.

  • Security Key (SecretKey)
    Please obtain the SK from the cloud storage platform key administrator.
  • Access Key (AccessKey)
    Please obtain the AK from the cloud storage platform key administrator.

Management Credential Algorithm

Data To Be Signed

Extract < path > or < path > ? < query > portion and ==< body > ==(i.e. HTTP Body) from the request URL, and join them using \n to obtain signingStr

The 4 kinds of situations are as follows:

    signingStr = "<path>?<query>\n" 
Or  signingStr = "<path>?<query>\n<body>"
Or  signingStr = "<path>\n"
Or  signingStr = "<path>\n<body>"

For example:

List Resources interface
<path>:/list
<query>:bucket=<Bucket>&marker=<Marker>&limit=<Limit>&prefix=<Urlsafe_Base64_Encoded_Prefix>&mode=<Mode>
<body>: None
Then signingStr = "/list?bucket=<Bucket>&marker=<Marker>&limit=<Limit>&prefix=<Urlsafe_Base64_Encoded_Prefix>&mode=<Mode>\n"
Audio/video processing (avthumb/vframe) interface
<path>:/fops
<body>:<RequestParams>, i.e. the corresponding request content
Then signingStr ="/fops\n<RequestParams>"

HMAC-SHA1 Signature Data

Use SecretKey to provide HMAC-SHA1 signature for signingStr to obtain Sign

Sign = hmac_sha1(signingStr,"<SecretKey>")

External resource: HMAC-SHA1 Signature
Sample code: HMAC-SHA1 Signature

URL-Safe Base64 Encoded Signature Data

Perform URL-Safe Base64 Encoding for the signature data Sign to obtain encodeSign

encodeSign = urlsafe_base64_encode(Sign)

Generate Management Credential

Join AccessKey and encodeSign using : to obtain the management credential accessToken

accessToken = < AccessKey >:< encodeSign >