How to Secure CloudMonitor API Call using API Signature on Alibaba Cloud ECS

Question

CloudMonitor APIs in Alibaba Cloud ECS belong to the RPC type and can be called CloudMonitor APIs by sending HTTP requests.

I am calling QueryMetricList to query the monitoring data of ECS instance using this command.

http://metrics.cn-hangzhou.aliyuncs.com/?Action=QueryMetricList
&EndTime=2017-05-17+11%3A30%3A27
&StartTime=2017-05-17+11%3A20%3A27
&Period=60
&Dimensions=%7B%22instanceId%22%3A%22i-abcdefgh123456%22%7D
&Timestamp=2017-03-22T09%3A30%3A57Z
&Project=acs_ecs_dashboard
&Metric=cpu_idle

How to authenticate each API request through the API signature.

I appreciate any assistance with this.

Answer 1

To authenticate API request via the API signature you need Access ID and Access Key Secret.

Let me consider the Access ID and Access Key Secret as Key and Value respectively:

Your request before adding the signature:

http://metrics.cn-hangzhou.aliyuncs.com/?Action=QueryMetricList
&EndTime=2017-05-17+11%3A30%3A27
&StartTime=2017-05-17+11%3A20%3A27
&Period=60
&Dimensions=%7B%22instanceId%22%3A%22i-abcdefgh123456%22%7D
&Timestamp=2017-03-22T09%3A30%3A57Z
&Project=acs_ecs_dashboard
&AccessKeyId=Key
&SignatureMethod=HMAC-SHA1
&Metric=cpu_idle

AccessKey Secret is value, and the key used for HMAC calculation is value&. Then the signature value is calculated.

Add the signature value to the above API Request.

For instance, Let me consisder signature = "sdsdfasdfa" then the request will be:

http://metrics.cn-hangzhou.aliyuncs.com/?Action=QueryMetricList
&EndTime=2017-05-17+11%3A30%3A27
&StartTime=2017-05-17+11%3A20%3A27
&Period=60
&Dimensions=%7B%22instanceId%22%3A%22i-abcdefgh123456%22%7D
&Timestamp=2017-03-22T09%3A30%3A57Z
&Project=acs_ecs_dashboard
&AccessKeyId=Key
&SignatureMethod=HMAC-SHA1
&Signature="sdsdfasdfa"
&Metric=cpu_idle