To ensure that the source of the request received by the backend is reliable, the gateway provides the backend key signature verification function. Create a key and bind the key to a specific API to enable the backend signature.

After the backend key is turned on, the gateway will add specific signature verification information when requesting the backend, and then the backend will also perform the corresponding signature calculation locally and compare it with the signature information of the gateway. The backend key is calculated by a custom key and secret. For a specific introduction to the signature generation algorithm, please refer to Authorization and Authentication Mechanism. Please note that the key and secret in the gateway backend key correspond to the AK and SK in the reference materials respectively.

Create Backend Key

Under the gateway category in the AI Cloud console interface, you can create the backend key after selecting the backend key management.

• Each user can create 30 backend keys. If you need to create more backend keys, please submit a ticket.
• The name of the backend key under an account is unique.
• If the key is not filled in, the gateway will automatically generate a 32-character key.
• If the secret is not filled, the gateway will automatically generate a 64-character random secret.

Edit and Delete Backend Keys

On the following key list page, you can view the created backend keys in pages, and edit and delete the backend keys.

• When editing, you will be asked to re-enter the secret of the backend key. If you want to change attributes other than secret, please record the original secret first and fill it in again when editing.
• When deleting a backend key, please make sure that the current backend key does not have an API bound to it, otherwise the deletion will fail.

Backend Key Details and Management

Click the name of the backend key on the backend key list page, and you can enter the backend key details page.

On the details page, you can view the key and secret of the backend key. In addition, on the details page, you can view the specific API bound to the backend key, and you can also view and unbind the API.

• SMS verification is required to view the secret

Bind the Backend Key to the API

The backend key will only take effect after binding to a specific API. You can bind the API on the backend key list page.

After clicking Bind API on the list page, you can perform API binding.

In the details page of binding API, you can select the API under a certain group and in a certain environment.

Unbind the Backend Key from the API

On the backend key details page, you can perform API unbinding operations.

In the details page, you can unbind a single API, or you can unbind batches after selecting the bound APIs.

Backend Verification API Signature Information

After the API is bound to the backend key, the gateway will put the signature in the request header X-Bce-Gateway-Auth when forwarding the request. Therefore, when performing signature verification on the backend, you should obtain the above header information and compare it with the signature information you calculated. For the specific signature generation algorithm, please refer to Authentication Mechanism.