百度智能云
All Product Document

          Object Storage

          • Object Storage
          • >
          • API3.0
          • >
          • How to Call API
          • >
          • Authentication

          Authentication

          Last Updated2021-09-13

          Signature Authentication and Access

          The access Key and request signature mechanism is used for all API security authentication. The Access Key consists of an Access Key ID and a Secret Access Key, which are strings. For each HTTP request, an authentication string is generated using the algorithm described below. The authentication string submitted is put into the Authorization Header Field. The server verifies the correctness of the authentication string based on the generation algorithm. The format of the authentication string is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

          • The “version” number is a positive integer.
          • The "timestamp" is the UTC time when the signature is generated.
          • “ExpirationPeriodInSeconds” indicates the expiration date of the signature.
          • The “signedHeaders” is the list of header fields involved in the signature algorithm. The header domain name is separated by semicolons (;), e.g., host; Xbcedate. The list is in lexicographic order. This API signature only contains two headers, i.e., host and x-bce-date. The signature is only a 256-bit signature in hexadecimal representation, which consists of 64 lowercase letters.

          When Baidu AI Cloud receives the user's request, the system uses the same SK and the same authentication mechanism to generate the authentication string and compare it with the authentication string contained in the user's request. If the authentication string is identical to that contained in the user’s request, the system considers that the user has the specified permission to perform the relevant operation. If the authentication string is different, the system ignores the operation and returns the error code.

          For details on the authentication mechanism, see Authentication Mechanism. You can also watch the video on How to Call API to understand the authentication mechanism.

          Temporary Access Authorization

          BOS can grant a third party temporary access permission through the STS mechanism. For details, refer to [Temporary Access Permission](https://cloud.baidu.com/doc/BOS/s/Tjwvysda9#Temporary Access Authorization).

          Previous
          Construct Request
          Next
          Return Response