百度智能云

All Product Document

          Anti-DDoS Service

          Overview

          Introduction

          PrivateAdasSchedule means that perform DNS schedule for the attacked IP using private ADAS instance. First, the user purchases ADAS instance on Baidu AI Cloud's management console and configures the forwarding rule. When IP is attacked, the user manually calls the trigger schedule interface to schedule the traffic to the Adascomputer room. After cleaning the attack traffic in the Adascomputer room, the user returns the normal traffic to the specified target according to the forwarding rule configured by the existing ADAS instance. When the attack ends, the user manually calls the schedule stopping action interface, and the traffic normally reaches IP. When configuring this scenario, you need to specify the schedule IP, private region and ADAS instance.

          If you first call the API of Baidu AI Cloud product, you can watch API Introduction Video Guide to quickly master the API calling method.

          Service Domain Name

          The product is a global product and the service domain name is adas.baidubce.com.

          General Instructions

          API call follows the HTTP protocol, and the data exchange format is JSON. All request/response body contents are encoded in UTF-8.The IPs used in the URL parameters are expressed in dotted decimal.

          API Authentication Mechanism

          The security authentication of all APIs utilizes the Access Key and request signature mechanism. Access Key consists of Access Key ID and Secret Access Key, both of which are strings. For each HTTP request, the algorithm described below is utilized to generate one authentication string. The authentication string is submitted in the Authorization header. The server verifies the correctness of authentication string based on the generating algorithm. The format of the authentication string is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

          • The version stands for a positive integer.
          • The timestamp stands for the UTC time when the signature is generated.
          • The expirationPeriodInSeconds stands for the expiration period of signature.
          • The signedHeaders stands for the header list involved in the signature algorithm. The headers are separated by a semicolon (;), e.g. host; x-bce-date. The list is arranged in lexicographic order. (This API signature only utilizes two headers, i.e., host and x-bce-date.)
          • The signature is the 256-bit signed sexadecimal notation, and composed of 64 lower-case letters.

          After Baidu Cloud receives a request of users, the system will use the same SK and authentication mechanism to generate an authentication string, and compare it with the authentication string contained in the user request. If the two authentication strings are the same, the system considers that the user has the designated operation permission, and executes the related operations; if the two authentication strings are different, the system will ignore the operation and return an error code.

          Please refer to the Authentication for details of the authentication mechanism.

          Idempotency

          Users may try to resend a request if they encounter a request timeout or an internal server error when calling an interface. At this time, users can avoid creating more resources than expected by using the clientToken parameter to ensure the idempotency of the request.

          Idempotency is based on clientToken, an ASCII string no longer than 64 bits usually placed in a query string such as http://bcc.bj.baidubce.com/v1/instance? clientToken=be31b98c-5e41-4838-9830-9be700de5a20.

          If the user calls the creation interface with the same clientToken value, the server will return the same request result. Therefore, when the user encounters an error and retries, he can provide the same clientToken value to ensure that only one resource is created. If the user provides a used clientToken, but other request parameters (including queryString and requestBody) are different or even URL path is different, the error code of IdempotentParameterMismatch will be returned.

          The clientToken is valid for 24 hours, subject to the last time when the server receives the clientToken. That is, if the client continuously sends the same clientToken, the clientToken will be valid for a long time.

          Date and Time Specification

          There are various methods to express date and time. For the sake of uniformity, unless it is a convention or a corresponding specification, wherever the date and time is required, UTC time shall be used, ISO 8601 shall be followed , and the following constraints shall be met:

          1.Fields expressing the date all utilize the YYYY-MM-DD format, e.g.2014-06-01 which means June 1, 2014. 2.Fields expressing time all utilize the hh:mm:ss format, with the capital letter Z added at the end, which means UTC time. E.g. 23:00:10Z means UTC time: 23:00:10. 3.When the date and time is combined, the capital letter T is added between the two items, e.g. 2014-06-01T23:00:10Z means UTC time: 23:00:10 on June 1, 2014.

          Request Parameter

          The request parameters include the 4 kinds below:

          Parameter Type Description
          URI Generally used to indicate the operation entity, e.g. PUT / v1/ schedule/{ scheduleId}.
          Query parameter Request parameters carried in URL.
          HEADER Passed by the HTTP header, e.g. x-bce-date.
          Requestbody Request data body organized in JSON format.

          Return Value Description

          There are two types of return values:

          Return Content Description
          HTTP STATUS CODE E.g. 200,400,403,404, etc.
          ResponseBody Response data body organized in JSON format.

          Public Request Header

          The following table lists the common headers carried by all AdasSchedule APIs. The standard header of the HTTP protocol is not listed here.

          HEADER Required or not Description
          Authorization Yes Including Access Key and request signature.
          Content-Type Yes application/json; charset=utf-8
          x-bce-date No A string representing the date conforms to the BCE API specification

          Public Response Header

          The following table lists the common response headers for all AdasSchedule APIs. The standard response header of the HTTP protocol is not listed here.

          HEADER Description
          Content-Type Only support JSON format, application/json; charset=utf-8
          x-bce-request-id AdasSchedule is backend generated and automatically set to the response header

          Error Code

          The detailed error information is returned through Response Body in case of a request error, and the following format is followed:

          Parameter name Type Description
          code String Error code
          message String Error description
          requestId String RequestID of this request

          Example:

          {
          	"requestId" : "ae2225f7-1c2e-427a-a1ad-5413b762957d",
          	"code" : "NoSuchKey",
          	"message" : "The resource you requested does not exist"
          }

          Public Error Code

          Error code Message HTTP status code Semantics
          AccessDenied Access denied. 403 Forbidden No permission to access the corresponding resources
          InappropriateJSON The JSON you provided was well-formed and valid, but not appropriate for this operation. 400 Bad Request The JSON format in the request is correct, but doesn't meet the requirements semantically, such as lack of one necessary item or value type mismatch. For consideration of compatibility, all unrecognizable items should be ignored directly, and this error should not be returned.
          InternalError We encountered an internal error. Please try again. 500Internal Server Error All other undefined errors should not be utilized when there are specific corresponding other types of errors (including generic and service customized errors).
          InvalidAccessKeyId The Access Key ID you provided does not exist in our records. 403 Forbidden The Access Key ID does not exist.
          InvalidHTTPAuthHeader The HTTP authorization header is invalid. Consult the service documentation for details. 400 Bad Request The format of Authorization header is wrong.
          InvalidHTTPRequest There was an error in the body of your HTTP request. 400 Bad Request The HTTP body format is wrong. E.g. inconformity with the designated Encoding, etc.
          InvalidURI Could not parse the specified URI. 400 Bad Request The URI format is incorrect, such as mismatch of some service-defined keywords. For ID mismatch and other problems, a more specific error code should be defined, such as NoSuchKey.
          MalformedJSON The JSON you provided was not well-formed. 400 Bad Request The JSON format is invalid.
          InvalidVersion The API version specified was invalid. 404 Not Found The version number of URI is invalid.
          OptInRequired A subscription for the service is required. 403 Forbidden The corresponding service is not subscribed.
          PreconditionFailed The specified If-Match header doesn't match the ETag header. 412 Precondition Failed Refer to ETag for details.
          RequestExpired Request has expired. Timestamp date is XXX. 400 Bad Request The request has timed out. XXX should be changed to the value of x-bce-date. If there is only Date in the request, the Date should be changed to datetime.
          IdempotentParameterMismatch The request uses the same client token as a previous, but non-identical request. 403 Forbidden The API parameters corresponding to clientToken are non-identical.
          SignatureDoesNotMatch The request signature we calculated does not match the signature you provided. Check your Secret Access Key and signing method. Consult the service documentation for details. 400 Bad Request The signature attached in the Authorization header is inconsistent with the server authentication.

          AdasSchedule Business Error Code

          Error code Error description HTTP status code Semantics
          ScheduleInstanceNotFound The specified schedule instance does not exist. 404 The specified schedule instance does not exist.
          UnsupportedScheduleInstanceOperation The status of specified schedule instance does not support this operation. 400 The status of specified schedule instance does not support this operation.
          AdasInstanceIsInvalid The specified adas instance is invalid. 400 The adas instance is invalid.
          ScheduleNatAlreadyExist The specified schedule nat already exist. 400 The schedule nat already exist.
          ScheduleNatNotFound The specified schedule nat does not exist. 404 The schedule nat does not exist.
          VpcInstanceNotFound The specified vpc instance does not exist. 404 The vpc instance does not exist.
          NatInstanceNotFound The specified nat instance does not exist. 404 The nat instance does not exist.

          Glossary

          The following table lists the key terms and explanations related to all AdasSchedule APIs.

          Noun Explanation
          Scheduling instance IP The IP of the scheduling service needs to be configured as the user EIP
          Adas instance IP User pre-configured Adas instance IP
          adasBackendIp After the scheduling occurs, the source IP of the traffic from adasBackend to the user's backend server
          AdasSchedule Domain Name Resolve to IP of the scheduling instance under normal circumstances; resolve to IP of the Adas instance after scheduling occurs
          Previous
          ADAS Automation Schedule API Reference
          Next
          Schedule instance Related Interface