Overview
Introduction
PrivateAdasSchedule means that perform DNS schedule for the attacked IP using private ADAS instance. First, the user purchases ADAS instance on Baidu AI Cloud's management console and configures the forwarding rule. When IP is attacked, the user manually calls the trigger schedule interface to schedule the traffic to the Adascomputer room. After cleaning the attack traffic in the Adascomputer room, the user returns the normal traffic to the specified target according to the forwarding rule configured by the existing ADAS instance. When the attack ends, the user manually calls the schedule stopping action interface, and the traffic normally reaches IP. When configuring this scenario, you need to specify the schedule IP, private region and ADAS instance.
If you first call the API of Baidu AI Cloud product, you can watch API Introduction Video Guide to quickly master the API calling method.
Service Domain Name
The product is a global product and the service domain name is adas.baidubce.com.
General Instructions
API call follows the HTTP protocol, and the data exchange format is JSON. All request/response body contents are encoded in UTF-8.The IPs used in the URL parameters are expressed in dotted decimal.
API Authentication Mechanism
The security authentication of all APIs utilizes the Access Key and request signature mechanism. Access Key consists of Access Key ID and Secret Access Key, both of which are strings. For each HTTP request, the algorithm described below is utilized to generate one authentication string. The authentication string is submitted in the Authorization header. The server verifies the correctness of authentication string based on the generating algorithm. The format of the authentication string is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}
.
- The version stands for a positive integer.
- The timestamp stands for the UTC time when the signature is generated.
- The expirationPeriodInSeconds stands for the expiration period of signature.
- The signedHeaders stands for the header list involved in the signature algorithm. The headers are separated by a semicolon (;), e.g. host; x-bce-date. The list is arranged in lexicographic order. (This API signature only utilizes two headers, i.e., host and x-bce-date.)
- The signature is the 256-bit signed sexadecimal notation, and composed of 64 lower-case letters.
After Baidu Cloud receives a request of users, the system will use the same SK and authentication mechanism to generate an authentication string, and compare it with the authentication string contained in the user request. If the two authentication strings are the same, the system considers that the user has the designated operation permission, and executes the related operations; if the two authentication strings are different, the system will ignore the operation and return an error code.
Please refer to the Authentication for details of the authentication mechanism.
Idempotency
Users may try to resend a request if they encounter a request timeout or an internal server error when calling an interface. At this time, users can avoid creating more resources than expected by using the clientToken parameter to ensure the idempotency of the request.
Idempotency is based on clientToken, an ASCII string no longer than 64 bits usually placed in a query string such as http://bcc.bj.baidubce.com/v1/instance? clientToken=be31b98c-5e41-4838-9830-9be700de5a20
.
If the user calls the creation interface with the same clientToken value, the server will return the same request result. Therefore, when the user encounters an error and retries, he can provide the same clientToken value to ensure that only one resource is created. If the user provides a used clientToken, but other request parameters (including queryString and requestBody) are different or even URL path is different, the error code of IdempotentParameterMismatch will be returned.
The clientToken is valid for 24 hours, subject to the last time when the server receives the clientToken. That is, if the client continuously sends the same clientToken, the clientToken will be valid for a long time.
Date and Time Specification
There are various methods to express date and time. For the sake of uniformity, unless it is a convention or a corresponding specification, wherever the date and time is required, UTC time shall be used, ISO 8601 shall be followed , and the following constraints shall be met:
1.Fields expressing the date all utilize the YYYY-MM-DD format, e.g.2014-06-01 which means June 1, 2014. 2.Fields expressing time all utilize the hh:mm:ss format, with the capital letter Z added at the end, which means UTC time. E.g. 23:00:10Z means UTC time: 23:00:10. 3.When the date and time is combined, the capital letter T is added between the two items, e.g. 2014-06-01T23:00:10Z means UTC time: 23:00:10 on June 1, 2014.
Request Parameter
The request parameters include the 4 kinds below:
Parameter Type | Description |
---|---|
URI | Generally used to indicate the operation entity, e.g. PUT / v1/ schedule/{ scheduleId}. |
Query parameter | Request parameters carried in URL. |
HEADER | Passed by the HTTP header, e.g. x-bce-date. |
Requestbody | Request data body organized in JSON format. |
Return Value Description
There are two types of return values:
Return Content | Description |
---|---|
HTTP STATUS CODE | E.g. 200,400,403,404, etc. |
ResponseBody | Response data body organized in JSON format. |
Public Request Header
The following table lists the common headers carried by all AdasSchedule APIs. The standard header of the HTTP protocol is not listed here.
HEADER | Required or not | Description |
---|---|---|
Authorization | Yes | Including Access Key and request signature. |
Content-Type | Yes | application/json; charset=utf-8 |
x-bce-date | No | A string representing the date conforms to the BCE API specification |
Public Response Header
The following table lists the common response headers for all AdasSchedule APIs. The standard response header of the HTTP protocol is not listed here.
HEADER | Description |
---|---|
Content-Type | Only support JSON format, application/json; charset=utf-8 |
x-bce-request-id | AdasSchedule is backend generated and automatically set to the response header |
Error Code
The detailed error information is returned through Response Body in case of a request error, and the following format is followed:
Parameter name | Type | Description |
---|---|---|
code | String | Error code |
message | String | Error description |
requestId | String | RequestID of this request |
Example:
{
"requestId" : "ae2225f7-1c2e-427a-a1ad-5413b762957d",
"code" : "NoSuchKey",
"message" : "The resource you requested does not exist"
}
Public Error Code
Error code | Message | HTTP status code | Semantics |
---|---|---|---|
AccessDenied | Access denied. | 403 Forbidden | No permission to access the corresponding resources |
InappropriateJSON | The JSON you provided was well-formed and valid, but not appropriate for this operation. | 400 Bad Request | The JSON format in the request is correct, but doesn't meet the requirements semantically, such as lack of one necessary item or value type mismatch. For consideration of compatibility, all unrecognizable items should be ignored directly, and this error should not be returned. |
InternalError | We encountered an internal error. Please try again. | 500Internal Server Error | All other undefined errors should not be utilized when there are specific corresponding other types of errors (including generic and service customized errors). |
InvalidAccessKeyId | The Access Key ID you provided does not exist in our records. | 403 Forbidden | The Access Key ID does not exist. |
InvalidHTTPAuthHeader | The HTTP authorization header is invalid. Consult the service documentation for details. | 400 Bad Request | The format of Authorization header is wrong. |
InvalidHTTPRequest | There was an error in the body of your HTTP request. | 400 Bad Request | The HTTP body format is wrong. E.g. inconformity with the designated Encoding, etc. |
InvalidURI | Could not parse the specified URI. | 400 Bad Request | The URI format is incorrect, such as mismatch of some service-defined keywords. For ID mismatch and other problems, a more specific error code should be defined, such as NoSuchKey. |
MalformedJSON | The JSON you provided was not well-formed. | 400 Bad Request | The JSON format is invalid. |
InvalidVersion | The API version specified was invalid. | 404 Not Found | The version number of URI is invalid. |
OptInRequired | A subscription for the service is required. | 403 Forbidden | The corresponding service is not subscribed. |
PreconditionFailed | The specified If-Match header doesn't match the ETag header. | 412 Precondition Failed | Refer to ETag for details. |
RequestExpired | Request has expired. Timestamp date is XXX. | 400 Bad Request | The request has timed out. XXX should be changed to the value of x-bce-date. If there is only Date in the request, the Date should be changed to datetime. |
IdempotentParameterMismatch | The request uses the same client token as a previous, but non-identical request. | 403 Forbidden | The API parameters corresponding to clientToken are non-identical. |
SignatureDoesNotMatch | The request signature we calculated does not match the signature you provided. Check your Secret Access Key and signing method. Consult the service documentation for details. | 400 Bad Request | The signature attached in the Authorization header is inconsistent with the server authentication. |
AdasSchedule Business Error Code
Error code | Error description | HTTP status code | Semantics |
---|---|---|---|
ScheduleInstanceNotFound | The specified schedule instance does not exist. | 404 | The specified schedule instance does not exist. |
UnsupportedScheduleInstanceOperation | The status of specified schedule instance does not support this operation. | 400 | The status of specified schedule instance does not support this operation. |
AdasInstanceIsInvalid | The specified adas instance is invalid. | 400 | The adas instance is invalid. |
ScheduleNatAlreadyExist | The specified schedule nat already exist. | 400 | The schedule nat already exist. |
ScheduleNatNotFound | The specified schedule nat does not exist. | 404 | The schedule nat does not exist. |
VpcInstanceNotFound | The specified vpc instance does not exist. | 404 | The vpc instance does not exist. |
NatInstanceNotFound | The specified nat instance does not exist. | 404 | The nat instance does not exist. |
Glossary
The following table lists the key terms and explanations related to all AdasSchedule APIs.
Noun | Explanation |
---|---|
Scheduling instance IP | The IP of the scheduling service needs to be configured as the user EIP |
Adas instance IP | User pre-configured Adas instance IP |
adasBackendIp | After the scheduling occurs, the source IP of the traffic from adasBackend to the user's backend server |
AdasSchedule Domain Name | Resolve to IP of the scheduling instance under normal circumstances; resolve to IP of the Adas instance after scheduling occurs |