Calling Instruction
API Authentication Mechanism
Users can interact with Baidu AI Cloud in two ways, including authentication and anonymity. For the authentication method, the sender identity of a request needs to be verified by using the Access Key Id/Secret Access Key encryption method. Access Key Id (AK) is used to indicate the user. Secret Access Key (SK) is the key used by the user to encrypt the authentication string and by Baidu AI Cloud to verify the authentication string. SK must be kept confidential and only be known by the user and Baidu AI Cloud.
When Baidu AI Cloud receives the user's request, the system will use the same SK and the same authentication mechanism to generate the authentication string and compare it with the authentication string contained in the user's request. If the authentication string is the same, the system considers that the user has the specified operation permission and performs the relevant operation. If the authentication string is different, the system ignores the operation and returns the error code. For details of the authentication mechanism, see Authentication mechanism.
Typesetting Agreement
Typesetting format | Significance |
---|---|
< > | Variable |
[ ] | Options available |
{ } | Required |
| | Mutual exclusion |
Monospaced font, Courier New | Screen output |
Time and Date
Date and time can be represented in many ways. For the sake of uniformity, unless it is a convention or an appropriate specification, all the date and time fields specified in the HTTP standard must adopt GMT, and all other date and time fields must adopt UTC and be in accordance with ISO 8601, with the following restrictions::
- All dates should adopt the form of YYYY-MM-DD, for example, 2016-06-01 is represented as Wednesday, June 1st, 2016.
- All time should adopt the form of hh:mm:ss, and add a capital Z at the end to indicate UTC time. For example, 23:00:10Z indicates that UTC time is 23:00:10.
- When combining representations of date and time, add the letter T between the two. For example, 2016-06-01T23:00:10Z indicates that the UTC time is 23:0:10 on Wednesday, June 1, 2016.
General Instructions
API calls follow the HTTP protocol, and each Region adopts a different domain name, and the specific domain name is mongodb.{region}.baidubce.com. The data exchange format is JSON, and all request/response body contents are encoded in UTF-8.
Request Parameters
The request parameters include the following 4 types:
Parameters | Instruction |
---|---|
URI | It is usually used to designate operation entity, such as: POST /v{version}/instance/{instanceId} |
Query parameter | The request parameters carried in the URL |
HEADER | Passed in via HTTP header field, e.g. x-bce-date |
RequestBody | Request data body organized in JSON format |
Return Value
The return value has two forms:
Return content | Description |
---|---|
HTTP STATUS CODE | Such as 200,400,403,404 etc. |
ResponseBody | The body of response data organized in JSON format |
API Version Number
Parameter | Type | Parameter position | Description | Required or not |
---|---|---|---|---|
version | string | URL parameter | API version number, the current API version is v1. | Yes |
Authentication Mechanism
Access Key and request signature are used for all API security authentication. The Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, an authentication string is generated with the algorithm described below. Submit authentication string in Header Fields--Authorization. The server verifies the correctness of the authentication string according to the generation algorithm. The format of the authentication string isbce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}
.
- Version is a positive integer.
- Timestamp is the UTC time when the signature is generated
- ExpirationPeriodInSeconds represents the expiration period of the signature.
- SignedHeaders is the list of header fields involved in the signature algorithm Header domains are separated by(;), such as host ; X-bce-date. The list is in lexicographic order. (API signature only uses host and two headers of x-bce-date)
- Signature is a hexadecimal representation of a 256-bit signature, consisting of 64 lowercase letters.
Definition of Password Encryption and Transmission Specification
All interface parameters involving password need to be encrypted and plaintext transmission is prohibited. All passwords are encrypted by AES 128-bit encryption algorithm, with the first 16 bits of SK as the key. The binary byte stream generated after encryption needs to be converted to hexadecimal and transmitted to the server in the form of string. The specific steps are as follows:
- byte[] bCiphertext= AES(plaintext,SK)
- String strHex = HexStr(bCiphertext)
Idempotent
If the user encounters a request timeout or an internal server error when calling the create interface, the user can try to resend the request, in which case the user avoids creating more resources than expected through the clientToken parameter, guaranteeing the idempotent of the request.
Idempotent is based on clientToken, which is an ASCII string of up to 64 bits in length, usually placed in a query string, such as http://mongodb.bj.baidubce.com/v1/instance?clientToken=be31b98c-5e41-4838-9830-9be700de5a20
.
If the user invokes the creation interface with the same clientToken value, the server returns the same request result. So the user can ensure that only one resource is created by providing the same clientToken value during an error retry. If the user provides a used clientToken, but other request parameters (including the queryString and requestBody) are different, and even the url Path is different, it returns the “IdempotentParameterMismatch” error code.
ClientToken is valid for 24 hours, and that the last time the clientToken was received by the server is considered to be standard. That is to say, it the client sends the same clientToken constantly, then this clientTokem will be valid for a long time.
Error Return
Error Return Format
When an error occurs in the request, return detailed error message via response body, following the format below:
Parameter Name | Type | Description |
---|---|---|
code | string | Error code |
message | string | Error description |
requestId | string | requestId of the request |
Example:
{
"requestId" : "ae2225f7-1c2e-427a-a1ad-5413b762957d",
"code" : "AccessDenied",
"message" : "Access denied."
}
Error Return Code
Error Code | Error Description | HTTP Status Code | Explanation |
---|---|---|---|
AccessDenied | Access denied. | 403 | Operation prohibited |
InvalidAction | Invalid Action. | 400 | Invalid Action. |
InternalFailure | We encountered an internal error Please try again. | 400 | Internal error |
ValidationError | Validation Error. | 400 | Verification failed |
InvalidVersion | The API version specified was invalid. | 400 | Invalid version number |
MissingDateHeader | Request must have a “date” or “x-bce-date” header. | 400 | The Header lacks of ”date” or “x-bce-date” |
MissingAuthToken | Request must have a “authorization” header. | 400 | The header lacks of ”authorization”. |
RequestExpired | Request has expired. | 400 | Request authorization has expired |
ServiceInternalError | Internal service occurs error. | 500 | Internal (unknown) server error |
PaymentFailed | payment failed, please check remaining balance | 403 | Payment fails |
InsufficientBalance | Insufficient balance, please check remaining balance | 403 | Payment fails, insufficient balance |
NoSuchObject | The specified object is not found or resource do not exist. | 404 | The resource does not exist. |
OperationDenied | No permission to accessor or permission error. | 403 | You do not have permission to do this. |
OperationDenied | Operation not available. | 409 | This operation is not allowed under current state of the resource. |
BadRequest | Bad request parameters or illegal request. | 400 | Invalid parameter input |
Public Header
Public Request Header
Public header | Description |
---|---|
Authorization | Include Access Key and request signature |
Content-Type | application/json; charset=utf-8. |
x-bce-date | String representing date, conforming to API specification. |
Host | It indicates the domain name of request API |
x-bce-content-sha256 | Hexadecimal string representing SHA256 signature of content part. Content here refers to the HTTP Request Payload Body. It is the original data before the Content part is encoded by HTTP. |
The standard header field of HTTP protocol is no longer listed here. The common header field appears in every Baidu AI Cloud database DocDB for MongoDB API which is required and where the x-bce-content-sha256 header field appears only in POST and PUT requests. POST, PUT, DELETE and other request data are placed in “request body”.
Public Response Header
Public header | Description |
---|---|
Content-Type | application/json; charset=utf-8. |
x-bce-request-id | The Baidu AI Cloud database DocDB for MongoDB backend is generated and automatically set to the response header field. |