General Description
Identity Verification
Before using VPC API, you need to make identity verification. If you haven't subscribed the identity verification, please go to the Official Website of Console to make identity verification under the security authentication. Refer to Identity Verification Operation.
When a user failing to pass the identity verification submits a API request, the following error codes will be returned:
Error return code | Error message | Status code | Description |
---|---|---|---|
QualifyNotPass | The User has not pass qualify | 403 | Account has not passed Identity Verification |
API Authentication Mechanism
You can interact with Baidu AI Cloud by two means, including authentication method and anonymous method. For authentication method, you need to verify the identity of a request sender by using Access Key Id / Secret Keyencryption method. Access Key Id (AK) is used to identify users, and Secret Key(SK) is a key used by users to encrypt authentication string and by Baidu AI Cloud to verify the authentication string, where SK must be confidential, which can only be known by users and Baidu AI Cloud.
After Baidu AI Cloud receives a request of users, the system will use the same SK and authentication mechanism to generate an authentication string, and compare it with the authentication string contained in the user request. If the two authentication strings are the same, the system considers that the user has the designated operation permission, and executes the related operations; if the two authentication strings are different, the system will ignore the operation and return an error code. For details of authentication mechanism, please see Authentication Mechanism.
Code Encryption Transmission Specification Definition
All password-involved interface parameters should be encrypted, and forbidden to be transmitted in clear text. All passwords utilize the AES 128-bit encryption algorithm for encryption, and the first 16 bits of SK are utilized as the key. The binary byte streams generated after encryption should be converted into the sexadecimal byte streams, and transmitted to the service side in the form of strings. The specific procedures are as follows:
- byte[] bCiphertext = AES(clear text, SK)
- String strHex = HexStr(bCiphertext)
Idempotency
If a request timeout or internal server error occurs when the create interface is called, the user may try to resend the request. At this time, the user can avoid creating more resources than expected through the clientToken parameter, that is, to ensure the idempotence of the request.
Idempotency is based on clientToken, an ASCII string no longer than 64 bits usually placed in a query string such as http://bcc.bj.baidubce.com/v1/instance? clientToken=be31b98c-5e41-4838-9830-9be700de5a20
.
If the user calls the creation interface with the same clientToken value, the server will return the same request result. Therefore, when the user encounters an error and retries, he can provide the same clientToken value to ensure that only one resource is created. If the user provides a used clientToken, but other request parameters (including queryString and requestBody) are different or even URL path is different, the error code of IdempotentParameterMismatch will be returned.
The clientToken is valid for 24 hours, subject to the last time when the server receives the clientToken. That is, if the client continuously sends the same clientToken, the clientToken will be valid for a long time.
Typesetting Agreement
Typesetting format | Meaning |
---|---|
< > | Variable |
[ ] | Optional |
{ } | Mandatory |
| | Mutually exclusive relationship |
Equal width font Courier New | Screen output |
Request Parameter
The data exchange format is JSON, and all request/response body contents are encoded in UTF-8.
The request parameters include the 4 kinds below:
Parameter Type | Description |
---|---|
URI | Usually used to indicate the operation entity, such as PUT /v1/vpc/{vpc} |
Query parameter | Request parameters carried in URL |
HEADER | Incoming through html header field, such as: x-bce-date |
RequestBody | Request data body organized in JSON format |
Return Value Description
There are two types of return values:
Return Content | Description |
---|---|
HTTP STATUS CODE | E.g. 200,400,403,404, etc. |
ResponseBody | Response data body organized in JSON format |
API Version Number
Parameter | Type | Parameter position | Description | Required or not |
---|---|---|---|---|
version | String | URL parameter | API version number, current API version v1 | Yes |