Initialization

CSN

  • API Reference
    • API function release records
    • Appendix
    • Bandwidth Package Related
      • Bandwidth package price inquiry
      • Bandwidth upgrade-downgrade for the bandwidth package
      • Bind a bandwidth package to a Cloud Smart Network
      • Create bandwidth package
      • Delete bandwidth package
      • Query bandwidth package list
      • Query the specified bandwidth package details
      • Unbind a bandwidth package from a Cloud Smart Network
      • Update bandwidth package
    • Cloud Smart Network Related
      • Create a Cloud Smart Network
      • Delete a Cloud Smart Network
      • Network instances loaded by the Cloud Smart Network
      • Network instances unloaded by the Cloud Smart Network
      • Query Cloud Smart Network details
      • Query Cloud Smart Network instance list
      • Query the list of Cloud Smart Network
      • Update a Cloud Smart Network
    • Common Headers and Error Responses
    • General Description
    • Ingress Management Related Interfaces
      • Add a routing entry
      • Create affiliation
      • Create learning relationship
      • Delete a learning relationship
      • Delete a routing entry
      • Delete an association relationship
      • Query association relationships
      • Query learning relationships
      • Query route table list
      • Query routing entries
    • Interface Overview
    • Region Bandwidth Related Interfaces
      • Create cross-region bandwidth
      • Delete cross-region bandwidth
      • Query cross-region bandwidth
      • Query the cross-region bandwidth of the specified Cloud Smart Network
      • Update cross-region bandwidth
    • Service domain
    • TGW Related Interfaces
      • Query routing entries of a TGW
      • Query TGW list
      • Update TGW information
  • FAQs
    • Consultation
  • Function Release Records
  • Operation guide
    • Cross-Account Authorization Management
      • Cancel Authorized Network Instance
      • Create Authorized Network Instance
      • Delete Authorized Network Instance
      • View Authorized Network Instance
    • Cross-Region Bandwidth Package Management
    • CSN Instance
      • Create CSN Instance
      • Delete CSN Instance
      • Modify CSN Instance
    • Identity and access management
    • Monitor and Operations
      • CSN Instance Diagnosis
    • Network instance
      • Add Cross-Account Network Instance
      • Add Local Account Network Instance
      • Adjust Network Instance Bandwidth
      • Uninstall Network Instance
    • Region Bandwidth Management
      • Adjust Region Bandwidth
      • Create cross-region bandwidth
      • Delete cross-region bandwidth
    • Route management
      • Association Relationship
        • Create affiliation
        • Delete affiliation
      • Custom route tables
        • Create custom route table
        • Delete custom route table
        • View Custom Route Table
      • Learning Relationship
        • Add Custom Route Entry
        • Create learning relationship
        • Delete Custom Route Entry
        • Delete learning relationship
        • Publish and Revoke Network Instance Route
        • View Route Entry
    • Tag Management
  • Product Description
    • Application scenarios
    • Introduction
    • Usage restrictions
  • Product pricing
  • SDK
    • GO-SDK
      • Bandwidth package
      • CSN Instance
      • Exception handling
      • Initialization
      • Install
      • Overview
      • Region Bandwidth
      • Route management
      • TGW
    • Java-SDK
      • CSN
      • Exception handling
      • Initialization
      • Install the SDK Package
      • Overview
      • Version history
    • Python-SDK
      • Bandwidth package
      • CSN Instance
      • Initialization
      • Region Bandwidth
      • Route management
      • TGW
  • Service Level Agreement (SLA)
    • Cloud Smart Network Service Level Agreement SLA
  • Typical Practices
    • CSN supports VPC custom route tables for secure traffic access
    • Multi-IDC Disaster Recovery via Cloud Smart Network
    • Multi-IDC Interconnection via Cloud Smart Network
    • Private Network VPC Interconnection with Edge Network
All documents
menu
No results found, please re-enter

CSN

  • API Reference
    • API function release records
    • Appendix
    • Bandwidth Package Related
      • Bandwidth package price inquiry
      • Bandwidth upgrade-downgrade for the bandwidth package
      • Bind a bandwidth package to a Cloud Smart Network
      • Create bandwidth package
      • Delete bandwidth package
      • Query bandwidth package list
      • Query the specified bandwidth package details
      • Unbind a bandwidth package from a Cloud Smart Network
      • Update bandwidth package
    • Cloud Smart Network Related
      • Create a Cloud Smart Network
      • Delete a Cloud Smart Network
      • Network instances loaded by the Cloud Smart Network
      • Network instances unloaded by the Cloud Smart Network
      • Query Cloud Smart Network details
      • Query Cloud Smart Network instance list
      • Query the list of Cloud Smart Network
      • Update a Cloud Smart Network
    • Common Headers and Error Responses
    • General Description
    • Ingress Management Related Interfaces
      • Add a routing entry
      • Create affiliation
      • Create learning relationship
      • Delete a learning relationship
      • Delete a routing entry
      • Delete an association relationship
      • Query association relationships
      • Query learning relationships
      • Query route table list
      • Query routing entries
    • Interface Overview
    • Region Bandwidth Related Interfaces
      • Create cross-region bandwidth
      • Delete cross-region bandwidth
      • Query cross-region bandwidth
      • Query the cross-region bandwidth of the specified Cloud Smart Network
      • Update cross-region bandwidth
    • Service domain
    • TGW Related Interfaces
      • Query routing entries of a TGW
      • Query TGW list
      • Update TGW information
  • FAQs
    • Consultation
  • Function Release Records
  • Operation guide
    • Cross-Account Authorization Management
      • Cancel Authorized Network Instance
      • Create Authorized Network Instance
      • Delete Authorized Network Instance
      • View Authorized Network Instance
    • Cross-Region Bandwidth Package Management
    • CSN Instance
      • Create CSN Instance
      • Delete CSN Instance
      • Modify CSN Instance
    • Identity and access management
    • Monitor and Operations
      • CSN Instance Diagnosis
    • Network instance
      • Add Cross-Account Network Instance
      • Add Local Account Network Instance
      • Adjust Network Instance Bandwidth
      • Uninstall Network Instance
    • Region Bandwidth Management
      • Adjust Region Bandwidth
      • Create cross-region bandwidth
      • Delete cross-region bandwidth
    • Route management
      • Association Relationship
        • Create affiliation
        • Delete affiliation
      • Custom route tables
        • Create custom route table
        • Delete custom route table
        • View Custom Route Table
      • Learning Relationship
        • Add Custom Route Entry
        • Create learning relationship
        • Delete Custom Route Entry
        • Delete learning relationship
        • Publish and Revoke Network Instance Route
        • View Route Entry
    • Tag Management
  • Product Description
    • Application scenarios
    • Introduction
    • Usage restrictions
  • Product pricing
  • SDK
    • GO-SDK
      • Bandwidth package
      • CSN Instance
      • Exception handling
      • Initialization
      • Install
      • Overview
      • Region Bandwidth
      • Route management
      • TGW
    • Java-SDK
      • CSN
      • Exception handling
      • Initialization
      • Install the SDK Package
      • Overview
      • Version history
    • Python-SDK
      • Bandwidth package
      • CSN Instance
      • Initialization
      • Region Bandwidth
      • Route management
      • TGW
  • Service Level Agreement (SLA)
    • Cloud Smart Network Service Level Agreement SLA
  • Typical Practices
    • CSN supports VPC custom route tables for secure traffic access
    • Multi-IDC Disaster Recovery via Cloud Smart Network
    • Multi-IDC Interconnection via Cloud Smart Network
    • Private Network VPC Interconnection with Edge Network
  • Document center
  • arrow
  • CSN
  • arrow
  • SDK
  • arrow
  • GO-SDK
  • arrow
  • Initialization
Table of contents on this page
  • Confirm Endpoint
  • Retrieve access key
  • Create a new CSN client
  • Create a new CSN client with AK/SK
  • Create a CSN client with STS
  • Configure the CSN client
  • Use a proxy
  • Set network parameters
  • Configure options for generating signature strings

Initialization

Updated at:2025-11-11

Confirm Endpoint

The service domain name of Cloud Smart Network API is: csn.baidubce.com

The API supports both HTTP and HTTPS call methods. For enhanced data security, it is advised to use HTTPS for communication.

Retrieve access key

To utilize Baidu AI Cloud Object Storage (CSN), you need a valid AK (Access Key ID) and SK (Secret Access Key) for signature verification. AK and SK are system-generated strings used to identify users and perform certified authentication with CSN.

Your AK/SK information can be obtained and understood through the following steps:

Register a Baidu AI Cloud account

Create AK/SK

Create a new CSN client

The CSN client acts as the interface for CSN services, offering developers various methods to interact with the CSN services.

Create a new CSN client with AK/SK

Users can refer to the following code to create a new CSN Client to access CSN with AK/SK:

Go 
1import (
2	"github.com/baidubce/bce-sdk-go/services/csn"
3)
4func main() {
5 // User’s Access Key ID and Secret Access Key
6	ACCESS_KEY_ID, SECRET_ACCESS_KEY := <your-access-key-id>, <your-secret-access-key>
7	
8 // User-specified Endpoint
9	ENDPOINT := <domain-name>
10 // Initialize a CSNClient
11	csnClient, err := csn.NewClient(AK, SK, ENDPOINT)
12}

In the code above, ACCESS_KEY_ID corresponds to “Access Key ID” in the console. SECRET_ACCESS_KEY corresponds to “Access Key Secret” in the console. Refer to the Guide - How to Retrieve AKSK. The third parameter ENDPOINT takes the value csn.baidubce.com. If set to an empty string, the default domain name will be used as the service address for CSN.

Create a CSN client with STS

Request STS Token

CSN provides temporary third-party access authorization via the STS mechanism. STS (Security Token Service) is a temporary authorization service provided by Baidu AI Cloud. Through STS, you can issue access credentials with customizable validity periods and permissions for third-party users. These users can then use the credentials to call Baidu AI Cloud APIs or SDKs directly to access cloud resources.

To access CSN via STS, users must first request an authentication token from the STS client.

Create CSN Client with STS Token

Once the STS token is obtained, configure it within the CSN Client to enable the creation of an STS-enabled CSN client.

Code example

The GO SDK implements the STS service API. Below is a complete example for requesting an STS Token and creating an CSN Client object:

Go 
1import (
2	"fmt"
3 "github.com/baidubce/bce-sdk-go/auth"                    //Import the authentication module
4 "github.com/baidubce/bce-sdk-go/services/csn" //Import CSN service module
5 "github.com/baidubce/bce-sdk-go/services/sts"            //Import the Baige service module
6)
7func main() {
8 //Create a Client object for the STS service, using the default Endpoint
9	AK, SK := <your-access-key-id>, <your-secret-access-key>
10	stsClient, err := sts.NewClient(AK, SK)
11	if err != nil {
12		fmt.Println("create sts client object :", err)
13		return
14	}
15 //Obtain a temporary authentication token with a validity period of 60 seconds and an empty ACL
16	stsObj, err := stsClient.GetSessionToken(60, "")
17	if err != nil {
18		fmt.Println("get session token failed:", err)
19		return
20    }
21	fmt.Println("GetSessionToken result:")
22	fmt.Println("  accessKeyId:", stsObj.AccessKeyId)
23	fmt.Println("  secretAccessKey:", stsObj.SecretAccessKey)
24	fmt.Println("  sessionToken:", stsObj.SessionToken)
25	fmt.Println("  createTime:", stsObj.CreateTime)
26	fmt.Println("  expiration:", stsObj.Expiration)
27	fmt.Println("  userId:", stsObj.UserId)
28 //Create a CSN Client object using the requested temporary STS, with the default endpoint
29	csnClient, err := csn.NewClient(stsObj.AccessKeyId, stsObj.SecretAccessKey, "csn.baidubce.com")
30	if err != nil {
31		fmt.Println("create csn client failed:", err)
32		return
33	}
34	stsCredential, err := auth.NewSessionBceCredentials(
35		stsObj.AccessKeyId,
36		stsObj.SecretAccessKey,
37		stsObj.SessionToken)
38	if err != nil {
39		fmt.Println("create sts credential object failed:", err)
40		return
41	}
42	csnClient.Config.Credentials = stsCredential
43}

Note: Currently, when configuring a CSN Client using STS, the endpoint of STS must be configured as http://sts.bj.baidubce.com.

Configure HTTPS access to CSN

CSN supports the HTTPS transport protocol. To use HTTPS to access CSN services with the CSN Go SDK, specify HTTPS in the endpoint when creating the CSN client object.

Go 
1// import "github.com/baidubce/bce-sdk-go/services/csn"
2 NDPOINT := "https://csn.baidubce.com " //Specify the use of HTTPS protocol
3AK, SK := <your-access-key-id>, <your-secret-access-key>
4csnClient, _ := csn.NewClient(AK, SK, ENDPOINT)

Configure the CSN client

If users need to configure specific parameters for the CSN Client, they can customize the configuration using the exported Config field of the CSN Client object after its creation. This allows for configuring parameters such as proxy and maximum number of connections for the client.

Use a proxy

The following code snippet enables the client to access CSN service using a proxy:

Go 
1// import "github.com/baidubce/bce-sdk-go/services/csn"
2 // Create an CSN Client object
3AK, SK := <your-access-key-id>, <your-secret-access-key>
4ENDPOINT := "csn.baidubce.com"
5client, _ := csn.NewClient(AK, SK, ENDPOINT)
6 // Use the local port 8080 for the proxy
7client.Config.ProxyUrl = "127.0.0.1:8080"

Set network parameters

Users can configure network parameters using the following example code:

Go 
1// import "github.com/baidubce/bce-sdk-go/services/csn"
2AK, SK := <your-access-key-id>, <your-secret-access-key>
3ENDPOINT := "csn.baidubce.com"
4client, _ := csn.NewClient(AK, SK, ENDPOINT)
5 // Configure to not retry, default: Back Off retry
6client.Config.Retry = bce.NewNoRetryPolicy()
7 // Configure connection timeout to 30 seconds
8client.Config.ConnectionTimeoutInMillis = 30 * 1000

Configure options for generating signature strings

Go 
1// import "github.com/baidubce/bce-sdk-go/services/csn"
2AK, SK := <your-access-key-id>, <your-secret-access-key>
3ENDPOINT := "csn.baidubce.com"
4client, _ := csn.NewClient(AK, SK, ENDPOINT)
5 // Configure the HTTP request header Host for signing
6headersToSign := map[string]struct{}{"Host": struct{}{}}
7client.Config.SignOption.HeadersToSign = HeadersToSign
8 // Configure the validity period of the signature to 30 seconds
9client.Config.SignOption.ExpireSeconds = 30

Parameter description

When using the GO SDK to access CSN, the Config field of the created CSN Client object supports the following parameters, as shown in the table below:

ConfigMap name Types Meaning
Endpoint string Domain name for service requests
ProxyUrl string The proxy address for client requests
Region string Region for resource requests
UserAgent string User name, HTTP request’s User-Agent header
Credentials *auth.BceCredentials Authentication object for requests, divided into regular AK/SK and STS
SignOption *auth.SignOptions Options for authentication string signing
Retry RetryPolicy Retry policy for connections
ConnectionTimeoutInMillis int Connection timeout, in milliseconds, defaulting to 20 minutes

Description:

  1. The Credentials is created using the auth.NewBceCredentials and auth.NewSessionBceCredentials functions. The former is used by default, while the latter is used for STS certification. See "Create a CSN client with STS" for details.
  2. The SignOption field represents options when generating a signature string, as detailed in the table below:
Name Types Meaning
HeadersToSign map[string]struct{} HTTP headers used when generating the signature string
Timestamp int64 Timestamp used in the generated signature string, defaulting to the value at the time of sending request
ExpireSeconds int Validity period of the signature string
Plain Text 
1 Among configuration options, HeadersToSign defaults to `Host`, `Content-Type`, `Content-Length` and `Content-MD5`; TimeStamp is typically set to zero, indicating that the timestamp at the time of generating the certification string shall be used, and users generally shall not explicitly specify the value for this field; ExpireSeconds defaults to 1,800 seconds or 30 minutes.
  1. The Retry field specifies the retry policy, currently supporting two types: NoRetryPolicy and BackOffRetryPolicy. By default, the latter is used. This retry policy specifies the maximum number of retries, the maximum retry duration, and the retry base. Retries increase exponentially based on the retry base multiplied by 2 until the maximum number of retries or the maximum retry duration is reached.

Previous
Exception handling
Next
Install