English
Doc CenterSign in to zenConsole

Signature Algorithm v2

Applying for Security Credentials

The security credential used in this document is a key, which includes an accessKeyId and an accessKeyPassword.

  • AccessKeyId: used to identify the API caller, which is just like a username.

  • AccessKeyPassword: used to authenticate the API caller, which is just like a password.

  • You must keep your security credentials private and avoid disclosure; otherwise, your assets may be compromised. If they are disclosed, please disable them as soon as possible.

You can apply for the security credentials according to Zenlayer Docs.

Signature Calculation Process

Zenlayer Open API v2 supports POST requests. Only Content-Type: application/json is supported. The API is called in JSON format.

The following uses querying the list of bare metal instances in the Hong Kong region as an example to describe the steps of signature splicing.

Assuming that your AccessKeyId and AccessKeyPassword are AKIDz8krbsJ5yKBZQpn74WFkmLPx3 and Gu5t9xGARNpq86cd98joQYCN3, respectively, if you want to view the status of the instance in the Hong Kong region whose bare metal instance name is "unnamed", then the request may be:

curl -X POST https://console.zenlayer.com/api/v2/bmc \
-H "Authorization: ZC2-HMAC-SHA256 Credential=0D9UtpyKYcHxms5v, SignedHeaders=content-type;host, Signature=efb356c32e55c781e10dc676da59462c22596d82e91c57803666243379555b2f" \
-H "Content-Type: application/json; charset=utf-8" \
-H "X-ZC-Action: DescribeInstances" \
-H "X-ZC-Timestamp: 1673361177" \
-H "X-ZC-Signature-Method: ZC2-HMAC-SHA256" \
-H "X-ZC-Version: 2022-11-20" \
-d '{"pageSize":10,"pageNum":1,"zoneId":"HKG-A"}'

Request Headers:

1. Concatenating the CanonicalRequest String

Concatenate the canonical request string (CanonicalRequest) in the following pseudocode format:

CanonicalRequest = 
  HTTPRequestMethod + '\n' + 
  CanonicalURI + '\n' + 
  CanonicalQueryString + '\n' + 
  CanonicalHeaders + '\n' + 
  SignedHeaders + '\n' + 
  HexEncode(Hash(RequestPayload))

2. Concatenating the String to Be Signed

The string to sign is concatenated as follows:

StringToSign =
    Algorithm + \n +           # Signature algorithm, which is ZC2-HMAC-SHA256 for SHA256.
    RequestTimestamp + \n +     # Request timestamp.
    HashedCanonicalRequest

According to the preceding rules, the string to be signed obtained in the example is as follows:

ZC2-HMAC-SHA256
1673361177
29396f9dfa0f03820b931e8aa06e20cda197e73285ebd76aceb83f7dede493ee

3. Calculating the Signature Based on AK and StringToSign

Calculate the derived signature key with the following pseudocode:

Signature = HexEncode(HMAC_SHA256(AccessKeyPassword, StringToSign))

4. Concatenating the Authorization

The Authorization is concatenated as follows:

Authorization =
    Algorithm + ' ' +
    'Credential=' + AccessKeyId +  ', ' +
    'SignedHeaders=' + SignedHeaders + ', ' +
    'Signature=' + Signature

Last updated