摘要:京東云是將京東云所有資源的管理能力通過(guò)的方式提供出來(lái)����,供京東云用戶和合作伙伴使用。是京東云控制臺(tái)的有效補(bǔ)充���,方便用戶更靈活的控制自己的云上資源�。在開(kāi)始調(diào)用京東云之前��,需提前在京東云用戶中心賬戶管理下的管理頁(yè)面申請(qǐng)和密鑰對(duì)簡(jiǎn)稱�����。
京東云OpenAPI是將京東云所有資源的管理能力通過(guò)API的方式提供出來(lái)���,供京東云用戶和合作伙伴使用���。OpenAPI是京東云控制臺(tái)的有效補(bǔ)充�,方便用戶更靈活的控制自己的云上資源。
本文檔通過(guò)step-by-step生成簽名以及完整HTTP請(qǐng)求��,并將請(qǐng)求發(fā)送至京東公共OpenAPI并得到response。
京東云:www.jdcloud.com
京東云OpenAPI:docs.jdcloud.com/cn/?act=3
公共說(shuō)明:docs.jdcloud.com/cn/common-declaration/api/introduction
前置條件
要使用某個(gè)產(chǎn)品線的OpenAPI���,首先需要先通過(guò)產(chǎn)品文檔了解產(chǎn)品功能���、計(jì)費(fèi)等方面的信息。
在開(kāi)始調(diào)用京東云OpenAPI之前�,需提前在京東云用戶中心賬戶管理下的AccessKey管理頁(yè)面申請(qǐng)AccessKey和SecretKey密鑰對(duì)(簡(jiǎn)稱AK/SK)。AK/SK信息請(qǐng)妥善保管����,如果遺失可能會(huì)造成非法用戶使用此信息操作您在云上的資源,給你造成數(shù)據(jù)和財(cái)產(chǎn)損失���。AK/SK密鑰對(duì)允許啟用��、禁用��,啟用后可用其調(diào)用OpenAPI�,禁用后不能用其調(diào)用OpenAPI����。
京東云OpenAPI使用Restful接口風(fēng)格,要進(jìn)行OpenAPI調(diào)用需要包含如下信息:請(qǐng)求協(xié)議��,請(qǐng)求方式,請(qǐng)求地址����,請(qǐng)求路徑,請(qǐng)求頭��,請(qǐng)求參數(shù)����,請(qǐng)求體。
為了您的數(shù)據(jù)安全���,建議務(wù)必使用https協(xié)議��。
基本步驟
初始基本配置
生成初始請(qǐng)求header
生成標(biāo)準(zhǔn)請(qǐng)求串
生成待簽名字符串
生成簽名key
計(jì)算簽名值
更新請(qǐng)求頭
發(fā)送請(qǐng)求
請(qǐng)求簽名具體 Python 實(shí)現(xiàn)
1. 初始基本配置
# GET請(qǐng)求
method = "GET"
# 地域
region = "cn-north-1"
# 產(chǎn)品線
service = "vm"
# vm產(chǎn)品線服務(wù)地址:{product}.jdcloud-api.com
full_host = "vm.jdcloud-api.com"
# OpenAPI服務(wù)的地址和路徑格式一般為(默認(rèn)為https):
# https://{product}.jdcloud-api.com/{API版本號(hào)}/regions/{地域ID}/{資源名稱}/{資源ID(可選)}/{子資源名稱(可選)}/{子資源ID(可選)}{:自定義動(dòng)作(可選)}
url = "https://vm.jdcloud-api.com/v1/regions/cn-north-1/instances/i-uvvtdzuxre"
# 規(guī)范請(qǐng)求路徑Path:/{apiVersion}/regions/{regionId}/instances/{instanceId}
canonical_uri = "/v1/regions/cn-north-1/instances/i-uvvtdzuxre"
# 本例中為GET請(qǐng)求���,body為空(若為PUT/POST/PATCH請(qǐng)求,則body為parameter的JSON格式)
body = ""
2. 生成初始請(qǐng)求header
# 當(dāng)前時(shí)間
now = datetime.datetime.utcfromtimestamp(time.time())
# 格式化字符串為:"20180812T074253Z"
jdcloud_date = now.strftime("%Y%m%dT%H%M%SZ")
# 生成datestamp字符串:“20180812”�,用于簽名
datestamp = now.strftime("%Y%m%d")
# 隨機(jī)生成的字符串:“58542f21-bda3-4736-9a08-da2339669e52”
nonce = str(uuid.uuid4())
# 增加請(qǐng)求header字段:
# Content-Type:請(qǐng)求數(shù)據(jù)格式為JSON
# User-Agent:格式為“JdcloudSdkPython/ <產(chǎn)品線>/<產(chǎn)品線revision>”
# 請(qǐng)求頭如下:
# {"x-jdcloud-nonce": "63e0148e-0fef-4c78-9228-47fefe470b07",
# "Content-Type": "application/json",
# "x-jdcloud-date": "20180812T094103Z",
# "User-Agent": "JdcloudSdkPython/1.2.1 vm/1.0.0"}
headers = {"Content-Type": "application/json", "User-Agent": "JdcloudSdkPython/1.2.1 vm/1.0.0"}
headers["x-jdcloud-date"] = jdcloud_date
headers["x-jdcloud-nonce"] = nonce
3. 生成標(biāo)準(zhǔn)請(qǐng)求串
# 生成請(qǐng)求查詢字符串,本例為空����。
canonical_querystring = ""
# 生成CanonicalHeaders字符串,CanonicalHeaders為需要參與簽名的請(qǐng)求頭及值。要?jiǎng)?chuàng)建規(guī)范 HTTP header 列表����,請(qǐng)將所有 HTTP header 名稱轉(zhuǎn)換為小寫�����,并刪除前導(dǎo)空格和尾隨空格��。通過(guò)用字符代碼排序HTTP header ���,然后遍歷 HTTP header 名稱來(lái)構(gòu)建規(guī)范 HTTP header 列表�����。使用:分隔名稱和值�,并添加換行符���。
# 如下:
# content-type:application/json
# host:vm.jdcloud-api.com
# x-jdcloud-date:20180812T074253Z
# x-jdcloud-nonce:58542f21-bda3-4736-9a08-da2339669e52
#
canonical_headers = "content-type" + ":" + headers["Content-Type"] + "
" + "host" + ":" + full_host + "
" + "x-jdcloud-date" + ":" + headers["x-jdcloud-date"] + "
" + "x-jdcloud-nonce" + ":" + headers["x-jdcloud-nonce"] + "
"
# SignedHeaders用于告知京東云����,請(qǐng)求中的哪些頭是簽名過(guò)程的一部分��,京東云可以忽略哪些頭(例如����,由代理添加的任何附加標(biāo)頭)�����,以驗(yàn)證請(qǐng)求��。注意host, x-jdcloud-date, x-jdcloud-nonce必須包含在內(nèi)��。
signed_headers = "content-type;host;x-jdcloud-date;x-jdcloud-nonce"
# 生成body的hash(即使body為空字符串):
# “e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855”
payload_hash = hashlib.sha256(body.encode("utf-8")).hexdigest()
# 生成標(biāo)準(zhǔn)請(qǐng)求串:
# GET
# /v1/regions/cn-north-1/instances/i-uvvtdzuxre
#
# content-type:application/json
# host:vm.jdcloud-api.com
# x-jdcloud-date:20180812T074253Z
# x-jdcloud-nonce:58542f21-bda3-4736-9a08-da2339669e52
# content-type;host;x-jdcloud-date;x-jdcloud-nonce
#
# e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
canonical_request = (method + "
" +
canonical_uri + "
" +
canonical_querystring + "
" +
canonical_headers + "
" +
signed_headers + "
" +
payload_hash)
4. 生成待簽名字符串
# 用于創(chuàng)建請(qǐng)求簽名的哈希算法����,目前只支持 `JDCLOUD2-HMAC-SHA256`
algorithm = "JDCLOUD2-HMAC-SHA256"
# CredentialScope格式為”{時(shí)間}/{地域編碼}/{產(chǎn)品線}/jdcloud2_request
”����,例如20180130/cn-north-1/vpc/jdcloud2_request
# "20180812/cn-north-1/vm/jdcloud2_request"
credential_scope = (datestamp + "/" + region + "/" + service + "/" + "jdcloud2_request")
# 生成canonical_request的哈希值
# a3349e006302711650240165d89bb9c0b504ff8dc95d665cd98907877fbbd423
canonical_request_hash = hashlib.sha256(canonical_request.encode("utf-8")).hexdigest()
# 生成待簽名字符串:
# StringToSign =
# Algorithm +
+
# RequestDateTime +
+
# CredentialScope +
+
# HashedCanonicalRequest
# 結(jié)果為:
# JDCLOUD2-HMAC-SHA256
# 20180812T074253Z
# 20180812/cn-north-1/vm/jdcloud2_request
# a3349e006302711650240165d89bb9c0b504ff8dc95d665cd98907877fbbd423
string_to_sign = algorithm + "
" + jdcloud_date + "
" + credential_scope + "
" + canonical_request_hash
5. 生成簽名key
# 計(jì)算簽名key(二進(jìn)制),其中HMAC(key, data)代表以二進(jìn)制格式返回輸出的HMAC-SHA256函數(shù)
# 偽代碼:
# kSecret = your secret access key
# kDate = HMAC("JDCLOUD2" + kSecret, Date)
# kRegion = HMAC(kDate, Region)
# kService = HMAC(kRegion, Service)
# kSigning = HMAC(kService, "jdcloud2_request")
k_date = hmac.new(("JDCLOUD2" + secret_key).encode("utf-8"), datestamp.encode("utf-8"), hashlib.sha256).digest()
k_region = hmac.new(k_date, region.encode("utf-8"), hashlib.sha256).digest()
k_service = hmac.new(k_region, service.encode("utf-8"), hashlib.sha256).digest()
signing_key = hmac.new(k_service, "jdcloud2_request".encode("utf-8"), hashlib.sha256).digest()
6. 計(jì)算簽名值
# 最終生成簽名:
# 如:9b2026198d3acbf99da395e23a994ed369a0d70f5b4a5d7567dd0caf3009656d
encoded = string_to_sign.encode("utf-8")
signature = hmac.new(signing_key, encoded, hashlib.sha256).hexdigest()
7. 更新請(qǐng)求頭
# 計(jì)算簽名后����,需要將簽名的結(jié)果作為Authorization請(qǐng)求頭將其添加到請(qǐng)求中
# "JDCLOUD2-HMAC-SHA256 Credential=xxxxxxxxxxxxxxxxxxxxxxxxxxx/20180812/cn-north-1/vm/jdcloud2_request, SignedHeaders=content-type;host;x-jdcloud-date;x-jdcloud-nonce, Signature=53305ed8290a26493beec3060d9b1ff7d94cb1a6f2171cd193a1562814c8de37"
authorization_header = algorithm + " " + "Credential=" + access_key + "/" + credential_scope + ", " + "SignedHeaders=" + signed_headers + ", " + "Signature=" + signature
# 更新請(qǐng)求headers,如下:
# {"x-jdcloud-date": "20180812T074253Z",
# "x-jdcloud-content-sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
# "JDCLOUD2-HMAC-SHA256": "JDCLOUD2-HMAC-SHA256",
# "x-jdcloud-nonce": "58542f21-bda3-4736-9a08-da2339669e52",
# "User-Agent": "JdcloudSdkPython/1.2.1 vm/1.0.0",
# "Content-Type": "application/json",
# "Authorization": "JDCLOUD2-HMAC-SHA256 Credential=xxxxxxxxxxxxxxxxxxxxxxxxxxx/20180812/cn-north-1/vm/jdcloud2_request, SignedHeaders=content-type;host;x-jdcloud-date;x-jdcloud-nonce, Signature=53305ed8290a26493beec3060d9b1ff7d94cb1a6f2171cd193a1562814c8de37"}
headers["Authorization"] = authorization_header
headers["x-jdcloud-date"] = jdcloud_date
headers["x-jdcloud-content-sha256"] = payload_hash
headers["JDCLOUD2-HMAC-SHA256"] = "JDCLOUD2-HMAC-SHA256"
headers["x-jdcloud-nonce"] = nonce
8. 發(fā)送請(qǐng)求
8.1 Python 發(fā)送請(qǐng)求
# Python發(fā)送請(qǐng)求�����,并獲得相應(yīng)
resp = requests.request(method, url, data=body, headers=headers)
8.2 Curl發(fā)送請(qǐng)求
請(qǐng)求頭中必須包含SignedHeaders中的各個(gè)字段:
# curl -X GET -H "x-jdcloud-date:20180812T094103Z" -H "x-jdcloud-nonce:63e0148e-0fef-4c78-9228-47fefe470b07" -H "Content-Type:application/json" -H "Authorization:JDCLOUD2-HMAC-SHA256 Credential=xxxxxxxxxxxxxxxxxxxxxxxxxxx/20180812/cn-north-1/vm/jdcloud2_request, SignedHeaders=content-type;host;x-jdcloud-date;x-jdcloud-nonce, Signature=53305ed8290a26493beec3060d9b1ff7d94cb1a6f2171cd193a1562814c8de37" https://vm.jdcloud-api.com/v1/regions/cn-north-1/instances/i-uvvtdzuxre
總結(jié)
可將發(fā)送OpenAPI請(qǐng)求簡(jiǎn)單總結(jié)為:
生成待簽名字符串(包含header各個(gè)字段、body的hash等)
生成簽名key(包含SK并多層加鹽)����;
用key簽名step 1的待簽名字符串,將簽名信息加入到header并發(fā)送請(qǐng)求(包含AK)�����,服務(wù)端按照同樣的方式可以校驗(yàn)身份���。
使用Python SDK發(fā)送請(qǐng)求源代碼:
from jdcloud_sdk.core.credential import *
from jdcloud_sdk.services.vm.client.VmClient import *
from jdcloud_sdk.services.vm.apis.DescribeInstanceRequest import *
import json
# 用戶AK&SK
access_key = ""
secret_key = ""
# 地域
regionId = "cn-north-1"
# 要查詢的實(shí)例ID
instanceId = "i-uvvtdzuxre"
# 生成Credential和Client
myCredential = Credential(access_key, secret_key)
myClient = VmClient(myCredential)
# 定義參數(shù)
myParam = DescribeInstanceParameters(regionId, instanceId)
# 定義請(qǐng)求
myRequest = DescribeInstanceRequest(myParam)
# Client發(fā)送請(qǐng)求,并得到響應(yīng)
resp = myClient.send(myRequest)
# 將返回結(jié)果以JSON格式打印
print json.dumps(resp.result, indent=2)
文章版權(quán)歸作者所有�,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除����。
轉(zhuǎn)載請(qǐng)注明本文地址:http://m.hztianpu.com/yun/44928.html
