Request Signature
Update:
Scope
Text moderation, image moderation, audio moderation, video moderation, web moderation, and other HTTP APIs use the same request signature rule.
When you request an API, use appId and secretKey to sign the request. After receiving a signed request, the API verifies the signature with the same algorithm. If the signature is inconsistent, the API returns 401.
You can get appId and secretKey from <Console - Service Configuration>.
Request Header
Header
Example value
Required
Description
X-AppId
1000
Required
The unique project identifier
X-TimeStamp
2024-01-31T07:59:03Z
Required
The UTC time when the request is sent. The format is yyyy-MM-dd'T'HH:mm:ss'Z'
Authorization
*****
Required
Request signature
Signature Calculation
- Build the canonicalized query string.
For a JSON request, calculate the SHA256 hash of the request body JSON string with UTF-8 encoding, then convert the hash to a hexadecimal string. Do not use Base64 for this step.
CanonicalizedQueryString = hex(sha256(jsonBody))
- Build
StringToSign. \n represents the ASCII newline character.
StringToSign = HTTPMethod + "\n" +
HostHeaderInLowercase + "\n" +
HTTPRequestURI + "\n" +
CanonicalizedQueryString + "\n" +
"X-AppId:" + SAME_APPID_IN_HEADER + "\n" +
"X-TimeStamp:" + SAME_TIMESTAMP_IN_HEADER
HTTPRequestURI is the absolute path of the request URI, without query parameters. If HTTPRequestURI is empty, keep a forward slash (/).
- Calculate the signature with HMAC-SHA256. Use
StringToSign as the string to sign, secretKey as the key, and SHA256 as the hash algorithm.
For more information about HMAC, see https://tools.ietf.org/html/rfc2104.
-
Convert the HMAC-SHA256 result to a Base64 string.
-
Put the Base64 string into the Authorization HTTP request Header.
Signature Example
The following example uses the web moderation submission API.
Request information:
HTTPMethod=POST
Host=msafe.ilivedata.com
HTTPRequestURI=/api/v1/media/web/submit
X-AppId=1000
X-TimeStamp=2024-01-31T07:59:03Z
secretKey=****
Request body:
{"url":"https://example.com/page.html","strategyId":"DEFAULT"}
Generated CanonicalizedQueryString:
e87c44a05094b0129745a6ea138b11d62ff46fa3790cf7cd5ef0f4125e5f865f
Generated StringToSign:
POST
msafe.ilivedata.com
/api/v1/media/web/submit
e87c44a05094b0129745a6ea138b11d62ff46fa3790cf7cd5ef0f4125e5f865f
X-AppId:1000
X-TimeStamp:2024-01-31T07:59:03Z
Signature calculated by HMAC:
*****
Set the request Header:
Authorization: *****
Scope
Text moderation, image moderation, audio moderation, video moderation, web moderation, and other HTTP APIs use the same request signature rule.
When you request an API, use appId and secretKey to sign the request. After receiving a signed request, the API verifies the signature with the same algorithm. If the signature is inconsistent, the API returns 401.
You can get appId and secretKey from <Console - Service Configuration>.
Request Header
| Header | Example value | Required | Description |
|---|---|---|---|
| X-AppId | 1000 | Required | The unique project identifier |
| X-TimeStamp | 2024-01-31T07:59:03Z | Required | The UTC time when the request is sent. The format is yyyy-MM-dd'T'HH:mm:ss'Z' |
| Authorization | ***** | Required | Request signature |
Signature Calculation
- Build the canonicalized query string.
For a JSON request, calculate the SHA256 hash of the request body JSON string with UTF-8 encoding, then convert the hash to a hexadecimal string. Do not use Base64 for this step.
CanonicalizedQueryString = hex(sha256(jsonBody))
- Build
StringToSign.\nrepresents the ASCII newline character.
StringToSign = HTTPMethod + "\n" +
HostHeaderInLowercase + "\n" +
HTTPRequestURI + "\n" +
CanonicalizedQueryString + "\n" +
"X-AppId:" + SAME_APPID_IN_HEADER + "\n" +
"X-TimeStamp:" + SAME_TIMESTAMP_IN_HEADER
HTTPRequestURI is the absolute path of the request URI, without query parameters. If HTTPRequestURI is empty, keep a forward slash (/).
- Calculate the signature with HMAC-SHA256. Use
StringToSignas the string to sign,secretKeyas the key, and SHA256 as the hash algorithm.
For more information about HMAC, see https://tools.ietf.org/html/rfc2104.
-
Convert the HMAC-SHA256 result to a Base64 string.
-
Put the Base64 string into the
AuthorizationHTTP request Header.
Signature Example
The following example uses the web moderation submission API.
Request information:
HTTPMethod=POST
Host=msafe.ilivedata.com
HTTPRequestURI=/api/v1/media/web/submit
X-AppId=1000
X-TimeStamp=2024-01-31T07:59:03Z
secretKey=****
Request body:
{"url":"https://example.com/page.html","strategyId":"DEFAULT"}
Generated CanonicalizedQueryString:
e87c44a05094b0129745a6ea138b11d62ff46fa3790cf7cd5ef0f4125e5f865f
Generated StringToSign:
POST
msafe.ilivedata.com
/api/v1/media/web/submit
e87c44a05094b0129745a6ea138b11d62ff46fa3790cf7cd5ef0f4125e5f865f
X-AppId:1000
X-TimeStamp:2024-01-31T07:59:03Z
Signature calculated by HMAC:
*****
Set the request Header:
Authorization: *****