Parameter Specification

一、 Parameter Specification

  • Request URL:

Get it from the Console - Service Configuration

  • HTTP request Header:
Header Value Description
Content-Type application/json;charset=UTF-8 Request body type
Accept application/json;charset=UTF-8 Return type accepted
X-AppId The only identifier of the project or application.
X-TimeStamp The UTC timestamp of the request. Timestamps need to be formatted according to W3C standards, for example: 2010-01-31T23:59:59Z. (
Authorization Signature value
  • Request method:POST

  • Request body JSON object:

Parameter Essential Type Description|
type Essential Number 1: Image URL 2: Image BASE64 value
image Essential Srting Image content, if type=1, then the value is the image URL, if type=2, then the value is the image BASE64 value. Supported formats: jpg, png, bmp, gif, webp, tiff, heic; Supported image size: <10M; Description of gif/long image: Automatically cut gif/long image into frame and check, up to 5 images. Gif/long images are billed according to the actual number of screenshots; Definition of long image: images whose ratio of length and width is greater than 5.
userId Optional Srting Unique end user ID. The user ID should be no more than 32 characters.
userIP Optional Srting User IP address
did Optional Srting User device ID
dtype Optional Srting User device type:1:iPhone 2:android 3: ipad 4:wphone 5: pc 6:web 7:wap
  • Example of request body:

    JSON Response
          "userId": "testUser",
          "did": "868034031518269",
          "dtype": "1"
  • Request signature:

When the user requests the Image Check API, the request can be signed with the appId and secretKey (obtained from the Console - Service Configuration). When the API receives the request with the signature information, it will verify the signature using the same algorithm, and if the signature is found to be inconsistent, the API will return 401 error to the user.

If the API validation signature is consistent and the user corresponding to the appId has permission to operate the requested resource, the request succeeds, otherwise the API returns 401 error.

  • Request Header to send a signature via HTTP

Method: Add a header named Authorization in the request, whose value is the signature value. For example:

 Authorization: ****
  • Signature calculation method
  1. Canonicalized Query String:

Convert the request body JSON string to a hexadecimal string (not Base64) by doing sha256 encoding with UTF-8 character encoding.

CanonicalizedQueryString = hex(sha256(jsonBody))

  1. Constructs the signed string StringToSign ("\n" stands for ASCII newline character):

    StringToSign = HTTPMethod + “\n” + HostHeaderInLowercase + “\n” + HTTPRequestURI + “\n” + CanonicalizedQueryString <从上一步得到> + “\n” + “X-AppId:” + SAME_APPID_IN_HEADER + “\n” + “X-TimeStamp:” + SAME_TIMESTAMP_IN_HEADER

The HTTPRequestURI is the absolute path to the request URI, without the request string. If the HTTPRequestURI is empty, also keep a forward slash (/).

The hash-based message authentication code (HMAC) is created using the HMAC-SHA256 protocol and the signature is calculated.

  1. StringToSign as the signature string, secretKey as the secret key and SHA256 as the hash algorithm.

    For more information about HMAC, see:。
  2. Converting the results of the previous step to a BASE64 string.

  3. Put the BASE64 string into the Authorization of HTTP request Header.

  • Example of signature

Below is an example of appId & secretKey & image.


Below is an example of request type.

 "type": 2,
 "userId": "12345678",

Generate CanonicalizedQueryString


Generate StringToSign


Signatures from HMAC calculations