Create a request-AI Guardrails(AI Guardrails)-阿里云帮助中心

This page explains how to construct an HTTP or HTTPS request to call an AI Guardrails API operation directly, without using an SDK.

AI Guardrails provides SDKs for multiple programming languages. If you use an SDK, it handles request construction and signing automatically. See the SDK overview for supported languages.

Request basics

Property	Value
Protocols	HTTP and HTTPS
Methods	GET and POST (both supported for all operations)
Character encoding	UTF-8 (parameters and responses)

Request structure

Every request consists of three parts:

Part	Description
Endpoint	The URL for the target operation
Common parameters	Authentication and metadata parameters included in every request
Operation-specific parameters	Parameters specific to the API operation being called

Endpoint

The endpoint for the AI Guardrails API configuration management service (custom image libraries, custom text libraries, and OSS content management) is:

http(s)://green.cn-shanghai.aliyuncs.com

The AI Guardrails API uses a single endpoint for all operations:

http(s)://green.cn-shanghai.aliyuncs.com

Important

This is the only supported endpoint. You can use this endpoint to call the service from all regions in China. Requests are automatically synchronized to each region.

Common parameters

Include the following parameters in every request:

Name	Type	Required	Description
`Action`	String	Yes	The name of the API operation to call. See API overview for valid values.
`AccessKeyId`	String	Yes	Your AccessKey ID.
`Signature`	String	Yes	The request signature. See Sign a request.
`SignatureMethod`	String	Yes	The signature algorithm. Set to `HMAC-SHA1`.
`SignatureVersion`	String	Yes	The signature algorithm version. Set to `1.0`.
`SignatureNonce`	String	Yes	A unique random string used to prevent replay attacks. Generate a new value for each request.
`Timestamp`	String	Yes	The request time in ISO 8601 format: `yyyy-MM-ddTHH:mm:ssZ` (UTC). Example: `2018-01-01T12:00:00Z` represents 20:00:00 on January 1, 2018 (UTC+8).
`Version`	String	Yes	The API version. Set to `2017-08-23`.
`Format`	String	No	The response format. Valid values: `json`, `xml`. Defaults to `xml`.

Operation-specific parameters

Each API operation accepts its own set of parameters. Click an operation in the API overview to see its parameter definitions.

Sign a request

AI Guardrails uses symmetric encryption with your AccessKey ID and AccessKey secret to authenticate requests.

AccessKey ID: Identifies the requester.
AccessKey secret: Used to encrypt the signature string. Keep this value confidential.

The signing process has four steps:

Step	What it produces
1. Build a canonicalized query string	A sorted, percent-encoded string of all request parameters
2. Build the string to sign	A structured string combining the HTTP method, a separator, and the canonicalized query string
3. Calculate the signature	An HMAC-SHA1 hash of the string to sign, Base64-encoded
4. Add the signature to the request	The final signed URL, ready to send

Step 1: Build a canonicalized query string

Collect all request parameters — common parameters and operation-specific parameters — but exclude the Signature parameter.
Sort the parameters alphabetically by name.
Percent-encode each parameter name and value using UTF-8 per RFC 3986: For Java, use java.net.URLEncoder then apply the following corrections:
- Do not encode: A–Z, a–z, 0–9, -, _, ., ~
- Encode all other characters as %XY, where XY is the uppercase hexadecimal ASCII code. For example, " becomes %22.
- Encode spaces as %20, not +.
```
private static final String ENCODING = "UTF-8";
private static String percentEncode(String value) throws UnsupportedEncodingException {
  return value != null ? URLEncoder.encode(value, ENCODING).replace("+", "%20").replace("*", "%2A").replace("%7E", "~") : null;
}
```
Join each encoded name-value pair with =, then join all pairs with &, in the same alphabetical order.

The result is the canonicalized query string.

Step 2: Build the string to sign

Construct StringToSign using the following formula:

StringToSign =
  HTTPMethod + "&" +
  percentEncode("/") + "&" +
  percentEncode(CanonicalizedQueryString)

HTTPMethod: The HTTP method in uppercase, for example GET.
percentEncode("/"): The percent-encoded forward slash, which is %2F.
percentEncode(CanonicalizedQueryString): The percent-encoded canonicalized query string from step 1.

Step 3: Calculate the signature

Signature = Base64( HMAC-SHA1( AccessKeySecret + "&", UTF-8-Encoding-Of(StringToSign) ) )

Append & to your AccessKeySecret before using it as the HMAC key. This is required by RFC 2104.

In Java:

final String ALGORITHM = "HmacSHA1";
final String ENCODING = "UTF-8";
String key = accessKeySecret + "&";
Mac mac = Mac.getInstance(ALGORITHM);
mac.init(new SecretKeySpec(key.getBytes(ENCODING), ALGORITHM));
byte[] signData = mac.doFinal(stringToSign.getBytes(ENCODING));
String signature = new String(Base64.encodeBase64(signData));

Step 4: Add the signature to the request

Percent-encode the calculated signature per RFC 3986, then append it as the Signature parameter to the canonicalized query string from step 1.

Code examples

The following examples show the complete signing process by calling DescribeKeywordLib with AccessKeyId=testid and AccessKeySecret=testsecret.

Example 1: Manual parameter concatenation

Step 1 — Canonicalized query string:

AccessKeyId=testid&Action=DescribeKeywordLib&Format=XML&SignatureMethod=HMAC-SHA1&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&SignatureVersion=1.0&Timestamp=2016-02-23T12:46:24Z&Version=2014-05-26&ServiceModule=open_api

Step 2 — String to sign:

GET&%2F&AccessKeyId%3Dtestid%26Action%3DDescribeKeywordLib%26Format%3DXML%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3D3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf%26SignatureVersion%3D1.0%26Timestamp%3D2016-02-23T12%253A46%253A24Z%26Version%3D2014-05-26%26ServiceModule%3Dopen_api

Step 3 — Calculated signature (key is testsecret&):

OLeaidS1JvxuMvnyHOwuJ+uX5qY=

Step 4 — Final signed URL (RFC 3986-encoded signature: OLeaidS1JvxuMvnyHOwuJ%2BuX5qY%3D):

http://green.cn-shanghai.aliyuncs.com/?SignatureVersion=1.0&Action=DescribeKeywordLib&Format=XML&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&Version=2014-05-26&AccessKeyId=testid&Signature=OLeaidS1JvxuMvnyHOwuJ%2BuX5qY%3D&SignatureMethod=HMAC-SHA1&Timestamp=2016-02-23T12%253A46%253A24Z&ServiceModule=open_api

Send this URL with a browser, curl, or wget to call DescribeKeywordLib and list your custom keyword libraries.

Example 2: Java implementation

This example stores request parameters in a Map<String, String> and builds the signed URL programmatically.

// Step 1: Define encoding helpers

private static final String ENCODING = "UTF-8";
private static String percentEncode(String value) throws UnsupportedEncodingException {
  return value != null ? URLEncoder.encode(value, ENCODING).replace("+", "%20").replace("*", "%2A").replace("%7E", "~") : null;
}

// Timestamp must be in ISO 8601 format, UTC
private static final String ISO8601_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
private static String formatIso8601Date(Date date) {
  SimpleDateFormat df = new SimpleDateFormat(ISO8601_DATE_FORMAT);
  df.setTimeZone(new SimpleTimeZone(0, "GMT"));
  return df.format(date);
}

// Step 2: Build the request parameters

final String HTTP_METHOD = "GET";
Map<String, String> parameters = new HashMap<>();
parameters.put("Action", "DescribeKeywordLib");
parameters.put("Version", "2017-08-23");
parameters.put("AccessKeyId", "testid");
parameters.put("Timestamp", formatIso8601Date(new Date()));
parameters.put("SignatureMethod", "HMAC-SHA1");
parameters.put("SignatureVersion", "1.0");
parameters.put("SignatureNonce", UUID.randomUUID().toString());
parameters.put("Format", "XML");
parameters.put("ServiceModule", "open_api");

// Sort parameters alphabetically
String[] sortedKeys = parameters.keySet().toArray(new String[]{});
Arrays.sort(sortedKeys);

// Build the canonicalized query string
final String SEPARATOR = "&";
StringBuilder canonicalizedQueryString = new StringBuilder();
for (String key : sortedKeys) {
  canonicalizedQueryString.append("&")
    .append(percentEncode(key)).append("=")
    .append(percentEncode(parameters.get(key)));
}

// Build StringToSign
StringBuilder stringToSign = new StringBuilder();
stringToSign.append(HTTP_METHOD).append(SEPARATOR);
stringToSign.append(percentEncode("/")).append(SEPARATOR);
stringToSign.append(percentEncode(canonicalizedQueryString.toString().substring(1)));

// Step 3: Calculate the signature
// Key = AccessKeySecret + "&"

final String ALGORITHM = "HmacSHA1";
String signingKey = "testsecret&";
Mac mac = Mac.getInstance(ALGORITHM);
mac.init(new SecretKeySpec(signingKey.getBytes(ENCODING), ALGORITHM));
byte[] signData = mac.doFinal(stringToSign.toString().getBytes(ENCODING));
String signature = new String(Base64.encodeBase64(signData));

After appending the RFC 3986-encoded signature as the Signature parameter, the final URL matches the one in example 1. Send the request using a browser, curl, or wget.

API responses

Response formats and fields vary by operation. Click an operation in the API overview to see its response definition.

What's next

API overview — Browse all available API operations
SDK overview — Use an SDK to skip manual request signing