Learn how to authenticate and call Quick Audience Open Platform APIs.
QA Open Platform API calls
To call Open Platform APIs, you must first create an application in Quick Audience. The system then generates an application ID, AccessKey, and AccessSecret, which are required for all API calls.
Signatures
After your application obtains the required API permissions, append the appId, accessKey, and timestamp parameters to the request URL and add the signed Authorization field to the request header.
Common parameter description
|
Parameter |
Description |
Location |
|
appId |
The application ID from the Open Platform. |
In the request Uniform Resource Identifier (URI) parameters. |
|
accessKey |
The AccessKey of the application from the Open Platform. |
In the request URI parameters. |
|
timestamp |
The current timestamp in milliseconds. |
In the request URI parameters. |
|
Authorization |
The generated signature. |
In the request header. |
Sign the request as follows:
-
Construct a canonicalized query string from the request parameters.
-
Sort all request parameters by name in lexicographical order. This includes both common request parameters and any custom parameters for the specific API. Note: For GET requests, these parameters form the query string of the URI. The query string follows the question mark (?) and uses ampersands (&) as separators. The accessSecret parameter is also required to generate the signature.
-
Encode the parameter names and values in UTF-8.
-
URL-encode all URL parameters.
Code example
The following Java example shows how to generate the signature:
String appId="tttt";
String accessKey = "xxxx";
String accessSecret ="yyyy";
String timeStamp = "1708235644862";
SortedMap<String, String> map = new TreeMap<>();
map.put("appId", appId);
map.put("accessKey", accessKey);
map.put("accessSecret",accessSecret );
map.put("timestamp", timeStamp);
// If it is a GET request with other query parameters, add them here.
String aa = getCanonicalQueryString(map);
System.out.println(aa);
String authorization = org.apache.commons.codec.digest.DigestUtils.md5Hex(aa);
System.out.println(authorization);public static String getCanonicalQueryString(SortedMap<String, String> paramsMap) {
StringBuilder queryString = new StringBuilder();
boolean isFirstParameter = true;
for (Map.Entry<String, String> entry : paramsMap.entrySet()) {
String paramName = entry.getKey();
String value = entry.getValue();
if (!isFirstParameter) {
queryString.append("&");
} else {
isFirstParameter = false;
}
queryString.append(paramName).append("=").append(value);
}
return queryString.toString();
}Example:
curl --location -g --request POST 'http://{Quick Audience public endpoint}/openapi/apipath/xxxx?appId=aaa&accessKey=xxx×tamp=yyy' \
--header 'Authorization: demosign'Quick Audience verifies the signature based on these parameters. If the application does not exist or the signature is incorrect, the request is rejected. For details about other API parameters, see the documentation for each API.
Domain names
|
Environment |
Domain Name |
|
Zhangjiakou |
quicka.aliyun.com |
|
Shanghai |
quicka-shanghai.aliyun.com |
Error codes
|
Error Code |
Error Message |
Description |
|
ES05910010001 |
Application does not exist. |
Confirm that the application exists on the Open Platform. |
|
ES05910010002 |
Incorrect signature. |
Confirm that the signature was generated correctly. |
|
ES05910010003 |
Timestamp verification failed. |
The API call must be made within 30 minutes of the timestamp generation, or the verification fails. |
|
ES05910010004 |
The application does not have permission for this API. |
The application must subscribe to the API before it can be called. |
|
ES05910010005 |
The appId, accessKey, or timestamp parameter is missing or incorrect. |
Verify that the appId, accessKey, and timestamp parameters are included in the request. |