Note: You do not need to calculate signatures yourself because you can use our server-side software development kits (SDKs). For more information, see the Android SDK Guide, iOS SDK Guide, or HarmonyOS SDK Guide.
The Mobile Push service authenticates every request. All requests, whether submitted over HTTP or HTTPS, must include a signature. Mobile Push uses an Access Key ID and an Access Key Secret with symmetric encryption to verify the identity of the sender.
Obtain the AccessKey pair for a RAM user
To secure your Alibaba Cloud services, create a Resource Access Management (RAM) user and grant it permissions to access Mobile Push resources. Obtain the AccessKey pair for the RAM user and use the pair to call the Mobile Push OpenAPI.
Follow these steps to obtain an AccessKey pair for a RAM user:
Manage RAM user permissions and grant the RAM user permission to manage Mobile Push.
Follow these steps to sign a request:
Construct a canonicalized query string from the request parameters. a. Sort all request parameters, including common and operation-specific parameters, in alphabetical order by parameter name. Do not include the Signature parameter.
Note: This sorting is case-sensitive.
Note: For GET requests, the parameters are in the query string of the request URL. The query string is the portion of the URL that follows the question mark (?) and consists of key-value pairs separated by ampersands (&). b. URL-encode the name and value of each request parameter using the UTF-8 character set. The encoding rules are as follows: i. Do not encode uppercase letters (A-Z), lowercase letters (a-z), digits (0-9), hyphens (-), underscores (_), periods (.), or tildes (~). ii. Encode other characters into the "%XY" format, where XY is the hexadecimal representation of the character's ASCII code. For example, the double quotation mark (") is encoded as %22. iii. Encode extended UTF-8 characters into the "%XY%ZA..." format. iv. A space character ( ) must be encoded as %20, not as a plus sign (+). Note: Most URL encoding libraries, such as java.net.URLEncoder in Java, follow the application/x-www-form-urlencoded Multipurpose Internet Mail Extensions (MIME) type rules. If you use one of these libraries, you must replace the plus sign (+) with %20, the asterisk (*) with %2A, and %7E with a tilde (~) in the encoded string to meet the required format. c. Join the encoded parameter name and its value with an equal sign (=). d. Join the key-value pair strings from the previous step with ampersands (&) in the same alphabetical order of the parameter names. The resulting string is the canonicalized query string.
Construct the string to sign (`StringToSign`) using the canonicalized query string from the previous step, as follows:
StringToSign= HTTPMethod + “&” + percentEncode(“/”) + ”&” + percentEncode(CanonicalizedQueryString)`HTTPMethod` is the HTTP method of the request, such as GET. `percentEncode("/")` is the encoded value of the forward slash character (`/`), which is `%2F`. `percentEncode(CanonicalizedQueryString)` is the encoded value of the canonicalized query string from step 1. Both values must be encoded based on the URL encoding rules described in step 1.b.Calculate the HMAC value of the StringToSign as defined in RFC 2104. Note: Use your Access Key Secret followed by an ampersand (&) as the key for the HMAC calculation. The hash algorithm is SHA1.
Base64-encode the HMAC value from the previous step. The resulting string is the signature.
Add the signature to the request as the
Signatureparameter.
Note: Before you submit the request, the signature and all other parameter values must be URL-encoded as specified in RFC 3986.
For example, for a GetDeviceInfos operation, the request URL before signing is:
http://cloudpush.aliyuncs.com/?Format=XML&AccessKeyId=testid&Action=GetDeviceInfos&SignatureMethod=HMAC-SHA1&RegionId=cn-hangzhou&Devices=e2ba19de97604f55b165576736477b74%2C92a1da34bdfd4c9692714917ce22d53d&SignatureNonce=c4f5f0de-b3ff-4528-8a89-fa478bda8d80&SignatureVersion=1.0&Version=2016-08-01&AppKey=23267207&Timestamp=2016-03-29T03%3A59%3A24ZThe StringToSign is:
GET&%2F&AccessKeyId%3Dtestid%26Action%3DGetDeviceInfos%26AppKey%3D23267207%26Devices%3De2ba19de97604f55b165576736477b74%252C92a1da34bdfd4c9692714917ce22d53d%26Format%3DXML%26RegionId%3Dcn-hangzhou%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3Dc4f5f0de-b3ff-4528-8a89-fa478bda8d80%26SignatureVersion%3D1.0%26Timestamp%3D2016-03-29T03%253A59%253A24Z%26Version%3D2016-08-01
If your Access Key ID is "testid" and your Access Key Secret is "testsecret", the key for the HMAC calculation is "testsecret&". The resulting signature is:
D6ldYxo/chwOlfv8Ug8REyWU0mk=The signed request URL, which includes the Signature parameter, is:
http://cloudpush.aliyuncs.com/?Format=XML&AccessKeyId=testid&Action=GetDeviceInfos&SignatureMethod=HMAC-SHA1&RegionId=cn-hangzhou&Devices=e2ba19de97604f55b165576736477b74%2C92a1da34bdfd4c9692714917ce22d53d&SignatureNonce=c4f5f0de-b3ff-4528-8a89-fa478bda8d80&SignatureVersion=1.0&Version=2016-08-01&AppKey=23267207&Signature=D6ldYxo%2FchwOlfv8Ug8REyWU0mk%3D&Timestamp=2016-03-29T03%3A59%3A24Z