Tablestore uses symmetric signatures to verify that a request is sent by its owner and that a response originates from Tablestore.
Preparations
After you create an account on Alibaba Cloud, you can create an AccessKey pair in the Alibaba Cloud Management Console or the Resource Access Management (RAM) console. An AccessKey is a permanent access credential provided by Alibaba Cloud. It is a key pair that consists of an AccessKey ID and an AccessKey secret.
AccessKey ID: Identifies a user.
AccessKey secret: A password used to verify your ownership of the AccessKey ID. It is the key used to sign and verify requests and responses.
For more information, see Create an AccessKey.
User request verification
A user sends a request to Tablestore. The request must include the request plaintext, the AccessKey ID, and a signature. The signature is generated using the AccessKey secret to sign specific information from the request plaintext.
After receiving a request, Tablestore retrieves the corresponding AccessKey secret based on the AccessKey ID and signs the plaintext in the same manner.
If the calculated Captcha matches the provided Captcha, the request is considered valid.
Tablestore response verification
To verify a response from Tablestore, you can perform the same calculation. If your calculated signature matches the signature in the Tablestore response, the response is considered valid.