WAF API operations use the RPC protocol. Send HTTP GET requests to a WAF endpoint, and the system returns a response. Both the request and response are encoded in UTF-8.
Request syntax
The request URL follows this structure:
https://Endpoint/?Action=xx&Parameters| Component | Description |
|---|---|
Endpoint | The WAF API endpoint. Varies by region — see the table below. |
Action | The operation to call. For example, set Action=DescribeDomainNames to retrieve the list of domains added to WAF. |
Version | The API version. The current WAF API version is 2019-09-10. |
Parameters | The request parameters for the operation, separated by ampersands (&). Includes both common parameters and operation-specific parameters. |
For common parameters (API version and authentication information), see Common parameters.
Endpoints
| Region | Endpoint |
|---|---|
| Chinese mainland | wafopenapi.cn-hangzhou.aliyuncs.com |
| Outside the Chinese mainland | wafopenapi.ap-southeast-1.aliyuncs.com |
Example
The following example calls DescribeDomainNames to retrieve the list of domains added to WAF.
The request is formatted across multiple lines for readability.
https://wafopenapi.cn-hangzhou.aliyuncs.com/?Action=DescribeDomainNames
&Region=cn
&InstanceId=waf_****tm005
&Format=xml
&Version=2019-09-10
&Signature=xxxx%xxxx%3D
&SignatureMethod=HMAC-SHA1
&SignatureNonce=15215528852396
&SignatureVersion=1.0
&AccessKeyId=****
&TimeStamp=2012-06-01T12:00:00Z
...API authorization
Call the WAF API as a RAM user to protect your account. Create a RAM user account and grant it the required permissions before making API calls.
Signature method
WAF uses symmetric encryption with an AccessKey pair to verify the identity of the request sender. An AccessKey pair consists of:
AccessKey ID — identifies the user
AccessKey secret — encrypts and verifies the signature string
Keep your AccessKey secret strictly confidential.
Add the signature to the WAF API request in the following format:
https://endpoint/?SignatureVersion=1.0&SignatureMethod=HMAC-SHA1&Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cfCalculate the signature
Using DescribeDomainNames as an example, the original request URL is:
https://wafopenapi.cn-hangzhou.aliyuncs.com/?Action=DescribeDomainNames
&Region=cn
&InstanceId=waf_****tm005
&TimeStamp=2016-02-23T12:46:24Z
&Format=XML
&AccessKeyId=****
&SignatureMethod=HMAC-SHA1
&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
&Version=2019-09-10
&SignatureVersion=1.0Calculate the signature as follows:
Compose the string-to-sign from the request parameters.
GET&%2F&AccessKeyId%3D****&Action%3DDescribeDomainNames&Region%3Dcn&InstanceId%3Dwaf_****tm005&Format%3DXML&SignatureMethod%3DHMAC-SHA1&SignatureNonce%3D3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&SignatureVersion%3D1.0&TimeStamp%3D2016-02-23T12%253A46%253A24Z&Version%3D2019-09-10Calculate the HMAC value of the string-to-sign. Append an ampersand (
&) to the AccessKey secret and use the result as the key. In this example, the key istestsecret&.CT9X0VtwR86fNWSnsc6v8YGOjuE=Add the
Signatureparameter to the request.https://wafopenapi.cn-hangzhou.aliyuncs.com/?Action=DescribeDomainNames &Region=cn &InstanceId=waf_****tm005 &TimeStamp=2016-02-23T12:46:24Z &Format=XML &AccessKeyId=**** &SignatureMethod=HMAC-SHA1 &SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf &Version=2019-09-10 &SignatureVersion=1.0 &Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D