Request method

更新时间:
复制 MD 格式

WAF API operations use the RPC protocol. Send HTTP GET requests to a WAF endpoint, and the system returns a response. Both the request and response are encoded in UTF-8.

Request syntax

The request URL follows this structure:

https://Endpoint/?Action=xx&Parameters
ComponentDescription
EndpointThe WAF API endpoint. Varies by region — see the table below.
ActionThe operation to call. For example, set Action=DescribeDomainNames to retrieve the list of domains added to WAF.
VersionThe API version. The current WAF API version is 2019-09-10.
ParametersThe request parameters for the operation, separated by ampersands (&). Includes both common parameters and operation-specific parameters.

For common parameters (API version and authentication information), see Common parameters.

Endpoints

RegionEndpoint
Chinese mainlandwafopenapi.cn-hangzhou.aliyuncs.com
Outside the Chinese mainlandwafopenapi.ap-southeast-1.aliyuncs.com

Example

The following example calls DescribeDomainNames to retrieve the list of domains added to WAF.

Note

The request is formatted across multiple lines for readability.

https://wafopenapi.cn-hangzhou.aliyuncs.com/?Action=DescribeDomainNames
&Region=cn
&InstanceId=waf_****tm005
&Format=xml
&Version=2019-09-10
&Signature=xxxx%xxxx%3D
&SignatureMethod=HMAC-SHA1
&SignatureNonce=15215528852396
&SignatureVersion=1.0
&AccessKeyId=****
&TimeStamp=2012-06-01T12:00:00Z
...

API authorization

Call the WAF API as a RAM user to protect your account. Create a RAM user account and grant it the required permissions before making API calls.

Signature method

WAF uses symmetric encryption with an AccessKey pair to verify the identity of the request sender. An AccessKey pair consists of:

  • AccessKey ID — identifies the user

  • AccessKey secret — encrypts and verifies the signature string

Keep your AccessKey secret strictly confidential.

Add the signature to the WAF API request in the following format:

https://endpoint/?SignatureVersion=1.0&SignatureMethod=HMAC-SHA1&Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf

Calculate the signature

Using DescribeDomainNames as an example, the original request URL is:

https://wafopenapi.cn-hangzhou.aliyuncs.com/?Action=DescribeDomainNames
&Region=cn
&InstanceId=waf_****tm005
&TimeStamp=2016-02-23T12:46:24Z
&Format=XML
&AccessKeyId=****
&SignatureMethod=HMAC-SHA1
&SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
&Version=2019-09-10
&SignatureVersion=1.0

Calculate the signature as follows:

  1. Compose the string-to-sign from the request parameters.

    GET&%2F&AccessKeyId%3D****&Action%3DDescribeDomainNames&Region%3Dcn&InstanceId%3Dwaf_****tm005&Format%3DXML&SignatureMethod%3DHMAC-SHA1&SignatureNonce%3D3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf&SignatureVersion%3D1.0&TimeStamp%3D2016-02-23T12%253A46%253A24Z&Version%3D2019-09-10
  2. Calculate the HMAC value of the string-to-sign. Append an ampersand (&) to the AccessKey secret and use the result as the key. In this example, the key is testsecret&.

    CT9X0VtwR86fNWSnsc6v8YGOjuE=
  3. Add the Signature parameter to the request.

    https://wafopenapi.cn-hangzhou.aliyuncs.com/?Action=DescribeDomainNames
    &Region=cn
    &InstanceId=waf_****tm005
    &TimeStamp=2016-02-23T12:46:24Z
    &Format=XML
    &AccessKeyId=****
    &SignatureMethod=HMAC-SHA1
    &SignatureNonce=3ee8c1b8-83d3-44af-a94f-4e0ad82fd6cf
    &Version=2019-09-10
    &SignatureVersion=1.0
    &Signature=CT9X0VtwR86fNWSnsc6v8YGOjuE%3D