请求签名

为了保证请求的完整性和安全性,防止数据被篡改或伪造,对于每一次HTTP或者HTTPS协议请求,阿里云视觉智能开放平台通过AccessKey ID和AccessKey Secret对称加密方式,根据访问中的签名信息验证请求访问者的身份。其中,AccessKey ID是访问者身份,AccessKey Secret是加密签名字符串和服务器端验证签名字符串的密钥,必须严格保密,谨防泄露。

说明

阿里云视觉智能开放平台各类目视觉AI能力API接入、接口使用或问题咨询等,请通过钉钉群(23109592)加入阿里云视觉智能开放平台咨询群联系我们。

签名流程

  1. 指定请求参数。

    在代码中指定请求参数,参数中需要包含公共请求头和接口必备的参数信息。

    说明

    请求参数中不允许出现以Signature为key的参数。

    示例代码如下:

    // 创建AccessKey ID和AccessKey Secret,请参见:https://help.aliyun.com/document_detail/175144.html
    // 如果您使用的是RAM用户的AccessKey,还需要为子账号授予权限AliyunVIAPIFullAccess,请参见:https://help.aliyun.com/document_detail/145025.html
    // 从环境变量读取配置的AccessKey ID和AccessKey Secret。运行代码示例前必须先配置环境变量。
    String accessKeyId = System.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID");
    String accessKeySecret = System.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET"); 
    java.text.SimpleDateFormat df = new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
    df.setTimeZone(new java.util.SimpleTimeZone(0, "GMT"));// 这里一定要设置GMT时区
    java.util.Map<String, String> params = new java.util.HashMap<String, String>();

    指定参数:

    params.put("SignatureMethod", "HMAC-SHA1");
    params.put("SignatureNonce", java.util.UUID.randomUUID().toString());
    params.put("AccessKeyId", accessKeyId);
    params.put("SignatureVersion", "1.0");
    params.put("Timestamp", df.format(new java.util.Date()));
    params.put("Format", "JSON");
    params.put("RegionId", "cn-shanghai");
    // API版本,与类目相关,具体类目的API版本请参考:https://help.aliyun.com/document_detail/464194.html
    params.put("Version", "2019-09-30");
    // API Action,能力名称,请参考具体算法文档详情页中的Action参数,这里以图像超分为例:https://help.aliyun.com/document_detail/151947.html
    params.put("Action", "MakeSuperResolutionImage");
    // 下面是业务参数,业务参数指的是具体算法文档请求参数中除了Action参数之外的参数
    // 注意,使用签名机制调用,文件参数目前仅支持上海OSS链接,可参考https://help.aliyun.com/document_detail/175142.html文档将文件放入上海OSS中。如果是其他情况(如本地文件或者其他链接),请先显式地转换成上海OSS链接,可参考https://help.aliyun.com/document_detail/155645.html文档中的方式二,但该方案不支持web前端环境直接调用。
    params.put("Url", "http://viapi-demo.oss-cn-shanghai.aliyuncs.com/viapi-demo/images/MakeSuperResolution/sup-dog.png");
    // 对于数组类字段,需要将参数中的N改为从1开始的连续的具体数字,比如参数Tasks.N.ImageURL,需要输入两张图片,则为
    // params.put("Tasks.1.ImageURL", "http://viapi-test.oss-cn-shanghai.aliyuncs.com/viapi-3.0domepic/facebody/DetectLivingFace/DetectLivingFace11.jpg");
    // params.put("Tasks.2.ImageURL", "http://viapi-test.oss-cn-shanghai.aliyuncs.com/viapi-3.0domepic/facebody/DetectLivingFace/DetectLivingFace13.jpg");

    去除签名关键字Key:

    if (paras.containsKey("Signature")) {
    paras.remove("Signature");
    }
  2. 根据参数Key排序(顺序)。

    参考代码如下:

    java.util.TreeMap<String, String> sortParas = new java.util.TreeMap<String, String>();
    sortParas.putAll(paras);
  3. 构造待签名的请求串。

    首先介绍下面会用到的特殊URL编码,这个是POP特殊的一种规则,即在一般的URLEncode后再增加如下三种字符替换。

    • 加号+替换为%20

    • 星号*替换为%2A

    • 波浪号~替换为%7E

    参考代码如下:

    public static String specialUrlEncode(String value) throws Exception {
        return java.net.URLEncoder.encode(value, "UTF-8").replace("+", "%20").replace("*", "%2A").replace("~", "%7E");
    }    

    构造待签名的请求串,把排序后的参数顺序拼接成如下格式:

    "&" + specialUrlEncode(参数Key) + "=" + specialUrlEncode(参数值)

    参考代码如下:

    java.util.Iterator<String> it = sortParas.keySet().iterator();
    StringBuilder sortQueryStringTmp = new StringBuilder();
    while (it.hasNext()) {
        String key = it.next();
        sortQueryStringTmp.append("&").append(specialUrlEncode(key)).append("=").append(specialUrlEncode(paras.get(key)));
    }
    String sortedQueryString = sortQueryStringTmp.substring(1);// 去除第一个多余的&符号

    打印上面的sortQueryString。结果如下:

    AccessKeyId=yourAccessId&Action=MakeSuperResolutionImage&Format=JSON&RegionId=cn-shanghai&SignatureMethod=HMAC-SHA1&SignatureNonce=4a816d44-6186-4f7e-a45f-ba1b3ed73aed&SignatureVersion=1.0&Timestamp=2019-12-07T13%3A28%3A52Z&Url=http%3A%2F%2Fviapi-demo.oss-cn-shanghai.aliyuncs.com%2Fviapi-demo%2Fimages%2FMakeSuperResolution%2Fsup-dog.png&Version=2019-09-30

    对应的未进行URL编码的值(方便进行对比):

    AccessKeyId=yourAccessId&Action=MakeSuperResolutionImage&Format=JSON&RegionId=cn-shanghai&SignatureMethod=HMAC-SHA1&SignatureNonce=4a816d44-6186-4f7e-a45f-ba1b3ed73aed&SignatureVersion=1.0&Timestamp=2019-12-07T13:28:52Z&Url=http://viapi-demo.oss-cn-shanghai.aliyuncs.com/viapi-demo/images/MakeSuperResolution/sup-dog.png&Version=2019-09-30

    按POP的签名规则拼接成最终的待签名串。规则如下:

    HTTPMethod + “&” + specialUrlEncode(“/”) + ”&” + specialUrlEncode(sortedQueryString)

    参考代码如下:

    StringBuilder stringToSign = new StringBuilder();
    stringToSign.append("POST").append("&");
    stringToSign.append(specialUrlEncode("/")).append("&");
    stringToSign.append(specialUrlEncode(sortedQueryString));

    这就完成了待签名的请求字符串。结果如下:

    POST&%2F&AccessKeyId%3DyourAccessId&Action%3DMakeSuperResolutionImage&Format%3DJSON&RegionId%3Dcn-shanghai&SignatureMethod%3DHMAC-SHA1&SignatureNonce%3D4a816d44-6186-4f7e-a45f-ba1b3ed73aed&SignatureVersion%3D1.0&Timestamp%3D2019-12-07T13%253A28%253A52Z&Url%3Dhttp%253A%252F%252Fviapi-demo.oss-cn-shanghai.aliyuncs.com%252Fviapi-demo%252Fimages%252FMakeSuperResolution%252Fsup-dog.png&Version%3D2019-09-30
  4. 进行签名。

    签名采用HmacSHA1算法+Base64,编码采用UTF-8。使用AccessKeySecret进行加密,参考代码如下:

    String sign = sign(accessSecret + "&", stringToSign.toString());
    public static String sign(String accessSecret, String stringToSign) throws Exception {
        javax.crypto.Mac mac = javax.crypto.Mac.getInstance("HmacSHA1");
        mac.init(new javax.crypto.spec.SecretKeySpec(accessSecret.getBytes("UTF-8"), "HmacSHA1"));
        byte[] signData = mac.doFinal(stringToSign.getBytes("UTF-8"));
        return new sun.misc.BASE64Encoder().encode(signData);
    }     

    参数

    说明

    accessSecret

    您的AccessKeyID对应的密钥AccessKeySecret。

    说明

    POP要求后面多加一个and(&)字符,即accessSecret + “&”。

    stringToSign

    第三步生成的待签名请求串。

    签名后的结果如下:

    poMnQhB2W5xndjcsW5VZjSdkvnU=
  5. 增加签名结果到请求参数中,发送请求。

    String Signature = specialUrlEncode(sign);// poMnQhB2W5xndjcsW5VZjSdkvnU%3D
    说明

    签名也要做特殊URL编码。

    最终完整的POST请求HTTP为:

    http://imageenhan.cn-shanghai.aliyuncs.com/?Signature=poMnQhB2W5xndjcsW5VZjSdkvnU%3D&AccessKeyId=yourAccessId&Action=MakeSuperResolutionImage&Format=JSON&RegionId=cn-shanghai&SignatureMethod=HMAC-SHA1&SignatureNonce=4a816d44-6186-4f7e-a45f-ba1b3ed73aed&SignatureVersion=1.0&Timestamp=2019-12-07T13%3A28%3A52Z&Url=http%3A%2F%2Fviapi-demo.oss-cn-shanghai.aliyuncs.com%2Fviapi-demo%2Fimages%2FMakeSuperResolution%2Fsup-dog.png&Version=2019-09-30
    说明

    imageenhan.cn-shanghai.aliyuncs.com是图像生产的访问域名,不同类目的访问域名是不同的,具体类目的API访问域名,请参见访问域名

JAVA示例

简单参数示例

以图像超分(MakeSuperResolutionImage)为例,完整的Java签名代码示例如下。

import java.net.URI;
import java.util.HashMap;
import java.util.Map;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;

public class SignDemo {
    // HTTPMethod推荐使用POST
    static final String API_HTTP_METHOD = "POST";
    // API访问域名,与类目相关,具体类目的API访问域名请参考:https://help.aliyun.com/document_detail/143103.html
    static final String API_ENDPOINT = "imageenhan.cn-shanghai.aliyuncs.com";
    // API版本,与类目相关,具体类目的API版本请参考:https://help.aliyun.com/document_detail/464194.html
    static final String API_VERSION = "2019-09-30";
    static final java.text.SimpleDateFormat DF = new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
    public static void main(String[] args) throws Exception {
        // 创建AccessKey ID和AccessKey Secret,请参见:https://help.aliyun.com/document_detail/175144.html
        // 如果您使用的是RAM用户的AccessKey,还需要为子账号授予权限AliyunVIAPIFullAccess,请参见:https://help.aliyun.com/document_detail/145025.html
        // 从环境变量读取配置的AccessKey ID和AccessKey Secret。运行代码示例前必须先配置环境变量。
        String accessKeyId = System.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID");
        String accessSecret = System.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET");
        DF.setTimeZone(new java.util.SimpleTimeZone(0, "GMT"));// 这里一定要设置GMT时区
        // 业务参数名字是大驼峰
        Map<String, String> params = new HashMap<>();
        // 注意,使用签名机制调用,文件参数目前仅支持上海OSS链接,可参考https://help.aliyun.com/document_detail/175142.html文档将文件放入上海OSS中。如果是其他情况(如本地文件或者其他链接),请先显式地转换成上海OSS链接,可参考https://help.aliyun.com/document_detail/155645.html文档中的方式二,但该方案不支持web前端环境直接调用。
        params.put("Url", "http://viapi-demo.oss-cn-shanghai.aliyuncs.com/viapi-demo/images/MakeSuperResolution/sup-dog.png");
        // API Action,能力名称,请参考具体算法文档详情页中的Action参数,这里以图像超分为例:https://help.aliyun.com/document_detail/151947.html
        String action = "MakeSuperResolutionImage";
        execute(action, accessKeyId, accessSecret, params);
    }
    public static void execute(String action, String accessKeyId, String accessSecret, Map<String, String> bizParams) throws Exception {
        java.util.Map<String, String> params = new java.util.HashMap<String, String>();
        // 1. 系统参数
        params.put("SignatureMethod", "HMAC-SHA1");
        params.put("SignatureNonce", java.util.UUID.randomUUID().toString());//防止重放攻击
        params.put("AccessKeyId", accessKeyId);
        params.put("SignatureVersion", "1.0");
        params.put("Timestamp", DF.format(new java.util.Date()));
        params.put("Format", "JSON");
        // 2. 业务API参数
        params.put("RegionId", "cn-shanghai");
        params.put("Version", API_VERSION);
        params.put("Action", action);
        if (bizParams != null && !bizParams.isEmpty()) {
            params.putAll(bizParams);
        }
        // 3. 去除签名关键字Key
        if (params.containsKey("Signature")) {
            params.remove("Signature");
        }
        // 4. 参数KEY排序
        java.util.TreeMap<String, String> sortParams = new java.util.TreeMap<String, String>();
        sortParams.putAll(params);
        // 5. 构造待签名的字符串
        java.util.Iterator<String> it = sortParams.keySet().iterator();
        StringBuilder sortQueryStringTmp = new StringBuilder();
        while (it.hasNext()) {
            String key = it.next();
            sortQueryStringTmp.append("&").append(specialUrlEncode(key)).append("=").append(specialUrlEncode(params.get(key)));
        }
        String sortedQueryString = sortQueryStringTmp.substring(1);// 去除第一个多余的&符号
        StringBuilder stringToSign = new StringBuilder();
        stringToSign.append(API_HTTP_METHOD).append("&");
        stringToSign.append(specialUrlEncode("/")).append("&");
        stringToSign.append(specialUrlEncode(sortedQueryString));
        String sign = sign(accessSecret + "&", stringToSign.toString());
        // 6. 签名最后也要做特殊URL编码
        String signature = specialUrlEncode(sign);
        System.out.println(params.get("SignatureNonce"));
        System.out.println("\r\n=========\r\n");
        System.out.println(params.get("Timestamp"));
        System.out.println("\r\n=========\r\n");
        System.out.println(sortedQueryString);
        System.out.println("\r\n=========\r\n");
        System.out.println(stringToSign.toString());
        System.out.println("\r\n=========\r\n");
        System.out.println(sign);
        System.out.println("\r\n=========\r\n");
        System.out.println(signature);
        System.out.println("\r\n=========\r\n");
        // 最终生成出合法请求的URL
        System.out.println("http://" + API_ENDPOINT + "/?Signature=" + signature + sortQueryStringTmp);

        // 添加直接做post请求的方法
        try {
            // 使用生成的 URL 创建POST请求
            URIBuilder builder = new URIBuilder("http://" + API_ENDPOINT + "/?Signature=" + signature + sortQueryStringTmp);
            URI uri = builder.build();
            HttpPost request = new HttpPost(uri);
            HttpClient httpclient = HttpClients.createDefault();
            HttpResponse response = httpclient.execute(request);
            HttpEntity entity = response.getEntity();
            if (entity != null) {
                System.out.println(EntityUtils.toString(entity));
            }
        } catch (Exception e) {
            System.out.println(e.getMessage());
        }
    }
    public static String specialUrlEncode(String value) throws Exception {
        return java.net.URLEncoder.encode(value, "UTF-8").replace("+", "%20").replace("*", "%2A").replace("%7E", "~");
    }
    public static String sign(String accessSecret, String stringToSign) throws Exception {
        javax.crypto.Mac mac = javax.crypto.Mac.getInstance("HmacSHA1");
        mac.init(new javax.crypto.spec.SecretKeySpec(accessSecret.getBytes("UTF-8"), "HmacSHA1"));
        byte[] signData = mac.doFinal(stringToSign.getBytes("UTF-8"));
        return new sun.misc.BASE64Encoder().encode(signData);
    }
}              

数组参数示例

以人脸活体检测(DetectLivingFace)为例,完整的Java签名代码示例如下。

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;

import java.net.URI;
import java.util.HashMap;
import java.util.Map;

public class SignDemo {

    // HTTPMethod推荐使用POST
    static final String API_HTTP_METHOD = "POST";
    // API访问域名,与类目相关,具体类目的API访问域名请参考:https://help.aliyun.com/document_detail/143103.html
    static final String API_ENDPOINT = "facebody.cn-shanghai.aliyuncs.com";
    // API版本,与类目相关,具体类目的API版本请参考:https://help.aliyun.com/document_detail/464194.html
    static final String API_VERSION = "2019-12-30";
    static final java.text.SimpleDateFormat DF = new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
    public static void main(String[] args) throws Exception {
        // 创建AccessKey ID和AccessKey Secret,请参见:https://help.aliyun.com/document_detail/175144.html
        // 如果您使用的是RAM用户的AccessKey,还需要为子账号授予权限AliyunVIAPIFullAccess,请参见:https://help.aliyun.com/document_detail/145025.html
        // 从环境变量读取配置的AccessKey ID和AccessKey Secret。运行代码示例前必须先配置环境变量。
        String accessKeyId = System.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID");
        String accessSecret = System.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET");
        DF.setTimeZone(new java.util.SimpleTimeZone(0, "GMT"));// 这里一定要设置GMT时区
        // 业务参数名字是大驼峰
        Map<String, String> params = new HashMap<>();
        // 注意,使用签名机制调用,文件参数目前仅支持上海OSS链接,可参考https://help.aliyun.com/document_detail/175142.html文档将文件放入上海OSS中。如果是其他情况(如本地文件或者其他链接),请先显式地转换成上海OSS链接,可参考https://help.aliyun.com/document_detail/155645.html文档中的方式二,但该方案不支持web前端环境直接调用。
        // 对于数组类字段,需要将参数中的N改为从1开始的连续的具体数字,比如参数Tasks.N.ImageURL,需要输入两张图片,则为
        params.put("Tasks.1.ImageURL", "http://viapi-test.oss-cn-shanghai.aliyuncs.com/viapi-3.0domepic/facebody/DetectLivingFace/DetectLivingFace11.jpg");
        params.put("Tasks.2.ImageURL", "http://viapi-test.oss-cn-shanghai.aliyuncs.com/viapi-3.0domepic/facebody/DetectLivingFace/DetectLivingFace13.jpg");
        // API Action,能力名称,请参考具体算法文档详情页中的Action参数,这里以人脸活体检测为例:https://help.aliyun.com/document_detail/151947.html
        String action = "DetectLivingFace";
        execute(action, accessKeyId, accessSecret, params);
    }
    public static void execute(String action, String accessKeyId, String accessSecret, Map<String, String> bizParams) throws Exception {
        java.util.Map<String, String> params = new java.util.HashMap<String, String>();
        // 1. 系统参数
        params.put("SignatureMethod", "HMAC-SHA1");
        params.put("SignatureNonce", java.util.UUID.randomUUID().toString());//防止重放攻击
        params.put("AccessKeyId", accessKeyId);
        params.put("SignatureVersion", "1.0");
        params.put("Timestamp", DF.format(new java.util.Date()));
        params.put("Format", "JSON");
        // 2. 业务API参数
        params.put("RegionId", "cn-shanghai");
        params.put("Version", API_VERSION);
        params.put("Action", action);
        if (bizParams != null && !bizParams.isEmpty()) {
            params.putAll(bizParams);
        }
        // 3. 去除签名关键字Key
        if (params.containsKey("Signature")) {
            params.remove("Signature");
        }
        // 4. 参数KEY排序
        java.util.TreeMap<String, String> sortParams = new java.util.TreeMap<String, String>();
        sortParams.putAll(params);
        // 5. 构造待签名的字符串
        java.util.Iterator<String> it = sortParams.keySet().iterator();
        StringBuilder sortQueryStringTmp = new StringBuilder();
        while (it.hasNext()) {
            String key = it.next();
            sortQueryStringTmp.append("&").append(specialUrlEncode(key)).append("=").append(specialUrlEncode(params.get(key)));
        }
        String sortedQueryString = sortQueryStringTmp.substring(1);// 去除第一个多余的&符号
        StringBuilder stringToSign = new StringBuilder();
        stringToSign.append(API_HTTP_METHOD).append("&");
        stringToSign.append(specialUrlEncode("/")).append("&");
        stringToSign.append(specialUrlEncode(sortedQueryString));
        String sign = sign(accessSecret + "&", stringToSign.toString());
        // 6. 签名最后也要做特殊URL编码
        String signature = specialUrlEncode(sign);
        System.out.println(params.get("SignatureNonce"));
        System.out.println("\r\n=========\r\n");
        System.out.println(params.get("Timestamp"));
        System.out.println("\r\n=========\r\n");
        System.out.println(sortedQueryString);
        System.out.println("\r\n=========\r\n");
        System.out.println(stringToSign.toString());
        System.out.println("\r\n=========\r\n");
        System.out.println(sign);
        System.out.println("\r\n=========\r\n");
        System.out.println(signature);
        System.out.println("\r\n=========\r\n");
        // 最终生成出合法请求的URL
        System.out.println("http://" + API_ENDPOINT + "/?Signature=" + signature + sortQueryStringTmp);

        // 添加直接做post请求的方法
        try {
            // 使用生成的 URL 创建POST请求
            URIBuilder builder = new URIBuilder("http://" + API_ENDPOINT + "/?Signature=" + signature + sortQueryStringTmp);
            URI uri = builder.build();
            HttpPost request = new HttpPost(uri);
            HttpClient httpclient = HttpClients.createDefault();
            HttpResponse response = httpclient.execute(request);
            HttpEntity entity = response.getEntity();
            if (entity != null) {
                System.out.println(EntityUtils.toString(entity));
            }
        } catch (Exception e) {
            System.out.println(e.getMessage());
        }
    }
    public static String specialUrlEncode(String value) throws Exception {
        return java.net.URLEncoder.encode(value, "UTF-8").replace("+", "%20").replace("*", "%2A").replace("%7E", "~");
    }
    public static String sign(String accessSecret, String stringToSign) throws Exception {
        javax.crypto.Mac mac = javax.crypto.Mac.getInstance("HmacSHA1");
        mac.init(new javax.crypto.spec.SecretKeySpec(accessSecret.getBytes("UTF-8"), "HmacSHA1"));
        byte[] signData = mac.doFinal(stringToSign.getBytes("UTF-8"));
        return new sun.misc.BASE64Encoder().encode(signData);
    }

}                

PHP示例

简单参数示例

以图像超分(MakeSuperResolutionImage)为例,完整的PHP签名代码示例如下。

<?php


date_default_timezone_set("GMT");// 这里一定要设置GMT时区
class SignDemo
{
    // HTTPMethod推荐使用POST
    const API_HTTP_METHOD = "POST";
    // API访问域名,与类目相关,具体类目的API访问域名请参考:https://help.aliyun.com/document_detail/143103.html
    const API_ENDPOINT = "imageenhan.cn-shanghai.aliyuncs.com";
    // API版本,与类目相关,具体类目的API版本请参考:https://help.aliyun.com/document_detail/464194.html
    const API_VERSION = "2019-09-30";
    const DF = "Y-m-d\TH:i:s\Z";

    private $accessKeyId;
    private $accessSecret;

    public function __construct($accessKeyId, $accessSecret) {
        $this->accessKeyId = $accessKeyId;
        $this->accessSecret = $accessSecret;
    }

    public function execute($action, $bizParams) {
        $params = array(
            // 1. 系统参数
            "SignatureMethod" => "HMAC-SHA1",
            "SignatureNonce" => uniqid(),
            "AccessKeyId" => $this->accessKeyId,
            "SignatureVersion" => "1.0",
            "Timestamp" => gmdate(self::DF),
            "Format" => "JSON",
            // 2. 业务API参数
            "RegionId" => "cn-shanghai",
            "Version" => self::API_VERSION,
            "Action" => $action
        );

        if (!empty($bizParams)) {
            $params = array_merge($params, $bizParams);
        }

        unset($params["Signature"]);

        ksort($params);
        // 3. 构造待签名的字符串
        $sortedQueryStringTmp = "";
        foreach ($params as $key => $value) {
            $sortedQueryStringTmp .= "&" . $this->specialUrlEncode($key) . "=" . $this->specialUrlEncode($value);
        }
        $sortedQueryString = substr($sortedQueryStringTmp, 1);// 去除第一个多余的&符号
        // 4. 签名最后也要做特殊URL编码
        $stringToSign = self::API_HTTP_METHOD . "&" . $this->specialUrlEncode("/") . "&" . $this->specialUrlEncode($sortedQueryString);
        $signature = $this->specialUrlEncode($this->sign($this->accessSecret . "&", $stringToSign));
        
        // 5、最终生成出合法请求的URL
        $requestUrl = "http://" . self::API_ENDPOINT . "/?Signature=" . $signature . $sortedQueryStringTmp;
        echo $requestUrl . "\n";

        try {
            $context = stream_context_create(array(
                'http' => array(
                    'method' => 'POST',
                    'ignore_errors' => true,
                )
            ));
            $response = file_get_contents($requestUrl, false, $context);
            echo $response;
        } catch (Exception $e) {
            echo $e->getMessage();
        }
    }

    private function specialUrlEncode($value) {
        return str_replace(array("+", "*", "%7E"), array("%20", "%2A", "~"), rawurlencode($value));
    }

    private function sign($accessSecret, $stringToSign) {
        return base64_encode(hash_hmac("sha1", $stringToSign, $accessSecret, true));
    }
}

// 业务参数名字是大驼峰
// 注意,使用签名机制调用,文件参数目前仅支持上海OSS链接,可参考https://help.aliyun.com/document_detail/175142.html文档将文件放入上海OSS中。如果是其他情况(如本地文件或者其他链接),请先显式地转换成上海OSS链接,可参考https://help.aliyun.com/document_detail/155645.html文档中的方式二,但该方案不支持web前端环境直接调用。
$bizParams = array("Url" => "http://viapi-demo.oss-cn-shanghai.aliyuncs.com/viapi-demo/images/MakeSuperResolution/sup-dog.png");
// API Action,能力名称,请参考具体算法文档详情页中的Action参数,这里以图像超分为例:https://help.aliyun.com/document_detail/151947.html
$action = "MakeSuperResolutionImage";

// 创建AccessKey ID和AccessKey Secret,请参见:https://help.aliyun.com/document_detail/175144.html
// 如果您使用的是RAM用户的AccessKey,还需要为子账号授予权限AliyunVIAPIFullAccess,请参见:https://help.aliyun.com/document_detail/145025.html
// 从环境变量读取配置的AccessKey ID和AccessKey Secret。运行代码示例前必须先配置环境变量。
$signDemo = new SignDemo(getenv('ALIBABA_CLOUD_ACCESS_KEY_ID'), getenv('ALIBABA_CLOUD_ACCESS_KEY_SECRET'));
$signDemo->execute($action, $bizParams);

?>