Authorization Method

Last Updated on : 2024-09-10 08:41:29

This topic describes how to verify the signature in an API request, and how to assign a token to the third-party cloud service that passes the authentication. The APIs follow the standards of the OAuth 2.0 authentication protocol and use an implicit authentication method.

Procedure

To authorize a third-party cloud service that issues an API request, perform the following steps:

  1. Convert the values of client_id and secret into a signature and verify the signature.

    To view the values of client_id and secret, see View the project information of Quick Start. For more information about how to generate a signature, see Sign Requests.

  2. The platform returns a token to the application or the third-party cloud service after the authentication is passed.

    Authorization Method

Permissions

The API gateway grants developer permissions to the application or the third-party cloud service. With the token, you can only manage resources on which you have permissions. For example:

  • Application user data for developers
  • Device data for developer products
  • Data of the devices that are associated with developer application accounts

Authorization example

See the signature examples in Sign Requests.