mirror of
https://github.com/apache/cloudstack.git
synced 2025-12-19 03:54:03 +01:00
16 lines
3.5 KiB
HTML
16 lines
3.5 KiB
HTML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2. Enabling API Call Expiration</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Apache_CloudStack-API_Developers_Guide-4.0.0-incubating-en-US-1-" /><link rel="home" href="index.html" title="CloudStack API Developer's Guide" /><link rel="up" href="api-calls.html" title="Chapter 4. Calling the CloudStack API" /><link rel="prev" href="making-api-request.html" title="4.1. Making API Requests" /><link rel="next" href="signing-api-requests.html" title="4.3. Signing API Requests" /></head><body><p id="title"><a class="left" href="http://cloudstack.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.cloudstack.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="making-api-request.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="signing-api-requests.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="enabling-api-call-expiration" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="enabling-api-call-expiration">4.2. Enabling API Call Expiration</h2></div></div></div><div class="para">
|
||
You can set an expiry timestamp on API calls to prevent replay attacks over non-secure channels, such as HTTP. The server tracks the expiry timestamp you have specified and rejects all the subsequent API requests that come in after this validity period.
|
||
</div><div class="para">
|
||
To enable this feature, add the following parameters to the API request:
|
||
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
|
||
signatureVersion=3: If the signatureVersion parameter is missing or is not equal to 3, the expires parameter is ignored in the API request.
|
||
</div></li><li class="listitem"><div class="para">
|
||
expires=YYYY-MM-DDThh:mm:ssZ: Specifies the date and time at which the signature included in the request is expired. The timestamp is expressed in the YYYY-MM-DDThh:mm:ssZ format, as specified in the ISO 8601 standard.
|
||
</div></li></ul></div><div class="para">
|
||
For example:
|
||
</div><pre class="programlisting">expires=2011-10-10T12:00:00+0530</pre><div class="para">
|
||
A sample API request with expiration is given below:
|
||
</div><pre class="programlisting">http://<IPAddress>:8080/client/api?command=listZones&signatureVersion=3&expires=2011-10-10T12:00:00+0530&apiKey=miVr6X7u6bN_sdahOBpjNejPgEsT35eXq-jB8CG20YI3yaxXcgpyuaIRmFI_EJTVwZ0nUkkJbPmY3y2bciKwFQ&signature=Lxx1DM40AjcXU%2FcaiK8RAP0O1hU%3D</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="making-api-request.html"><strong>Prev</strong>4.1. Making API Requests</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="signing-api-requests.html"><strong>Next</strong>4.3. Signing API Requests</a></li></ul></body></html>
|