← Installation | Client(中文) | SSL Verify →
You may create multiple different clients simultaneously. Each client can have its own configuration, and each request can be sent by specified client. Use the Default Client if it is not specified. The client can be created by auto-loading of the configuration files, or created and managed manually. Different types of clients require different Credential
,and different Signature
algorithms that are selected. You may also customize the client: that is, pass in custom credentials and signatures.
Setup AccessKey through User Information Management, they have full authority over the account, please keep them safe. Sometimes for security reasons, you cannot hand over a primary account AccessKey with full access to the developer of a project. You may create a sub-account RAM Sub-account , grant its authorization,and use the AccessKey of RAM Sub-account to make API calls.
Sample Code: Create a client with a certification type AccessKey.
client, err := sdk.NewClientWithAccessKey("regionId", "accessKeyId", "accessKeySecret")
Create a temporary security client by applying Temporary Security Credentials (TSC) through the Security Token Service (STS).
Sample Code: Create a client with a certification type StsToken.
client, err := sdk.NewClientWithStsToken("regionId", "subaccessKeyId", "subaccessKeySecret", "stsToken")
By specifying RAM Role, the client will be able to automatically request maintenance of STS Token before making a request, and be automatically converted to a time-limited STS client. You may also apply for Token maintenance by yourself before creating STS Client
.
Sample Code: Create a client with a certification type RamRoleArn.
client, err := sdk.NewClientWithRamRoleArn("regionId", "subaccessKeyId", "subaccessKeySecret", "roleArn", "roleSession")
If you want to limit the policy(How to make a policy) of STS Token, you can create a client as following:
client, err := sdk.NewClientWithRamRoleArnAndPolicy("regionId", "subaccessKeyId", "subaccessKeySecret", "roleArn", "roleSession", "policy")
By specifying the role name, the client will be able to automatically request maintenance of STS Token before making a request, and be automatically converted to a time-limited STS client. You may also apply for Token maintenance by yourself before creating STS Client
.
Sample Code: Create a client with a certification type EcsRamRole.
client, err := NewClientWithEcsRamRole("regionid", "roleName")
If clients with this certification type are required by the Cloud Call Centre (CCC), please apply for Bearer Token maintenance by yourself.
Sample Code: Create a client with a certification type Bearer Token.
client, err := NewClientWithBearerToken("regionId", "bearerToken")
By specifying the public key ID and the private key file, the client will be able to automatically request maintenance of the AccessKey before sending the request, and be automatically converted to a time-limited AccessKey client. Only Japan station is supported.
Sample Code: Create a client with a certification type RsaKeyPair.
client, err := NewClientWithRsaKeyPair("regionid", "publicKey", "privateKey", 3600)
If no client is created before the request is sent, the client will be created using the default credential provider chain, or the program chain can be customized.
The default credential provider chain looks for available clients, looking in the following order:
The program first looks for environment credentials in the environment variable. If the ALIBABA_CLOUD_ACCESS_KEY_ID
and ALIBABA_CLOUD_ACCESS_KEY_SECRET
environment variables are defined and are not empty, the program will use them to create the default client. If the client specified by the request is not the default client, the program loads and looks for the client in the configuration file.
If there is
~/.alibabacloud/credentials
default file (Windows showsC:\Users\USER_NAME\.alibabacloud\credentials
), the program will automatically create clients with the specified type and name. The default file may not exist, but a parse error throws an exception. The client name is case-insensitive, and if the clients have the same name, the latter will override the former. The specified files can also be loaded indefinitely:AlibabaCloud::load('/data/credentials', 'vfs://AlibabaCloud/credentials', ...);
This configuration file can be shared between different projects and between different tools. Because it is outside the project and will not be accidentally committed to the version control. Environment variables can be used on Windows to refer to the home directory %UserProfile%. Unix-like systems can use the environment variable $HOME or ~ (tilde). The path to the default file can be modified by defining theALIBABA_CLOUD_CREDENTIALS_FILE
environment variable.
[default] # Default client
type = access_key # Certification type: access_key
access_key_id = foo # Key
access_key_secret = bar # Secret
[client1] # Client that is named as `client1`
type = ecs_ram_role # Certification type: ecs_ram_role
role_name = EcsRamRoleTest # Role Name
[client2] # Client that is named as `client2`
type = ram_role_arn # Certification type: ram_role_arn
access_key_id = foo
access_key_secret = bar
role_arn = role_arn
role_session_name = session_name
[client3] # Client that is named as `client3`
type = rsa_key_pair # Certification type: rsa_key_pair
public_key_id = publicKeyId # Public Key ID
private_key_file = /your/pk.pem # Private Key file
If the environment variable ALIBABA_CLOUD_ECS_METADATA
is defined and not empty, the program will take the value of the environment variable as the role name and request http://100.100.100.200/latest/meta-data/ram/security-credentials/
to get the temporary Security credentials, then create a default client.
You can replace the default order of the program chain by customizing the program chain, or you can write the closure to the provider.
client, err := sdk.NewClientWithProvider("regionId", ProviderInstance, ProviderProfile, ProviderEnv)
← Installation | Client(中文) | SSL Verify →