Signature生成サンプル (bash)

利用例につきましては本サンプルだけでなく「DNS API チュートリアル」も参照されることをおすすめいたします。

Signature生成サンプル

このサンプルはAPI利用方法で示した署名(Signature)の生成方法を紹介するためのものです。

署名の生成には、bash・OpenSSL、その他UNIX commandを使用しています。

サンプルプログラムでは署名を生成するのみで、APIのリクエストは行いません。

サンプルコード

#!/bin/bash

METHOD="GET"
API="zones"
APIVERSION="20140601"
DOSERVICECODE="do1234567"
CONTENTMD5VALUE=""
CONTENTTYPEVALUE=""

STRING_TO_SIGN=string2sign.$$
trap "test -f '$STRING_TO_SIGN' && /bin/rm '$STRING_TO_SIGN'" 0 1 2 3 15

echo    $METHOD                                          >  $STRING_TO_SIGN
echo    $CONTENTMD5VALUE                                 >> $STRING_TO_SIGN
echo    $CONTENTTYPEVALUE                                >> $STRING_TO_SIGN
echo    "x-iijapi-expire:${IIJAPI_EXPIRE}"               >> $STRING_TO_SIGN
echo    "x-iijapi-signaturemethod:HmacSHA256"            >> $STRING_TO_SIGN
echo    "x-iijapi-signatureversion:2"                    >> $STRING_TO_SIGN
echo  -n "/r/${APIVERSION}/${DOSERVICECODE}/${API}.json" >> $STRING_TO_SIGN

SIGNATURE=`openssl dgst -sha256 -binary -hmac "$IIJAPI_SECRET_KEY" "$STRING_TO_SIGN" | base64`

echo $SIGNATURE

exit 0

Signature生成サンプル 実行例

SecretKey、API有効期限を環境変数で与えます。

AccessKeyはAPIリクエスト実行時に使用します。

※このスクリプトはあくまでサンプルです。環境変数やシェルのコマンド実行履歴からAccessKey、SecretKeyが漏洩しないように十分に注意してください。

$ export IIJAPI_ACCESS_KEY='アクセスキー'
$ export IIJAPI_SECRET_KEY='シークレットキー'
$ export IIJAPI_EXPIRE=`date -u -d '1 hours' +'%Y-%m-%dT%H:%M:%SZ'`

$ ./sign.sh
xevXs1ni0VOs2XkvQWkeK9PpNhL9+tDcLNtqwyh+ttg=

APIリクエスト 実行例

生成したSignatureを使用してAPIを実行するサンプルです。 

以下の例では、curlコマンドを使用してAPIを実行します。

GET zones
$ curl -H "x-iijapi-Expire:$IIJAPI_EXPIRE" \
       -H "x-iijapi-SignatureMethod:HmacSHA256" \
       -H "x-iijapi-SignatureVersion:2" \
       -H "Authorization:IIJAPI $IIJAPI_ACCESS_KEY:blYqEogt4XNvvtTBvqNqPr96yRI/PxiJ4yZRRIOK76Q=" \
https://do.api.iij.jp/r/20140601/do1234567/zones.json

HTTP/1.1 200 OK
Date: Tue, 10 Jun 2014 12:55:38 GMT
Server: thin
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=2592000
X-Content-Type-Options: nosniff
Connection: close
Transfer-Encoding: chunked
 
{"RequestId":"xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx","ZoneList": ["example.jp","example2.jp","192.0.2.0/24","2001:db8::/48"]}
POST record
$ curl -H "Content-Type:application/json" \
       -H "x-iijapi-Expire:$IIJAPI_EXPIRE" \
       -H "x-iijapi-SignatureMethod:HmacSHA256" \
       -H "x-iijapi-SignatureVersion:2" \
       -H "Authorization:IIJAPI $IIJAPI_ACCESS_KEY:3vZK2iqoLHCypoSBoWcaGtj6yjMyCIbh5OS4ur7FgUI=" \
       -X POST \
       -d '{"Owner":"www","TTL":"28800","RecordType":"A","RData":"192.0.2.1"}' \
https://do.api.iij.jp/r/20140601/do1234567/example.jp/record.json

HTTP/1.1 200 OK
Date: Tue, 10 Jun 2014 13:05:38 GMT
Server: thin
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=2592000
X-Content-Type-Options: nosniff
Connection: close
Transfer-Encoding: chunked

{"RequestId":"xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx","Record": {"Id": "12345","Owner":"www","TTL":"28800","RecordType":"A","RData":"192.0.2.1","Status":"ADDING"}}
PUT record
$ curl -H "Content-Type:application/json" \
       -H "x-iijapi-Expire:$IIJAPI_EXPIRE" \
       -H "x-iijapi-SignatureMethod:HmacSHA256" \
       -H "x-iijapi-SignatureVersion:2" \
       -H "Authorization:IIJAPI $IIJAPI_ACCESS_KEY:FtS/qdgcrTIv9kPu+d2sd4A8AJ1W+gUQmJeEwzzkie0=" \
       -X PUT \
       -d '{"Owner":"www","TTL":"28800","RecordType":"A","RData":"192.0.2.2"}' \
https://do.api.iij.jp/r/20140601/do1234567/example.jp/record/12345.json

HTTP/1.1 200 OK
Date: Tue, 10 Jun 2014 13:05:38 GMT
Server: thin
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=2592000
X-Content-Type-Options: nosniff
Connection: close
Transfer-Encoding: chunked

{"RequestId":"xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx","Record": {"Id": "12346","Owner":"www","TTL":"28800","RecordType":"A","RData":"192.0.2.2","Status":"ADDING"}}
DELETE record
$ curl -H "x-iijapi-Expire:$IIJAPI_EXPIRE" \
       -H "x-iijapi-SignatureMethod:HmacSHA256" \
       -H "x-iijapi-SignatureVersion:2" \
       -H "Authorization:IIJAPI $IIJAPI_ACCESS_KEY:blYqEogt4XNvvtTBvqNqPr96yRI/PxiJ4yZRRIOK76Q=" \
       -X DELETE \
https://do.api.iij.jp/r/20140601/do1234567/example.jp/record/12345.json

HTTP/1.1 200 OK
Date: Tue, 10 Jun 2014 13:05:38 GMT
Server: thin
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=2592000
X-Content-Type-Options: nosniff
Connection: close
Transfer-Encoding: chunked

{"RequestId":"xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx"}