本文へジャンプします。

ニフクラ APIリファレンス

クラウド トップ>APIのご利用にあたって>オブジェクトストレージ>認証ヘッダーと認証方式

認証ヘッダーと認証方式

認証ヘッダー

RESTでリクエストを行う場合、リクエスト毎に以下の認証ヘッダーを付加する必要があります。
(アクセス権限設定によっては、認証ヘッダーを付加する必要はありません)

バージョン3
GET / HTTP/1.1
Host: jp-east-2.storage.api.nifcloud.com
Date: Wed, 29 Jun 2016 12:00:00 GMT
Authorization: AWS ${AccessKeyId}:${Sigunature}
項目名 説明 必須 サンプル値
AccessKeyId コントロールパネルより取得したAccessKey  
Signature 認証文字列
※生成ロジックは後述		  
Signature(認証文字列)生成ロジック
Signature = Base64( HMAC-SHA1 ( SecretAccessKey, UTF-8-Encoding( StringToSign ) ) )
StringToSign = HTTPリクエストメソッド + \n
               HTTPリクエストヘッダー文字列(※) + \n
               URLエンコードしたパス部分 + リクエストパラメーター文字列
  • ※ リクエストヘッダー文字列生成について:
    1. リクエストヘッダーキーをUTF-8の自然順序でソートする。
    2. リクエストヘッダー値を("\n")で連結する
      • リクエストヘッダーキーが "Content-MD5"、"Content-Type"、"Date" の場合、値を連結する。
      • リクエストヘッダーキーの接頭文字が、 "x-amz-"の場合、ヘッダーキー+":"+ヘッダー値を連結する。
例:Get Service
GET / HTTP1.1
Content-Type: application/octet-stream
Date: Wed, 29 Jun 2016 12:00:00 GMT
Host: jp-east-2.storage.api.nifcloud.com
User-Agent: Nifty Cloud Service Java Client
Authorization: AWS ${Accesskey}:${ Sigunature }
StringToSign =
GET\n
\n
application/octet-stream\n
Wed, 29 Jun 2016 12:00:00 GMT\n
/
例:Put Bucket
PUT / HTTP1.1
Content-Type: application/octet-stream
Date: Wed, 29 Jun 2016 12:00:00 GMT
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
User-Agent: Nifty Cloud Service Java Client
Authorization: AWS ${Accesskey}:${ Sigunature }
StringToSign =
PUT\n
\n
application/octet-stream\n
Wed, 29 Jun 2016 12:00:00 GMT\n
/my-first-bucket/
例:Get Bucket
GET / HTTP1.1
Content-Type: application/octet-stream
Date: Wed, 29 Jun 2016 12:00:00 GMT
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
User-Agent: Nifty Cloud Service Java Client
Authorization: AWS ${Accesskey}:${ Sigunature }
StringToSign =
GET\n
\n
application/octet-stream\n
Wed, 29 Jun 2016 12:00:00 GMT\n
/my-first-bucket/
例:Delete Bucket
DELETE / HTTP1.1
Content-Type: application/octet-stream
Date: Wed, 29 Jun 2016 12:00:00 GMT
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
User-Agent: Nifty Cloud Service Java Client
Authorization: AWS ${Accesskey}:${ Sigunature }
StringToSign =
DELETE\n
\n
application/octet-stream\n
Wed, 29 Jun 2016 12:00:00 GMT\n
/my-first-bucket/
例:Put Object
PUT /sample.txt HTTP1.1
Content-MD5: 62cff0140e0931c345c25795689032ca
Content-Type: text/plain
Date: Wed, 29 Jun 2016 12:00:00 GMT
x-amz-acl:private
x-amz-meta-alphabet:abcdefghijklmnopqrstuvwxyz
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
Content-length: 138
User-Agent: Nifty Cloud Service Java Client
Authorization: AWS ${Accesskey}:${ Sigunature }
StringToSign =
PUT\n
62cff0140e0931c345c25795689032ca\n
text/plain\n
Wed, 29 Jun 2016 12:00:00 GMT\n
x-amz-acl:private\n
x-amz-meta-alphabet:abcdefghijklmnopqrstuvwxyz\n
/my-first-bucket/sample.txt
例:Get Object
GET/sample.txt HTTP1.1
Content-Type: application/octet-stream
Date: Wed, 29 Jun 2016 12:00:00 GMT
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
User-Agent: Nifty Cloud Service Java Client
Authorization: AWS ${Accesskey}:${ Sigunature }
StringToSign =
GET\n
\n
application/octet-stream\n
Wed, 29 Jun 2016 12:00:00 GMT\n
/my-first-bucket/sample.txt
例:Delete Object
DELETE / HTTP1.1
Content-Type: application/octet-stream
Date: Wed, 29 Jun 2016 12:00:00 GMT
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
User-Agent: Nifty Cloud Service Java Client
Authorization: AWS ${Accesskey}:${ Sigunature }
StringToSign =
DELETE\n
\n
application/octet-stream\n
Wed, 29 Jun 2016 12:00:00 GMT\n
/my-first-bucket/sample.txt
例:Put Object acl
PUT /sample.txt?acl HTTP1.1
Content-Type: text/plain
Date: Wed, 29 Jun 2016 12:00:00 GMT
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
Content-length: 961
User-Agent: Nifty Cloud Service Java Client
Authorization: AWS ${Accesskey}:${ Sigunature }
StringToSign =
PUT\n
\n
text/plain\n
Wed, 29 Jun 2016 12:00:00 GMT\n
/my-first-bucket/sample.txt?acl
例:Get Object acl
GET /sample.txt?acl HTTP1.1
Content-Type: application/octet-stream
Date: Wed, 29 Jun 2016 12:00:00 GMT
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
User-Agent: Nifty Cloud Service Java Client
Authorization: AWS ${Accesskey}:${ Sigunature }
StringToSign =
GET\n
\n
application/octet-stream\n
Wed, 29 Jun 2016 12:00:00 GMT\n
/my-first-bucket/sample.txt?acl
バージョン4
GET / HTTP/1.1
Host: jp-east-2.storage.api.nifcloud.com
x-amz-content-sha256: ${HashedPayload}
x-amz-date: ${TimeStamp}
Authorization: AWS4-HMAC-SHA256
Credential=${AccessKeyId}/${RequestDate}/${Region}/s3/aws4_request,
SignedHeaders=${SignedHeaders},
Signature=${Sigunature}
項目名 説明 必須 サンプル値
AccessKeyId コントロールパネルより取得したアクセスキー  
RequestDate リクエスト日yyyymmdd 形式 20170724
Region リージョン jp-east-2
HashedPayload HTTPリクエストのボディ部の内容(ここではペイロードと呼びます)を「SHA-256」アルゴリズムにてハッシュ化し、16進数エンコードしたもの e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
TimeStamp ISO8601形式でフォーマットされたリクエスト時間 20170724T0000000Z
SignedHeaders 署名ヘッダー ※生成ロジックは後述 host;x-amz-content-sha256;x-amz-date
Signature 認証文字列 ※生成ロジックは後述  
Signature(認証文字列)生成ロジック
Signature = Hex( HMAC-SHA256 ( SigningKey, StringToSign ))
StringToSign = “AWS4-HMAC-SHA256\n” +
               “${TimeStamp}\n” +
               “${CredentialScope}\n” +
               Hex(SHA256Hash(CanonicalRequest))
CredenatialScope = “${RequestDate}/${Region}/s3/aws4_request”
CanonicalRequest = “${HTTPMethod}\n” +
               “${CanonicalURI}\n” +
               “${CanoncalQueryString}\n” +
               “${CanonicalHeaders}\n” +
               “${SignedHeaders}\n” +
               “${HashedPayload}”
HashedPayload = Hex(SHA256Hash(${Payload})
SigningKey = HMAC-SHA256(
               HMAC-SHA256(
                 HMAC-SHA256(
                   HMAC-SHA256("AWS4"+"${SecretAccessKey}", "${RequestDate}"), "${Region}"
                 ), "s3"
               ), "aws4_request"
             )
項目名 説明 必須 サンプル値
TimeStamp ISO8601形式でフォーマットされたリクエスト時間 20170724T0000000Z
HTTPMethod 利用するHTTP メソッド “GET”,“PUT”,“DELETE”など
CanonicalURI URLエンコードしたパス部分 クエリ文字列は除く /sample.txt
CanonicalQueryString クエリ文字列に含まれる各パラメーターについて、パラメーター名と値をそれぞれURLエンコードしたものを”=”で繋げて、パラメーター名で辞書順にソートして”\n”で結合したもの acl=
CanonicalHeaders ヘッダーに含まれる各パラメーターについて、ヘッダー名と値をそれぞれ小文字に変換したものを”:”で繋げて、パラメーター名で辞書順にソートして”\n”で結合したもの
host ヘッダーは必須
Content-Type ヘッダーと ”x-amz-“ で始まるヘッダーがリクエストに含まれる場合は必須		 host:my-first-bucket.jp-east-2.storage.api.nifcloud.com\n
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n
x-amz-date:20170724T000000Z\n
SignedHeaders CanonicalHeaders に含まれるヘッダーパラメーターのヘッダー名を辞書順にソートし、”;”で繋げたもの host;x-amz-content-sha256;x-amz-date
Payload リクエストボディーの値
PUTリクエストの場合はPUTするファイルやチャンク、ACL分など
GETの場合は空文字 		 
SecretAccessKey コントロールパネルより取得したシークレットキー  
例:Get Service
GET / HTTP1.1
Host: jp-east-2.storage.api.nifcloud.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170724T000000Z
Authorization: AWS4-HMAC-SHA256 Credential=${AccessKeyId}/${RequestDate}/${Region}/s3/aws4_request, SignedHeaders=${SignedHeaders}, Signature=${SigningKey}
CanonicalRequest=
GET\n
/\n
\n
host:jp-east-2.storage.api.nifcloud.com\n
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n
x-amz-date:20170724T000000Z\n
\n
host;x-amz-content-sha256;x-amz-date\n
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

StringToSign=
AWS4-HMAC-SHA256\n
20170724T000000Z\n
20170724/jp-east-2/s3/aws4_request\n
c04e4c3209d21bb444cdbf3595bea89a3469613b48ca3f8dfb8ced1c88b4b651
例:Put Bucket
PUT / HTTP1.1
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170724T000000Z
Authorization: AWS4-HMAC-SHA256 Credential=${AccessKeyId}/${RequestDate}/${Region}/s3/aws4_request, SignedHeaders=${SignedHeaders}, Signature=${SigningKey}
CanonicalRequest=
PUT\n
/\n
\n
host:my-first-bucket2.jp-east-2.storage.api.nifcloud.com\n
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n
x-amz-date:20170724T000000Z\n
\n
host;x-amz-content-sha256;x-amz-date\n
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

StringToSign=
AWS4-HMAC-SHA256\n
20170724T000000Z\n
20170724/jp-east-2/s3/aws4_request\n
c04e4c3209d21bb444cdbf3595bea89a3469613b48ca3f8dfb8ced1c88b4b651
例:Get Bucket
GET / HTTP1.1
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170724T000000Z
Authorization: AWS4-HMAC-SHA256 Credential=${AccessKeyId}/${RequestDate}/${Region}/s3/aws4_request, SignedHeaders=${SignedHeaders}, Signature=${SigningKey}
CanonicalRequest=
GET\n
/\n
\n
host:my-first-bucket.jp-east-2.storage.api.nifcloud.com\n
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n
x-amz-date:20170724T000000Z\n
\n
host;x-amz-content-sha256;x-amz-date\n
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

StringToSign=
AWS4-HMAC-SHA256\n
20170724T000000Z\n
20170724/jp-east-2/s3/aws4_request\n
7df254b7970a77c2e626d4d08710ba785dee70242bb57e50aaa8aa1b750b1d04
例:Delete Bucket
DELETE / HTTP1.1
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170724T000000Z
Authorization: AWS4-HMAC-SHA256 Credential=${AccessKeyId}/${RequestDate}/${Region}/s3/aws4_request, SignedHeaders=${SignedHeaders}, Signature=${SigningKey}
CanonicalRequest=
DELETE\n
/\n
\n
host:my-first-bucket.jp-east-2.storage.api.nifcloud.com\n
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n
x-amz-date:20170724T000000Z\n
\n
host;x-amz-content-sha256;x-amz-date\n
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

StringToSign=
AWS4-HMAC-SHA256\n
20170724T000000Z\n
20170724/jp-east-2/s3/aws4_request\n
8be98872cc6e745f0ebf075eeafa10c91a13b66daedba2a6f1474b6514bc8e74
例:Put Object
PUT /sample.txt HTTP1.1
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
x-amz-content-sha256: b41843877351fe4ebf058aae14a1d4614f11d9a0d51da426c75dcc06d939c05e
x-amz-date: 20170724T000000Z
x-amz-acl: private
x-amz-meta-alphabet: abcdefghijklmnopqrstuvwxyz
Content-length: 138
Authorization: AWS4-HMAC-SHA256 Credential=${AccessKeyId}/${RequestDate}/${Region}/s3/aws4_request, SignedHeaders=${SignedHeaders}, Signature=${SigningKey}
CanonicalRequest=
PUT\n
/sample.txt\n
\n
host:my-first-bucket.jp-east-2.storage.api.nifcloud.com\n
x-amz-content-sha256:b41843877351fe4ebf058aae14a1d4614f11d9a0d51da426c75dcc06d939c05e\n
x-amz-date:20170724T000000Z\n
\n
host;x-amz-content-sha256;x-amz-date\n
b41843877351fe4ebf058aae14a1d4614f11d9a0d51da426c75dcc06d939c05e

StringToSign=
AWS4-HMAC-SHA256\n
20170724T000000Z\n
20170724/jp-east-2/s3/aws4_request\n
77a70e3e2c4e0ab1a919a8508c8306dc9f4df2e56952b2bc82d0f279d6dada54
例:Get Object
GET /sample.txt HTTP1.1
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170724T000000Z
Authorization: AWS4-HMAC-SHA256 Credential=${AccessKeyId}/${RequestDate}/${Region}/s3/aws4_request, SignedHeaders=${SignedHeaders}, Signature=${SigningKey}
CanonicalRequest=
GET\n
/sample.txt\n
\n
host:my-first-bucket.jp-east-2.storage.api.nifcloud.com\n
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n
x-amz-date:20170724T000000Z\n
\n
host;x-amz-content-sha256;x-amz-date\n
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

StringToSign=
AWS4-HMAC-SHA256\n
20170724T000000Z\n
20170724/jp-east-2/s3/aws4_request\n
c6a2222893599353161c31aa8705586c641766624048201e1381a89e4405e5c6
例:Delete Object
DELETE /sample.txt HTTP1.1
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170724T000000Z
Authorization: AWS4-HMAC-SHA256 Credential=${AccessKeyId}/${RequestDate}/${Region}/s3/aws4_request, SignedHeaders=${SignedHeaders}, Signature=${SigningKey}
CanonicalRequest=
DELETE\n
/sample.txt\n
\n
host:my-first-bucket.jp-east-2.storage.api.nifcloud.com\n
x-amz-date:20170724T000000Z\n
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n
\n
host;x-amz-content-sha256;x-amz-date\n
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

StringToSign=
AWS4-HMAC-SHA256\n
20170724T000000Z\n
20170724/jp-east-2/s3/aws4_request\n
b3aa4438cd01be87f47d54fef44274516a031d4a2d43859f43f65b20d02fe52c
例:Put Object acl
PUT /sample.txt HTTP1.1
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
x-amz-content-sha256: 138eae2997d5fc275631bc2b1e2c8c604475bb7f092b5cd91ef24dfdac407a2c
x-amz-date: 20170724T000000Z
x-amz-acl: private
Content-length: 961
Content-Type: text/plan
Authorization: AWS4-HMAC-SHA256 Credential=${AccessKeyId}/${RequestDate}/${Region}/s3/aws4_request, SignedHeaders=${SignedHeaders}, Signature=${SigningKey}
CanonicalRequest=
PUT\n
/sample.txt\n

host:my-first-bucket.jp-east-2.storage.api.nifcloud.com\n
x-amz-acl:private\n
x-amz-content-sha256:138eae2997d5fc275631bc2b1e2c8c604475bb7f092b5cd91ef24dfdac407a2c\n
x-amz-date:20170724T000000Z\n
\n
host;x-amz-content-sha256;x-amz-date\n
138eae2997d5fc275631bc2b1e2c8c604475bb7f092b5cd91ef24dfdac407a2c

StringToSign=
AWS4-HMAC-SHA256\n
20170724T000000Z\n
20170724/jp-east-2/s3/aws4_request\n
8f363bf33583292ffbc1c8ab1eb5691d5c345e538fbe2fcb930267b5411c34a5
例:Get Object acl
GET /sample.txt?acl HTTP1.1
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170724T000000Z
Content-Type: application/octet-stream
Authorization: AWS4-HMAC-SHA256 Credential=${AccessKeyId}/${RequestDate}/${Region}/s3/aws4_request, SignedHeaders=${SignedHeaders}, Signature=${SigningKey}
CanonicalRequest=
GET\n
/sample.txt\n
acl=\n
host:my-first-bucket.jp-east-2.storage.api.nifcloud.com\n
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n
x-amz-date:20170724T000000Z\n
\n
host;x-amz-content-sha256;x-amz-date\n
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

StringToSign=
AWS4-HMAC-SHA256\n
20170724T000000Z\n
20170724/jp-east-2/s3/aws4_request\n
a282cea2acaef821beabc9fc4f583dafa1140c9622bfc66172435cea169ffdd2

認証方式

オブジェクトストレージは、前述と同じ方法でリクエストからSignatureを生成し、認証ヘッダー指定された値と文字列比較を行います。
文字列が一致し、認証文字列が正しいと判定した場合、指定されたAPIの処理を実行します。

バーチャルホスト形式

バケットとオブジェクトを指定する場合、以下のようにリクエスト先をバーチャルホスト形式で指定します。

https://<バケット名>.jp-east-2.storage.api.nifcloud.com/<オブジェクト名>

リクエストサンプル
GET /sample.txt HTTP/1.1
Host: my-first-bucket.jp-east-2.storage.api.nifcloud.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170724T000000Z
Authorization: signatureValue
  • ※本ページ記載の金額は、すべて税抜表示です。
  • ※本ページ記載の他社製品名および会社名などは、各社の商標または登録商標です。
  • ※本ページの内容は、2021年4月12日時点の情報です。

推奨画面サイズ 1024×768 以上

ページの先頭へ