百度智能云
All Product Document

          Cloud Monitor

          • Cloud Monitor
          • >
          • Go-SDK
          • >
          • BcmClient

          BcmClient

          Last Updated2025-11-14

          Create a new BCM client

          A BCM client acts as the client for BCM control plane services, offering developers various methods to interact with these services.

          Create a new BCM client with AK/SK

          Users can refer to the following code to create a new BCM Client to access BCC with AK/SK:

          import (
 "github.com/baidubce/bce-sdk-go/services/bcm"   //Import BCM service module
)
func main() {
 // User’s Access Key ID and Secret Access Key
	ACCESS_KEY_ID, SECRET_ACCESS_KEY := <your-access-key-id>, <your-secret-access-key>
 // User-specified Endpoint
	ENDPOINT := <domain-name>
 // Initialize a BcmClient
	bcmClient, err := bcm.NewClient(AK, SK, ENDPOINT)
}

          In the code above, ACCESS_KEY_ID corresponds to “Access Key ID” in the console. SECRET_ACCESS_KEY corresponds to “Access Key Secret” in the console. For the method to retrieve them, refer to the Guide - Manage ACCESSKEY. The third parameter ENDPOINT is a user-specified domain name. If left empty, the default domain name will be used as the BCM control plane service address.

          Note:The endpoint parameter must be defined with the domain name of the specified region. For example, if the service is located in Beijing, the endpoint will be bcm.bj.baidubce.com.

          Create a BCM client with STS

          Request STS Token

          BCM facilitates temporary third-party access authorization through the STS mechanism. STS (Security Token Service) is a temporary authorization service provided by Baidu AI Cloud. With STS, you can issue access credentials that have customized validity periods and permissions for third-party users. These users can then use the credentials to directly call Baidu AI Cloud APIs or SDKs to access cloud resources.

          To access BCM via STS, users must first request an certification string through the STS client. For instructions on obtaining STS credentials, refer to Baidu AI Cloud STS Usage Guide.

          Create BCM Client with STS Token

          Once you have obtained the STS token, configure it in the BCM Client to enable client creation based on STS.

          Code example

          The GO SDK implements the STS service API. Below is a complete example for requesting an STS Token and creating an BCM Client object:

          import (
	"fmt"
 "github.com/baidubce/bce-sdk-go/auth"                    //Import the authentication module
 "github.com/baidubce/bce-sdk-go/services/bcm"   //Import BCM service module
 "github.com/baidubce/bce-sdk-go/services/sts"            //Import the Baige service module
)
func main() {
 //Create a Client object for the STS service, using the default Endpoint
	AK, SK := <your-access-key-id>, <your-secret-access-key>
	stsClient, err := sts.NewClient(AK, SK)
	if err != nil {
		fmt.Println("create sts client object :", err)
		return
	}
 //Obtain a temporary authentication token with a validity period of 60 seconds and an empty ACL
	stsObj, err := stsClient.GetSessionToken(60, "")
	if err != nil {
		fmt.Println("get session token failed:", err)
		return
    }
	fmt.Println("GetSessionToken result:")
	fmt.Println("  accessKeyId:", stsObj.AccessKeyId)
	fmt.Println("  secretAccessKey:", stsObj.SecretAccessKey)
	fmt.Println("  sessionToken:", stsObj.SessionToken)
	fmt.Println("  createTime:", stsObj.CreateTime)
	fmt.Println("  expiration:", stsObj.Expiration)
	fmt.Println("  userId:", stsObj.UserId)
 //Create a client object for BCM control plane services using the requested temporary STS, with the default endpoint
	bcmClient, err := bcm.NewClient(stsObj.AccessKeyId, stsObj.SecretAccessKey, "")
	if err != nil {
		fmt.Println("create bcm client failed:", err)
		return
	}
	stsCredential, err := auth.NewSessionBceCredentials(
		stsObj.AccessKeyId,
		stsObj.SecretAccessKey,
		stsObj.SessionToken)
	if err != nil {
		fmt.Println("create sts credential object failed:", err)
		return
	}
	bcmClient.Config.Credentials = stsCredential
}

          Note: Currently, when configuring a BCM client with STS, regardless of where the corresponding BCM service endpoint is located, the STS endpoint must be set to http://sts.bj.baidubce.com. This default is utilized when creating an STS object in the above code.

          Configure HTTPS access to BCM

          BCM supports the HTTPS transport protocol. To use HTTPS to access BCM services with the BCM Go SDK, specify HTTPS in the endpoint when creating the BCM client object.

          // import "github.com/baidubce/bce-sdk-go/services/bcm"
 ENDPOINT := "https://bcm.bj.baidubce.com" //Specify the use of HTTPS protocol
AK, SK := <your-access-key-id>, <your-secret-access-key>
bcmClient, _ := bcm.NewClient(AK, SK, ENDPOINT)

          Configure the BCM client

          If users need to configure specific parameters for the BCM Client, they can customize the configuration using the exported Config field of the BCM Client object after its creation. This allows for configuring parameters such as proxy and maximum number of connections for the client.

          Use a proxy

          The following code snippet enables the client to access BCM service using a proxy:

          // import "github.com/baidubce/bce-sdk-go/services/bcm"
 // Create an BCM Client object
AK, SK := <your-access-key-id>, <your-secret-access-key>
ENDPOINT := "bcm.bj.baidubce.com
client, _ := bcm.NewClient(AK, SK, ENDPOINT)
 // Use the local port 8080 for the proxy
client.Config.ProxyUrl = "127.0.0.1:8080"

          Set network parameters

          Users can configure network parameters using the following example code:

          // import "github.com/baidubce/bce-sdk-go/services/bcm"
AK, SK := <your-access-key-id>, <your-secret-access-key>
ENDPOINT := "bcm.bj.baidubce.com"
client, _ := bcm.NewClient(AK, SK, ENDPOINT)
 // Configure to not retry, default: Back Off retry
client.Config.Retry = bce.NewNoRetryPolicy()
 // Configure connection timeout to 30 seconds
client.Config.ConnectionTimeoutInMillis = 30 * 1000

          Configure options for generating signature strings

          // import "github.com/baidubce/bce-sdk-go/services/bcm"
AK, SK := <your-access-key-id>, <your-secret-access-key>
ENDPOINT := "bcm.bj.baidubce.com"
client, _ := bcm.NewClient(AK, SK, ENDPOINT)
 // Configure the HTTP request header Host for signing
headersToSign := map[string]struct{}{"Host": struct{}{}}
client.Config.SignOption.HeadersToSign = HeadersToSign
 // Configure the validity period of the signature to 30 seconds
client.Config.SignOption.ExpireSeconds = 30

          Parameter description

          When using the GO SDK to access BCM, the Config field of the created BCM Client object supports the following parameters, as shown in the table below:

          ConfigMap name Types Meaning
          Endpoint string Domain name for service requests
          ProxyUrl string The proxy address for client requests
          Region string Region for resource requests
          UserAgent string User name, HTTP request’s User-Agent header
          Credentials *auth.BceCredentials Authentication object for requests, divided into regular AK/SK and STS
          SignOption *auth.SignOptions Options for authentication string signing
          Retry RetryPolicy Retry policy for connections
          ConnectionTimeoutInMillis int Connection timeout, in milliseconds, defaulting to 20 minutes

          Description:

          1. The Credentials field is created using the auth.NewBceCredentials and auth.NewSessionBceCredentials functions. The former is used by default, while the latter is used for STS certification. See "Create a BCM client with STS" for details.
          2. The SignOption field represents options when generating a signature string, as detailed in the table below:
          Name Types Meaning
          HeadersToSign map[string]struct{} HTTP headers used when generating the signature string
          Timestamp int64 Timestamp used in the generated signature string, defaulting to the value at the time of sending request
          ExpireSeconds int Validity period of the signature string 
           Among configuration options, HeadersToSign defaults to `Host`, `Content-Type`, `Content-Length` and `Content-MD5`; TimeStamp is typically set to zero, indicating that the timestamp at the time of generating the certification string shall be used, and users generally shall not explicitly specify the value for this field; ExpireSeconds defaults to 1,800 seconds or 30 minutes.
          1. The Retry field specifies the retry policy, currently supporting two types: NoRetryPolicy and BackOffRetryPolicy. By default, the latter is used. This retry policy specifies the maximum number of retries, the maximum retry duration, and the retry base. Retries increase exponentially based on the retry base multiplied by 2 until the maximum number of retries or the maximum retry duration is reached.
          Previous
          Batch Query Monitoring Data Interface V2
          Next
          Dimension Value TopN and Monitoring Data Query Interface