Initialization

Last Updated：2025-11-14

Confirm Endpoint

Before configuring the Endpoint for SDK usage, please refer to the developer guide section on BLS Access Domain Name to understand Endpoint-related concepts. Baidu AI Cloud currently supports multiple regions. Please refer to Region Selection Guide.

Now, "North China-Beijing" and "South China-Guangzhou” regions are supported. Beijing region: bls-log.bj.baidubce.com Guangzhou region: bls-log.gz.baidubce.com. Corresponding information:

Access region	Endpoint	Protocol
North China-Beijing	bls-log.bj.baidubce.com	HTTP/HTTPS
South China-Guangzhou	bls-log.gz.baidubce.com	HTTP/HTTPS
East China-Suzhou	bls-log.su.baidubce.com	HTTP/HTTPS
North China-Baoding	bls-log.bd.baidubce.com	HTTP/HTTPS
Central China-Wuhan (Financial)	bls-log.fwh.baidubce.com	HTTP/HTTPS
North China-Yangquan	bls-log.yq.baidubce.com	HTTP/HTTPS
North China - Nanjing	bls-log.nj.baidubce.com	HTTP/HTTPS
Southwest-Chengdu	bls-log.cd.baidubce.com	HTTP/HTTPS
Hong Kong, China	bls-log.hkg.baidubce.com	HTTP/HTTPS

Retrieve access key

To use BLS, you need a valid AK (Access Key ID) and SK (Secret Access Key) for signature authentication. AK/SK are system-assigned strings that identify users and facilitate BLS signature authentication.

Your AK/SK information can be obtained and understood through the following steps:

Create AK/SK

Create a new BLS client

A BLS client acts as an interface to the BLS services, offering developers a variety of methods to interact with BLS features.

Create a new BLS client with AK/SK

Users can refer to the following code to create a new BLS Client to access BLS with AK/SK:

import (
	"github.com/baidubce/bce-sdk-go/services/bls"
)
func main() {
	// User's Access Key ID and Secret Access Key
	AK, SK := <your-access-key-id>, <your-secret-access-key>
	// User-specified Endpoint
	ENDPOINT := <domain-name>
	// Initialize a BLSClient
	blsClient, err := bls.NewClient(AK, SK, ENDPOINT)
}

In the code above, AK corresponds to the "Access Key ID" in the console, and SK corresponds to the "Access Key Secret" in the console. For the access method, please refer to the General Reference for Getting AKSK. The third parameter ENDPOINT is a user-specified domain name. If left empty, the default domain name will be used as the BLS service address.

Note:The endpoint parameter must be defined with the domain name of the specified region. For example, if the service is located in Beijing, the endpoint will be http://bls-log.bj.baidubce.com.

Create a BLS client with STS

Request STS Token

BLS allows temporary third-party access authorization through the STS mechanism. STS (Security Token Service) is a temporary authorization service provided by Baidu AI Cloud. It enables you to generate access credentials with customized validity periods and permissions for third-party users. These users can use the credentials to directly call Baidu AI Cloud APIs or SDKs to access cloud resources.

To access BLS via STS, users must first request a certification string through the STS client. For instructions on obtaining STS credentials, refer to Baidu AI Cloud STS Usage Guide.

Create BLS Client with STS Token

After obtaining the STS token, configure it into the BLS Client to enable client creation based on STS.

Code example

The Go SDK implements the STS service API. Below is a complete example for requesting an STS Token and creating an BLS Client object:

import (
	"fmt"
	"github.com/baidubce/bce-sdk-go/auth"         //Import authentication module
	"github.com/baidubce/bce-sdk-go/services/bls" //Import BLS service module
	"github.com/baidubce/bce-sdk-go/services/sts" //Import STS service module
)
func main() {
	//Create a client object for STS service with the default Endpoint
	AK, SK := <your-access-key-id>, <your-secret-access-key>
	stsClient, err := sts.NewClient(AK, SK)
	if err != nil {
		fmt.Println("create sts client object :", err)
		return
	}
	//Obtain a temporary authentication token, valid for 60 seconds, with an null ACL
	stsObj, err := stsClient.GetSessionToken(60, "")
	if err != nil {
		fmt.Println("get session token failed:", err)
		return
    }
	fmt.Println("GetSessionToken result:")
	fmt.Println("  accessKeyId:", stsObj.AccessKeyId)
	fmt.Println("  secretAccessKey:", stsObj.SecretAccessKey)
	fmt.Println("  sessionToken:", stsObj.SessionToken)
	fmt.Println("  createTime:", stsObj.CreateTime)
	fmt.Println("  expiration:", stsObj.Expiration)
	fmt.Println("  userId:", stsObj.UserId)
	//Create a client object for BLS service by the temporary STS applied, with the default Endpoint
	blsClient, err := bls.NewClient(stsObj.AccessKeyId, stsObj.SecretAccessKey, "")
	if err != nil {
		fmt.Println("create bls client failed:", err)
		return
	}
	stsCredential, err := auth.NewSessionBceCredentials(
		stsObj.AccessKeyId,
		stsObj.SecretAccessKey,
		stsObj.SessionToken)
	if err != nil {
		fmt.Println("create sts credential object failed:", err)
		return
	}
	blsClient.Config.Credentials = stsCredential
}

Note: Currently, when configuring a BLS client with STS, regardless of where the corresponding BLS service endpoint is located, the STS endpoint must be set to http://sts.bj.baidubce.com. This default is utilized when creating an STS object in the above code.

Configure HTTPS access to BLS

BLS supports the HTTPS transport protocol. To use HTTPS to access BLS services with the BLS Go SDK, specify HTTPS in the endpoint when creating the BLS client object.

// import "github.com/baidubce/bce-sdk-go/services/bls"
 ENDPOINT := "https://bls-log.bj.baidubce.com" //Specify the use of HTTPS protocol
AK, SK := <your-access-key-id>, <your-secret-access-key>
blsClient, _ := bls.NewClient(AK, SK, ENDPOINT)

Configure the BLS client

If users need to configure specific parameters for the BLS Client, they can customize the configuration using the exported Config field of the BLS Client object after its creation. This allows for configuring parameters such as proxy and maximum number of connections for the client.

Use a proxy

The following code snippet enables the client to access BLS service using a proxy:

// import "github.com/baidubce/bce-sdk-go/services/bls"
 // Create an BLS Client object
AK, SK := <your-access-key-id>, <your-secret-access-key>
ENDPOINT := "bls-log.bj.baidubce.com"
blsClient, _ := bls.NewClient(AK, SK, ENDPOINT)
 // Use the local port 8080 for the proxy
blsClient.Config.ProxyUrl = "127.0.0.1:8080"

Set network parameters

Users can configure network parameters using the following example code:

// import "github.com/baidubce/bce-sdk-go/services/bls"
AK, SK := <your-access-key-id>, <your-secret-access-key>
ENDPOINT := "bls-log.bj.baidubce.com"
blsClient, _ := bls.NewClient(AK, SK, ENDPOINT)
 // Configure to not retry, default: Back Off retry
blsClient.Config.Retry = bce.NewNoRetryPolicy()
 // Configure connection timeout to 30 seconds
blsClient.Config.ConnectionTimeoutInMillis = 30 * 1000

Configure options for generating signature strings

// import "github.com/baidubce/bce-sdk-go/services/bls"
AK, SK := <your-access-key-id>, <your-secret-access-key>
ENDPOINT := "bls-log.bj.baidubce.com"
blsClient, _ := bls.NewClient(AK, SK, ENDPOINT)
 // Configure the HTTP request header Host for signing
headersToSign := map[string]struct{}{"Host": struct{}{}}
blsClient.Config.SignOption.HeadersToSign = HeadersToSign
 // Configure the validity period of the signature to 30 seconds
blsClient.Config.SignOption.ExpireSeconds = 30

Parameter description

When using the Go SDK to access BLS, the Config field of the created BLS Client object supports the following parameters, as shown in the table below:

ConfigMap name	Types	Meaning
Endpoint	string	Domain name for service requests
ProxyUrl	string	The proxy address for client requests
Region	string	Region for resource requests
UserAgent	string	User name, HTTP request’s User-Agent header
Credentials	*auth.BceCredentials	Authentication object for requests, divided into regular AK/SK and STS
SignOption	*auth.SignOptions	Options for authentication string signing
Retry	RetryPolicy	Retry policy for connections
ConnectionTimeoutInMillis	int	Connection timeout, in milliseconds, defaulting to 20 minutes

Description:

The Credentials field is created using the auth.NewBceCredentials and auth.NewSessionBceCredentials functions. The former is used by default, while the latter is used for STS certification. See "Create a BLS client with STS" for details.

The SignOption field represents options when generating a signature string, as detailed in the table below:

Name Types Meaning

HeadersToSign map[string]struct{} HTTP headers used when generating the signature string

Timestamp int64 Timestamp used in the generated signature string, defaulting to the value at the time of sending request

ExpireSeconds int Validity period of the signature string

Among them, HeadersToSign defaults to Host, Content-Type, Content-Length and Content-MD5. TimeStamp is generally set to zero, indicating that the timestamp when generating the authentication string is used. Users should not explicitly specify this field’s value. ExpireSeconds defaults to 1,800 seconds (30 minutes).

The Retry field specifies the retry policy, currently supporting two types: NoRetryPolicy and BackOffRetryPolicy. By default, the latter is used. This retry policy specifies the maximum number of retries, the maximum retry duration, and the retry base. Retries increase exponentially based on the retry base multiplied by 2 until the maximum number of retries or the maximum retry duration is reached.

Name	Types	Meaning
HeadersToSign	map[string]struct{}	HTTP headers used when generating the signature string
Timestamp	int64	Timestamp used in the generated signature string, defaulting to the value at the time of sending request
ExpireSeconds	int	Validity period of the signature string

Overview

Install the SDK Package

百度智能云

Log Service