Alibaba Marketplace Alibaba Marketplace

Connect Suger to Alibaba Cloud Marketplace - China & International


Overview

Alibaba Cloud Marketplace is a digital platform that connects Alibaba Cloud users with trusted SaaS providers and ISVs worldwide, similar to marketplaces offered by AWS, Azure, and GCP. The Marketplace provides a diverse range of software and services that integrate with Alibaba Cloud's infrastructure solutions.

By connecting Suger to your Alibaba Cloud Marketplace account, we can easily make your product discoverable to Alibaba Cloud customers and enable consolidated billing through Alibaba Cloud accounts. It also facilitates key capabilities like private offers, order management, usage metering, and automated revenue recognition.

Create Integration

In your Suger Console Integration, you will see the Alibaba Marketplace integration connection. Click the Connect button to create an integration with your Alibaba Cloud Marketplace account.

The following fields are required to set up the integration.

  • Alibaba Cloud Account ID: The Uid of your root Alibaba Cloud Account.
  • Access Key ID: The Key ID to access your Alibaba Cloud Account APIs.
  • Access Key Secret: The Key Secret to access your Alibaba Cloud Account APIs.
  • SPI Key: The security key to verify the notification events from Alibaba Cloud Marketplace SPI.

Edit Integration

Editing the following fields are supported:

  • Alibaba Cloud Account ID: The Uid of your root Alibaba Cloud Account.
  • Product Code(s): The Product code of your listings in Alibaba Cloud Marketplace. Optional. If not provided, Suger will automatically fetch all product listings under the Alibaba Cloud Account ID.
  • Usage Metering Disabled: If true, Suger stops to report usage records to Alibaba Marketplace metering service.

If you would like to update the Access Key ID, Access Key Secret or SPI Key, the practical way is to delete it and then reconnect Suger with the new integration.

Delete Integration

The Alibaba Cloud Marketplace integration can be deleted like all other integrations. Once the deletion is triggered, all integration info including the API Access Key Secret & SPI Key will be deleted immediately & permanently from Suger. No time window or methods to recover. You may revoke the Access Key Secret & SPI Key in your Alibaba Cloud account.

Auth Free URL Redirect

After an SaaS instance is generated, the buyer might require access to the ISV's back-end system without the need for additional authentication. The process involves the following steps:

  1. The URL request is initially directed to the Suger service.
  2. Within the Suger service, the request undergoes processing and verification through SPI token validation.
  3. Subsequently, the request is redirected to the ISV's product fulfillment URL, accompanied by specific parameters:
    • sugerEntitlementId
    • partner, which is consistently set as partner=ALIBABA.
    • timestamp, denoting the moment the token was generated, from the Alibaba Cloud Marketplace in UTC formatted as RFC3339.
    • token, representing the SPI token utilized for validation. It is generated by Suger using the same SPI key.

Upon reception of the redirected request by your service or frontend, the following steps should be taken to ensure proper validation of the token using the SPI key:

  1. Token Verification: Extract the provided SPI token from the incoming request.
  2. SPI Key Usage: Employ the appropriate SPI key to validate the token obtained from the request.
  3. Timestamp Validation: Confirm that the timestamp included in the parameters aligns with the time of token generation, adhering to the RFC3339 format.
  4. Partner Check: Verify that the partner parameter is set as partner=ALIBABA.

Once your service or frontend received the redirected request, please verify the token using the SPI key. Here is the detailed guidance of SPI security.

Table of Contents