Authorizing Apps¶
Function¶
An app cannot access any APIs after being created. To access an API in a specific environment, bind the app to the API in the environment.
Calling Method¶
For details, see Calling APIs.
URI¶
POST /v2/{project_id}/apigw/instances/{instance_id}/app-auths
Parameter | Mandatory | Type | Description |
---|---|---|---|
project_id | Yes | String | Project ID. For details about how to obtain it, see Obtaining a Project ID. |
instance_id | Yes | String | Gateway ID, which can be obtained from the gateway information on the APIG console. |
Request Parameters¶
Parameter | Mandatory | Type | Description |
---|---|---|---|
X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. |
Parameter | Mandatory | Type | Description |
---|---|---|---|
env_id | Yes | String | ID of the environment in which the apps will be authorized. |
app_ids | Yes | Array of strings | App IDs. |
api_ids | Yes | Array of strings | API list. |
Response Parameters¶
Status code: 201
Parameter | Type | Description |
---|---|---|
auths | Array of ApiAuthRelations objects | App authorization records. |
Parameter | Type | Description |
---|---|---|
api_id | String | API ID. |
auth_result | AuthResult object | Authorization result. |
auth_time | String | Authorization time. |
id | String | Authorization record ID. |
app_id | String | App ID. |
auth_role | String | Authorizer.
Enumeration values:
|
auth_tunnel | String | Authorization channel type.
The default value is NORMAL. This parameter is not supported currently. Enumeration values:
|
auth_whitelist | Array of strings | Whitelist for the green channel. |
auth_blacklist | Array of strings | Blacklist for the green channel. |
visit_params | String | Access parameters. |
Parameter | Type | Description |
---|---|---|
status | String | Authorization result.
Enumeration values:
|
error_msg | String | Error message. |
error_code | String | Error code. |
api_name | String | Name of the API for which authorization fails. |
app_name | String | Name of the app that fails to be authorized. |
Status code: 400
Parameter | Type | Description |
---|---|---|
error_code | String | Error code. |
error_msg | String | Error message. |
Status code: 401
Parameter | Type | Description |
---|---|---|
error_code | String | Error code. |
error_msg | String | Error message. |
Status code: 403
Parameter | Type | Description |
---|---|---|
error_code | String | Error code. |
error_msg | String | Error message. |
Status code: 404
Parameter | Type | Description |
---|---|---|
error_code | String | Error code. |
error_msg | String | Error message. |
Status code: 500
Parameter | Type | Description |
---|---|---|
error_code | String | Error code. |
error_msg | String | Error message. |
Example Requests¶
Authorizing an app to call an API
{
"env_id" : "DEFAULT_ENVIRONMENT_RELEASE_ID",
"app_ids" : [ "356de8eb7a8742168586e5daf5339965" ],
"api_ids" : [ "5f918d104dc84480a75166ba99efff21" ]
}
Example Responses¶
Status code: 201
Created
{
"auths" : [ {
"api_id" : "5f918d104dc84480a75166ba99efff21",
"auth_result" : {
"status" : "SUCCESS"
},
"auth_time" : "22020-08-04T04:02:22.482227344Z",
"id" : "dd29b33ae4394e3b924b582c6b40880b",
"app_id" : "356de8eb7a8742168586e5daf5339965",
"auth_role" : "PROVIDER",
"auth_tunnel" : "NORMAL"
} ]
}
Status code: 400
Bad Request
{
"error_code" : "APIG.2011",
"error_msg" : "Invalid parameter value,parameterName:api_ids. Please refer to the support documentation"
}
Status code: 401
Unauthorized
{
"error_code" : "APIG.1002",
"error_msg" : "Incorrect token or token resolution failed"
}
Status code: 403
Forbidden
{
"error_code" : "APIG.1005",
"error_msg" : "No permissions to request this method"
}
Status code: 404
Not Found
{
"error_code" : "APIG.3004",
"error_msg" : "App 356de8eb7a8742168586e5daf5339965 does not exist"
}
Status code: 500
Internal Server Error
{
"error_code" : "APIG.9999",
"error_msg" : "System error"
}
Status Codes¶
Status Code | Description |
---|---|
201 | Created |
400 | Bad Request |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
500 | Internal Server Error |
Error Codes¶
See Error Codes.