Binding an Access Control Policy

As a protection mechanism for backend services, access control policies control the client (API caller) IP addresses that can access APIs. You can bind an access control policy to allow or deny access of specified IP addresses to an API.

Procedure

  1. Go to the APIG console.

  2. Select a gateway at the top of the navigation pane.

  1. In the navigation pane, choose API Management > Credentials.

  2. Click the name of the target credential.

  3. In the Access Control Policy area, click Bind.

  4. Configure the policy information.

    Table 1 Access control policy configuration

    Parameter

    Description

    Effect

    Access control type. Options:

    • Allow: Only clients with specified IP addresses are allowed to call APIs to which the credential is bound.

    • Deny: Clients with specified IP addresses are not allowed to call APIs to which the credential is bound.

    IP Addresses

    Click Add IP Address to add IP addresses.

  5. After the configuring is complete, click OK.