Help Center/ ROMA Connect/ API Reference/ Service Integration APIs/ Custom Authorizer Management/ Creating a Custom Authorizer

Updated on 2025-07-18 GMT+08:00

View PDF

Creating a Custom Authorizer

Function

URI

POST /v2/{project_id}/apic/instances/{instance_id}/authorizers

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain the project ID, see Appendix > Obtaining a Project ID in the ROMA Connect API Reference.
instance_id	Yes	String	Instance ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
name	Yes	String	Custom authorizer name. The value contains 3 to 64 characters, including letters, digits, and underscores (_). The value must start with a letter.
type	Yes	String	Custom authorizer type. FRONTEND BACKEND
authorizer_type	Yes	String	Type of the custom authentication function. LD: custom backend function FUNC: FunctionGraph function
authorizer_uri	Yes	String	Function URN. Note: To use a custom backend function API, the API request method must be POST and the API status must be Deployed.
network_type	No	String	Function network architecture: V1: non-VPC V2: VPC Note: This field does not take effect in APIC scenarios.
authorizer_version	No	String	Function version. If both the alias and version are specified, the version will be ignored and only the alias will be used.
authorizer_alias_uri	No	String	Function alias. If both the alias and version are specified, the version will be ignored and only the alias will be used.
identities	No	Array of Identity objects	Authentication source.
ttl	No	Integer	Cache time.
user_data	No	String	User data.
ld_api_id	No	String	Custom backend service ID. This parameter is mandatory when the type of the user-defined authentication function is LD.
need_body	No	Boolean	Indicates whether to send request body.
auth_downgrade_enabled	No	Boolean	Relaxed mode. (Whether the gateway receives requests from clients when the function authentication service cannot be connected or returns an error code starting with "5".)

**Table 4** Identity
Parameter	Mandatory	Type	Description
name	Yes	String	Parameter name. The value must start with a digit or letter, and can include digits, letters, underscores (_), hyphens (-), and periods (.).
location	Yes	String	Parameter location.
validation	No	String	Parameter verification expression. The default value is null, indicating that no verification is performed.

Response Parameters

Status code: 201

**Table 5** Response body parameters
Parameter	Type	Description
name	String	Custom authorizer name. The value contains 3 to 64 characters, including letters, digits, and underscores (_). The value must start with a letter.
type	String	Custom authorizer type. FRONTEND BACKEND
authorizer_type	String	Type of the custom authentication function. LD: custom backend function FUNC: FunctionGraph function
authorizer_uri	String	Function URN. Note: To use a custom backend function API, the API request method must be POST and the API status must be Deployed.
network_type	String	Function network architecture: V1: non-VPC V2: VPC Note: This field does not take effect in APIC scenarios.
authorizer_version	String	Function version. If both the alias and version are specified, the version will be ignored and only the alias will be used.
authorizer_alias_uri	String	Function alias. If both the alias and version are specified, the version will be ignored and only the alias will be used.
identities	Array of Identity objects	Authentication source.
ttl	Integer	Cache time.
user_data	String	User data.
ld_api_id	String	Custom backend service ID. This parameter is mandatory when the type of the user-defined authentication function is LD.
need_body	Boolean	Indicates whether to send request body.
auth_downgrade_enabled	Boolean	Relaxed mode. (Whether the gateway receives requests from clients when the function authentication service cannot be connected or returns an error code starting with "5".)
id	String	Custom authorizer ID.
create_time	String	Creation time.
roma_app_id	String	ID of the application to which the custom authorizer belongs.
roma_app_name	String	Name of the application to which the custom authorizer belongs.

**Table 6** Identity
Parameter	Type	Description
name	String	Parameter name. The value must start with a digit or letter, and can include digits, letters, underscores (_), hyphens (-), and periods (.).
location	String	Parameter location.
validation	String	Parameter verification expression. The default value is null, indicating that no verification is performed.

Status code: 400

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 401

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 403

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 404

**Table 10** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 500

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Example Requests

Create a custom frontend authorizer with function type as custom backend function and authentication source as header.

{
  "name" : "Authorizer_demo",
  "type" : "FRONTEND",
  "authorizer_type" : "LD",
  "ld_api_id" : "6f8e61317e4e4fbf8e8220cc19fcced9",
  "authorizer_uri" : "/test",
  "network_type" : "",
  "authorizer_version" : "",
  "authorizer_alias_uri" : "",
  "identities" : [ {
    "name" : "header",
    "location" : "HEADER"
  } ],
  "ttl" : 5
}

Example Responses

Status code: 201

Created

{
  "name" : "Authorizer_demo",
  "type" : "FRONTEND",
  "authorizer_type" : "LD",
  "authorizer_uri" : "/test",
  "network_type" : "",
  "authorizer_version" : "",
  "authorizer_alias_uri" : "",
  "identities" : [ {
    "name" : "header",
    "location" : "HEADER"
  } ],
  "ttl" : 5,
  "id" : "0d982c1ac3da493dae47627b6439fc5c",
  "create_time" : "2020-09-23T02:32:10.354159293Z",
  "need_body" : true
}

Status code: 400

Bad Request

{
  "error_code" : "APIG.2011",
  "error_msg" : "Invalid parameter value,parameterName:type. Please refer to the support documentation"
}

Status code: 401

Unauthorized

{
  "error_code" : "APIG.1002",
  "error_msg" : "Incorrect token or token resolution failed"
}

Status code: 403

Forbidden

{
  "error_code" : "APIG.1005",
  "error_msg" : "No permissions to request this method"
}

Status code: 404

Not Found

{
  "error_code" : "APIG.3019",
  "error_msg" : "The function URN does not exist"
}

Status code: 500

Internal Server Error

{
  "error_code" : "APIG.9999",
  "error_msg" : "System error"
}

Status Codes

Status Code	Description
201	Created
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
500	Internal Server Error

Error Codes

See Error Codes.

Parent topic: Custom Authorizer Management

Previous topic: Custom Authorizer Management

Next topic: Modifying a Custom Authorizer

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel