Help Center/ VPC Endpoint/ API Reference/ API/ VPC Endpoint Services/ Batch Adding or Deleting Whitelist Records of a VPC Endpoint Service
Updated on 2025-10-28 GMT+08:00
View PDF

Batch Adding or Deleting Whitelist Records of a VPC Endpoint Service

Function

This API is used to batch add or delete whitelist records of a VPC endpoint service.

Note

Your account is in the whitelist of your own VPC endpoint service by default.

Calling Method

For details, see Calling APIs.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

  • If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
  • If you are using identity policy-based authorization, the following identity policy-based permissions are required.

    Action

    Access Level

    Resource Type (*: required)

    Condition Key

    Alias

    Dependencies

    vpcep:endpointServices:updatePermissions

    Permission_management

    endpointServices *

    -
    • vpcep:permissions:update

    -

    -

    • vpcep:VpceEndpointOrgPath

    • vpcep:VpceEndpointOwner

URI

POST /v1/{project_id}/vpc-endpoint-services/{vpc_endpoint_service_id}/permissions/action

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Specifies the project ID.

vpc_endpoint_service_id

Yes

String

Specifies the ID of the VPC endpoint service.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Specifies the user token. It can be obtained by calling the IAM API. The value of X-Subject-Token in the response header is the user token.

Content-Type

No

String

Specifies the MIME type of the request body. Default value application/json is recommended. For APIs used to upload objects or images, the MIME type varies depending on the flow type.
Table 3 Request body parameters

Parameter

Mandatory

Type

Description

permissions

Yes

Array of strings

Specifies the permissions.

The permission formats are as follows:

  • iam:domain::domain_id

  • organizations:orgPath::org_path

iam:domain:: is a fixed format. domain_id indicates the account ID of the user that can be connected.

domain_id can contain a maximum of 64 characters, including only letters and digits.

organizations:orgPath:: is a fixed format. org_path indicates the organization path of the user that can be connected.

org_path can contain a maximum of 1,024 characters, including only letters, digits, forward slashes (/), hyphens (-), and question marks (?).

You can also enter an asterisk (*) for domain_id or org_path, which indicates that this VPC endpoint service allows accesses from any VPC endpoint.

Examples:

  • iam:domain::6e9dfd51d1124e8d8498dce894923a0dd

  • organizations:orgPath::o-3j59d1231uprgk9yuvlidra7zbzfi578/r-rldbu1vmxdw5ahdkknxnvd5rgag77m2z/ou-7tuddd8nh99rebxltawsm6qct5z7rklv/*

permission_type

No

String

Specifies the whitelist type of the VPC endpoint service.

  • domainId: indicates the whitelisted ID of the account that can create VPC endpoints to connect to the VPC endpoint service.

  • orgPath: indicates the whitelisted organization path under which accounts can create VPC endpoints to connect to the VPC endpoint service.

action

Yes

String

Specifies the action to be performed, which can be add or remove.

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

permissions

Array of strings

Specifies the permissions.

The permission formats are as follows:

  • iam:domain::domain_id

  • organizations:orgPath::org_path

iam:domain:: is a fixed format. domain_id indicates the account ID of the user that can be connected.

domain_id can contain a maximum of 64 characters, including only letters and digits.

organizations:orgPath:: is a fixed format. org_path indicates the organization path of the user that can be connected.

org_path can contain a maximum of 1,024 characters, including only letters, digits, forward slashes (/), hyphens (-), and question marks (?).

You can also enter an asterisk (*) for domain_id or org_path, which indicates that this VPC endpoint service allows accesses from any VPC endpoint.

Examples:

  • iam:domain::6e9dfd51d1124e8d8498dce894923a0dd

  • organizations:orgPath::o-3j59d1231uprgk9yuvlidra7zbzfi578/r-rldbu1vmxdw5ahdkknxnvd5rgag77m2z/ou-7tuddd8nh99rebxltawsm6qct5z7rklv/*

permission_type

String

Specifies the whitelist type of the VPC endpoint service.

  • domainId: indicates the whitelisted ID of the account that can create VPC endpoints to connect to the VPC endpoint service.

  • orgPath: indicates the whitelisted organization path under which accounts can create VPC endpoints to connect to the VPC endpoint service.

Example Requests

  • Adding a Whitelist for a VPC Endpoint Service

    POST https://{endpoint}/v1/{project_id}/vpc-endpoint-services/4189d3c2-8882-4871-a3c2- d380272eed88/permissions/action

{
  "permissions" : [ "iam:domain::fc973eea581490997e82ea11a1d0101" ],
  "action" : "add"
}

  • Removing a VPC Endpoint Service from the Whitelist

    POST https://{endpoint}/v1/{project_id}/vpc-endpoint-services/4189d3c2-8882-4871-a3c2- d380272eed88/permissions/action

{
  "permissions" : [ "iam:domain::fc973eea581490997e82ea11a1d0101" ],
  "action" : "remove"
}

Example Responses

Status code: 200

The server has successfully processed the request.

{
  "permissions" : [ "iam:domain::5fc973eea581490997e82ea11a1d0101", "iam:domain::5fc973eea581490997e82ea11a1d0102" ]
}

Status Codes

Status Code

Description

200

The server has successfully processed the request.

Error Codes

See Error Codes.

Parent Topic: VPC Endpoint Services