Help Center/ ROMA Connect/ API Reference/ Service Integration APIs/ Credential Authorization Management/ Credential Authorization

Updated on 2025-10-22 GMT+08:00

Online Debugging

CLI Examples

View PDF

Credential Authorization

Function

An app cannot access any APIs after being created. To access an API in a specific environment, bind the app to the API in the environment. After this operation, the app can access the API in the environment.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.

URI

POST /v2/{project_id}/apic/instances/{instance_id}/app-auths

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain the project ID, see Appendix > Obtaining a Project ID in the ROMA Connect API Reference.
instance_id	Yes	String	Instance ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
env_id	Yes	String	ID of the environment in which the apps will be authorized.
app_ids	Yes	Array of strings	App IDs
api_ids	Yes	Array of strings	API list. You can specify both self-developed and purchased APIs.
auth_tunnel	No	String	Authorization channel type. GREEN: green channel NORMAL: non-green channel The green channel can be enabled when the green_tunnel feature is enabled. If this field is left blank, the green channel is not used by default.
auth_whitelist	No	Array of strings	Green channel authorization whitelist. IP addresses in the whitelist can be accessed without authentication information. This parameter takes effect when auth_tunnel is set to GREEN.
auth_blacklist	No	Array of strings	Green channel authorization whitelist. This parameter is valid when auth_tunnel is set to GREEN.
visit_params	No	Array of ApiAuthVisitParam objects	List of access parameters.

**Table 4** ApiAuthVisitParam
Parameter	Mandatory	Type	Description
api_id	Yes	String	ID of the environment in which the apps will be authorized.
app_id	No	String	ID of the app to be authorized.
visit_param	Yes	String	Access parameters. The value can contain letters, digits, underscores (_), and hyphens (-). Multiple parameters are separated by commas (,). Each parameter must end with a letter or digit and must be unique. The length of a single parameter cannot exceed 255 characters.

Response Parameters

Status code: 201

**Table 5** Response body parameters
Parameter	Type	Description
auths	Array of ApiAuthRelations objects	App authorization record list.

**Table 6** ApiAuthRelations
Parameter	Type	Description
api_id	String	API ID.
auth_result	AuthResult object	Authorization result.
auth_time	String	Authorization time.
id	String	Authorization record ID.
app_id	String	App ID.
auth_role	String	Authorizer. PROVIDER: API provider CONSUMER: API user
auth_tunnel	String	Authorization channel type. GREEN: green channel NORMAL: non-green channel If this field is left blank, the green channel is not used by default.
auth_whitelist	Array of strings	Green channel authorization whitelist. IP addresses in the whitelist can access APIs without being authenticated.
auth_blacklist	Array of strings	Authorization blacklist for the green channel.
visit_params	String	Access parameters.

**Table 7** AuthResult
Parameter	Type	Description
status	String	Authorization result. SUCCESS SKIPPED FAILED
error_msg	String	Error message displayed for an authentication failure.
error_code	String	Error code displayed for an authentication failure.
api_name	String	Name of the API for which authorization fails.
app_name	String	Name of the API for which authorization fails.

Status code: 400

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 401

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 403

**Table 10** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 404

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 500

**Table 12** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Example Requests

Bind an app to an API in a specified environment.

{
  "env_id" : "DEFAULT_ENVIRONMENT_RELEASE_ID",
  "app_ids" : [ "356de8eb7a8742168586e5daf5339965" ],
  "api_ids" : [ "5f918d104dc84480a75166ba99efff21" ]
}

Example Responses

Status code: 201

Created

{
  "auths" : [ {
    "api_id" : "5f918d104dc84480a75166ba99efff21",
    "auth_result" : {
      "status" : "SUCCESS"
    },
    "auth_time" : "2020-08-04T04:02:22.482227344Z",
    "id" : "dd29b33ae4394e3b924b582c6b40880b",
    "app_id" : "356de8eb7a8742168586e5daf5339965",
    "auth_role" : "PROVIDER",
    "auth_tunnel" : "NORMAL",
    "auth_whitelist" : [ ],
    "auth_blacklist" : [ ]
  } ]
}

Status code: 400

Bad Request

{
  "error_code" : "APIG.2011",
  "error_msg" : "Invalid parameter value,parameterName:api_ids. Please refer to the support documentation"
}

Status code: 401

Unauthorized

{
  "error_code" : "APIG.1002",
  "error_msg" : "Incorrect token or token resolution failed"
}

Status code: 403

Forbidden

{
  "error_code" : "APIG.1005",
  "error_msg" : "No permissions to request this method"
}

Status code: 404

Not Found

{
  "error_code" : "APIG.3004",
  "error_msg" : "App 356de8eb7a8742168586e5daf5339965 does not exist"
}

Status code: 500

Internal Server Error

{
  "error_code" : "APIG.9999",
  "error_msg" : "System error"
}

Status Codes

Status Code	Description
201	Created
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
500	Internal Server Error

Error Codes

See Error Codes.

Parent topic: Credential Authorization Management

Previous topic: Credential Authorization Management

Next topic: Canceling Authorization

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot