Help Center/ GaussDB/ API Reference/ APIs (Recommended)/ Database and Account Management/ Querying a Client Access Authentication Configuration
Updated on 2025-10-20 GMT+08:00
View PDF
Share

Querying a Client Access Authentication Configuration

Function

This API is used to query the client access authentication configuration of an instance. Before calling this API:

Debugging

You can debug this API in API Explorer.

URI

GET /v3/{project_id}/instances/{instance_id}/hba-info

Table 1 Parameter description

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition

Project ID of a tenant in a region.

To obtain the value, see Obtaining a Project ID.

Constraints

N/A

Range

The value can contain 32 characters. Only letters and digits are allowed.

Default Value

N/A

instance_id

Yes

String

Definition

Instance ID, which uniquely identifies an instance.

Constraints

N/A

Range

The value can contain 36 characters. Only letters and digits are allowed.

Default Value

N/A

offset

No

Integer

Definition

Offset for pagination. The query starts from the next piece of data indexed by this parameter. For example, if this parameter is set to 1 and limit is set to 10, only the 11th to 20th records on the 2nd page are displayed.

Constraints

N/A

Range

[0,2^31-1]

Default Value

0: The query starts from the first data record.

limit

No

Integer

Definition

Number of records displayed per page.

Constraints

N/A

Range

[1,100]

Default Value

10

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Definition

User token.

You can obtain the token by calling the IAM API used to obtain a user token.

The value of X-Subject-Token in the response header is the token value.

Constraints

N/A

Range

N/A

Default Value

N/A

X-Language

No

String

Definition

Language.

Constraints

N/A

Range

  • zh-cn
  • en-us

Default Value

en-us

Response Parameters

Table 3 Parameter description

Parameter

Type

Description

hba_confs

Array of objects

Definition

Client access configuration represented by each element in the list. For details, see Table 4.

total_count

Integer

Definition

Total number of records.

Range

[0,2^31 – 1]
Table 4 Data structure description of the hba_confs field

Parameter

Type

Description

type

String

Definition

Client connection type.

Range

  • host: The record accepts either a common TCP/IP-socket connection or a TCP/IP-socket connection encrypted through SSL.
  • hostssl: The record accepts only a TCP/IP socket connection encrypted through SSL.
  • hostnossl: The record accepts only a common TCP/IP socket connection.

database

String

Definition

Database that a record matches and can access. In the multi-tenancy scenario, this parameter specifies the PDB that a record matches and can access.

Range

  • all: The record matches all databases.
  • A specific database name or a list of databases separated by commas (,)
    NOTE:
    • replication: If a replication connection is requested, the record matches the connection. But this does not mean that the record matches any specific database. To use a database named replication, specify it in the database column.
    • In a multi-tenant database, the value replication_pdb1 indicates that if a replication connection named pdb1 is requested, the matching is successful. The value replication takes effect only for non-PDBs.
    • The PDB replication connection takes effect in replication_[pdbname] mode. pdbname indicates the name of the created PDB.
    • To use a database named replication_pdb1, specify it in the database column.

user

String

Definition

Users who match the record and are allowed to access databases.

Range

  • all: The record matches all users.
  • A specific database username or a list of users separated by commas (,)

address

String

Definition

Range of IP addresses that match the record and can be accessed.

Range

IPv4 and IPv6 addresses are supported. The IP address range can be expressed in the following format:

IP-address/mask-length Example: 10.10.0.0/24 or 2001:250:250:250:250:250:250:175/128.

method

String

Definition

Authentication mode used for connection.

Range

User APIs support the following authentication modes:

  • reject: A connection is rejected unconditionally. It is often used to filter certain hosts.
  • md5: MD5 has lower security and poses security risks. Therefore, you are advised to use a more secure cryptographic algorithm. md5 is not supported by default. You can configure the password_encryption_type parameter.
  • sha256: The client is required to provide a SHA256-encrypted password for authentication. The password is encrypted based on the unidirectional SHA-256 of salt (a random number sent from the server to the client) when being transmitted, enhancing the security.
  • sm3: The client is required to provide an SM3-encrypted password for authentication. The password is encrypted based on the one-way SM3 of salt (a random number sent from the server to the client) when being transmitted, enhancing the security.
  • cert: A client certificate is used for authentication. In this mode, the SSL connection must be configured and the client must provide a valid SSL certificate. The user password is not required. The cert authentication mode supports only the hostssl client connection type.

Example Request

Querying database roles

GET https://gaussdb-opengauss.ap-southeast-1.myhuaweicloud.com/v3/0483b6b16e954cb88930a360d2c4e663/instances/{instance_id}/hba-info

Example Response

Succeeded in querying the client access authentication configuration.

{
    "hba_confs": [
        {
            "type": "host",
            "database": "all",
            "user": "all",
            "address": "0.0.0.0/0",
            "method": "sha256"
        }
    ],
    "total_count": 1
}

Status Codes

Error Codes

For details, see Error Codes.