Help Center/ ROMA Connect/ API Reference/ Service Integration APIs/ Access Control Policy Management/ Creating an Access Control Policy

Updated on 2025-10-22 GMT+08:00

Online Debugging

CLI Examples

View PDF

Creating an Access Control Policy

Function

This API is used to create an access control policy to allow or deny API access from certain IP addresses or tenants. The acl_value value of a domain is a tenant name rather than a domain name (such as www.exampleDomain.com).

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.

URI

POST /v2/{project_id}/apic/instances/{instance_id}/acls

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain the project ID, see Appendix > Obtaining a Project ID in the ROMA Connect API Reference.
instance_id	Yes	String	Instance ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
acl_name	Yes	String	Access control policy name. The value contains 3 to 64 characters, including letters, digits, and underscores (_). It must start with a letter.
acl_type	Yes	String	Access control type. PERMIT (whitelist) DENY (blacklist)
acl_value	Yes	String	One or more objects from which the access will be controlled. Separate multiple objects with commas. If entity_type is set to IP, enter up to 100 IP addresses. If entity_type is set to DOMAIN, enter account names. Each account name can contain up to 64 ASCII characters except commas (,). Do not use only digits. The total length cannot exceed 1,024 characters. If entity_type is set to DOMAIN_ID, enter account IDs. For details about how to obtain an account ID, see "Appendix" > "Obtaining an Account Name and Account ID" in this document.
entity_type	Yes	String	Object type. IP: IP address. DOMAIN: Account name. DOMAIN_ID: Account ID.

Response Parameters

Status code: 201

**Table 4** Response body parameters
Parameter	Type	Description
acl_name	String	Name.
acl_type	String	Type. PERMIT (whitelist) DENY (blacklist)
acl_value	String	Access control objects.
entity_type	String	Object type. IP DOMAIN DOMAIN_ID
id	String	ID.
update_time	String	Update time.

Status code: 400

**Table 5** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 401

**Table 6** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 403

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 404

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 500

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Example Requests

Create an access control policy with type as PERMIT and object as IP.

{
  "acl_name" : "acl_demo",
  "acl_type" : "PERMIT",
  "acl_value" : "192.168.1.5,192.168.10.1",
  "entity_type" : "IP"
}

Example Responses

Status code: 201

Created

{
  "id" : "7eb619ecf2a24943b099833cd24a01ba",
  "acl_name" : "acl_demo",
  "entity_type" : "IP",
  "acl_type" : "PERMIT",
  "acl_value" : "192.168.1.5,192.168.10.1",
  "update_time" : "2020-08-04T08:42:43.461276217Z"
}

Status code: 400

Bad Request

{
  "error_code" : "APIG.2011",
  "error_msg" : "Invalid parameter value,parameterName:acl_type. Please refer to the support documentation"
}

Status code: 401

Unauthorized

{
  "error_code" : "APIG.1002",
  "error_msg" : "Incorrect token or token resolution failed"
}

Status code: 403

Forbidden

{
  "error_code" : "APIG.1005",
  "error_msg" : "No permissions to request this method"
}

Status code: 404

Not Found

{
  "error_code" : "APIG.3030",
  "error_msg" : "The instance does not exist;id:f0fa1789-3b76-433b-a787-9892951c620e"
}

Status code: 500

Internal Server Error

{
  "error_code" : "APIG.9999",
  "error_msg" : "System error"
}

Status Codes

Status Code	Description
201	Created
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
500	Internal Server Error

Error Codes

See Error Codes.

Parent topic: Access Control Policy Management

Previous topic: Access Control Policy Management

Next topic: Modifying an Access Control Policy

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot