Updated on 2023-06-29 GMT+08:00

Authorizing Apps

Function

An app cannot access any APIs after being created. To access an API in a specific environment, bind the app to the API in the environment. After this operation, the app can access the API in the environment.

URI

POST /v1/{project_id}/apic/instances/{instance_id}/app-auths

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID. For details about how to obtain the project ID, see Appendix > Obtaining a Project ID in the ROMA Connect API Reference.

instance_id

Yes

String

Instance ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

env_id

Yes

String

ID of the environment in which the apps will be authorized.

Minimum: 1

Maximum: 65

app_ids

Yes

Array of strings

App IDs

api_ids

Yes

Array of strings

API list. You can specify both self-developed and purchased APIs.

auth_tunnel

No

String

Authorization channel type.

  • GREEN: green channel

  • NORMAL: non-green channel

The green channel can be enabled when the green_tunnel feature is enabled. If this field is left blank, the green channel is not used by default.

Default: NORMAL

auth_whitelist

No

Array of strings

Green channel authorization whitelist.

IP addresses in the whitelist can be accessed without authentication information. This parameter takes effect when auth_tunnel is set to GREEN.

auth_blacklist

No

Array of strings

Green channel authorization whitelist.

This parameter is valid when auth_tunnel is set to GREEN.

visit_params

No

Array of ApiAuthVisitParam objects

List of access parameters.

Table 4 ApiAuthVisitParam

Parameter

Mandatory

Type

Description

api_id

Yes

String

ID of the environment in which the apps will be authorized.

app_id

No

String

ID of the app to be authorized.

visit_param

Yes

String

Access parameters.

The value can contain letters, digits, underscores (_), and hyphens (-). Multiple parameters are separated by commas (,). Each parameter must end with a letter or digit and must be unique. The length of a single parameter cannot exceed 255 characters.

Response Parameters

Status code: 201

Table 5 Response body parameters

Parameter

Type

Description

[items]

Array of ApiAuthRelations objects

App authorization record list.

Table 6 ApiAuthRelations

Parameter

Type

Description

api_id

String

API ID.

auth_result

AuthResult object

Authorization result.

auth_time

String

Authorization time.

id

String

Authorization record ID.

app_id

String

App ID.

auth_role

String

Authorizer.

  • PROVIDER: API provider

  • CONSUMER: API user

auth_tunnel

String

Authorization channel type.

  • GREEN: green channel

  • NORMAL: non-green channel

If this field is left blank, the green channel is not used by default.

Default: NORMAL

auth_whitelist

Array of strings

Green channel authorization whitelist.

IP addresses in the whitelist can access APIs without being authenticated.

auth_blacklist

Array of strings

Authorization blacklist for the green channel.

visit_params

String

Access parameters.

Table 7 AuthResult

Parameter

Type

Description

status

String

Authorization result.

  • SUCCESS

  • SKIPPED

  • FAILED

error_msg

String

Error message displayed for an authentication failure.

error_code

String

Error code displayed for an authentication failure.

api_name

String

Name of the API for which authorization fails.

app_name

String

Name of the API for which authorization fails.

Status code: 400

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 401

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 403

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 404

Table 11 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 500

Table 12 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Example Requests

{
  "env_id" : "DEFAULT_ENVIRONMENT_RELEASE_ID",
  "app_ids" : [ "356de8eb7a8742168586e5daf5339965" ],
  "api_ids" : [ "5f918d104dc84480a75166ba99efff21" ]
}

Example Responses

Status code: 201

Created

[ {
  "api_id" : "5f918d104dc84480a75166ba99efff21",
  "auth_result" : {
    "status" : "SUCCESS"
  },
  "auth_time" : "22020-08-04T04:02:22.482227344Z",
  "id" : "dd29b33ae4394e3b924b582c6b40880b",
  "app_id" : "356de8eb7a8742168586e5daf5339965",
  "auth_role" : "PROVIDER",
  "auth_tunnel" : "NORMAL"
} ]

Status code: 400

Bad Request

{
  "error_code" : "APIG.2011",
  "error_msg" : "Invalid parameter value,parameterName:api_ids. Please refer to the support documentation"
}

Status code: 401

Unauthorized

{
  "error_code" : "APIG.1002",
  "error_msg" : "Incorrect token or token resolution failed"
}

Status code: 403

Forbidden

{
  "error_code" : "APIG.1005",
  "error_msg" : "No permissions to request this method"
}

Status code: 404

Not Found

{
  "error_code" : "APIG.3004",
  "error_msg" : "App 356de8eb7a8742168586e5daf5339965 does not exist"
}

Status code: 500

Internal Server Error

{
  "error_code" : "APIG.9999",
  "error_msg" : "System error"
}

Status Codes

Status Code

Description

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

Error Codes

See Error Codes.