Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
On this page
Help Center/ API Gateway/ Dedicated API Gateway API Reference (Paris Region)/ Permissions Policies and Supported Actions

Permissions Policies and Supported Actions

Updated on 2023-12-19 GMT+08:00

This chapter describes fine-grained permissions management for your APIG.

NOTE:
  • If your account does not require individual IAM users, skip this section.
  • Only dedicated gateways support fine-grained permissions management.

By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles (in JSON format) to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.

An account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. The permissions required for calling an API are determined by the actions supported by the API. Only IAM users who have been granted permissions allowing the actions can call the API successfully. For example, if an IAM user wants to create APIs using an API, the user must have been granted permissions that allow the apig:apis:create action.

Supported Actions

Operations supported by policies are specific to APIs. The following are common concepts related to policies:

  • Permission: A statement in a policy that allows or denies certain operations.
  • Action: Specific operations that are allowed or denied.
  • API: REST APIs that can be called by a user who has been granted specific permissions.
  • Authorization scope: Type of projects in which policies can be used to grant permissions. A policy can be applied to IAM projects, enterprise projects, or both. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that only contain actions for IAM projects can be used and only take effect for IAM.

APIG supports actions that can be defined in custom policies. Permissions must be obtained before calling APIs provided by APIG.

Table 1 Supported actions

Description

Action

API

IAM Project

Enterprise Project

Creating a dedicated gateway

apig:instances:create

POST /v2/{project_id}/apigw/instances

Deleting a dedicated gateway

apig:instances:delete

DELETE /v2/{project_id}/apigw/instances/{instance_id}

Updating a dedicated gateway

apig:instances:update

PUT

/v2/{project_id}/apigw/instances/{instance_id}

Querying details of a dedicated gateway

apig:instances:get

GET

/v2/{project_id}/apigw/instances/{instance_id}

Querying a dedicated gateway list

apig:instances:list

GET /v2/{project_id}/apigw/instances

Creating an API group

apig:groups:create

POST /v2/{project_id}/apigw/instances/{instance_id}/api-groups

Deleting an API group

apig:groups:delete

DELETE /v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}

Querying details of an API group

apig:groups:get

GET

/v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}

Querying an API group list

apig:groups:list

GET

/v2/{project_id}/apigw/instances/{instance_id}/api-groups

Binding a domain name to an API group

apig:domains:create

POST

/v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains

Deleting a domain name bound to an API group

apig:domains:delete

DELETE

/v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}

Adding a certificate to a domain name

apig:domains:bindCertificate

POST

/v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificate

Deleting a certificate bound to a domain name

apig:domains:unbindCertificate

DELETE

/v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificate/{certificate_id}

Querying details of a certificate bound to a domain name

apig:domains:getCertificate

GET

/v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificate/{certificate_id}

Creating an environment variable

apig:variables:create

POST

/v2/{project_id}/apigw/instances/{instance_id}/env-variables

Deleting an environment variable

apig:variables:delete

DELETE

/v2/{project_id}/apigw/instances/{instance_id}/env-variables/{env_variable_id}

Querying details of an environment variable

apig:variables:get

GET

/v2/{project_id}/apigw/instances/{instance_id}/env-variables/{env_variable_id}

Querying an environment variable list

apig:variables:list

GET

/v2/{project_id}/apigw/instances/{instance_id}/env-variables

Creating an API

apig:apis:create

POST

/v2/{project_id}/apigw/instances/{instance_id}/apis

Deleting an API

apig:apis:delete

DELETE /v2/{project_id}/apigw/instances/{instance_id}/apis/{api_id}

Publishing an API

apig:apis:publish

POST /v2/{project_id}/apigw/instances/{instance_id}/apis/action

Taking an API offline

apig:apis:offline

POST /v2/{project_id}/apigw/instances/{instance_id}/apis/action

Debugging an API

apig:apis:debug

POST /v2/{project_id}/apigw/instances/{instance_id}/apis/debug/{api_id}

Importing an API

apig:apis:import

POST /v2/{project_id}/apigw/instances/{instance_id}/openapi/import

Exporting an API

apig:apis:export

POST /v2/{project_id}/apigw/instances/{instance_id}/openapi/export

Authorizing an app to access an API

apig:apis:grantAppAccess

POST /v2/{project_id}/apigw/instances/{instance_id}/app-auths

Canceling the authorization of an app for accessing an API

apig:apis:relieveAppAccess

DELETE /v2/{project_id}/apigw/instances/{instance_id}/app-auths/{app_auth_id}

Binding a signature key to an API

apig:apis:bindSigns

POST /v2/{project_id}/apigw/instances/{instance_id}/sign-bindings

Unbinding a signature key from an API

apig:apis:unbindSigns

DELETE /v2/{project_id}/apigw/instances/{instance_id}/sign-bindings/{sign_bindings_id}

Binding an access control policy to an API

apig:apis:bindAcls

POST /v2/{project_id}/apigw/instances/{instance_id}/acl-bindings

Unbinding an access control policy from an API

apig:apis:unbindAcls

DELETE /v2/{project_id}/apigw/instances/{instance_id}/acl-bindings/{acl_bindings_id}

Binding a request throttling policy to an API

apig:apis:bindThrottles

POST /v2/{project_id}/apigw/instances/{instance_id}/throttle-bindings

Unbinding a request throttling policy from an API

apig:apis:unbindThrottles

DELETE /v2/{project_id}/apigw/instances/{instance_id}/throttle-bindings/{throttle_binding_id}

Querying details of an API

apig:apis:get

GET /v2/{project_id}/apigw/instances/{instance_id}/apis/{api_id}

Querying an API list

apig:apis:list

GET /v2/{project_id}/apigw/instances/{instance_id}/apis

Querying the list of apps bound to an API

apig:apis:listBindedApps

GET /v2/{project_id}/apigw/instances/{instance_id}/app-auths/binded-apps

Querying the list of signature keys bound to an API

apig:apis:listBindedSigns

GET /v2/{project_id}/apigw/instances/{instance_id}/sign-bindings/binded-signs

Querying the list of access control policies bound to an API

apig:apis:listBindedAcls

GET /v2/{project_id}/apigw/instances/{instance_id}/acl-bindings/binded-acls

Querying the list of request throttling policies bound to an API

apig:apis:listBindedTrottles

GET /v2/{project_id}/apigw/instances/{instance_id}/throttle-bindings/binded-throttles

Creating an environment

apig:envs:create

POST /v2/{project_id}/apigw/instances/{instance_id}/envs

Deleting an environment

apig:envs:delete

DELETE /v2/{project_id}/apigw/instances/{instance_id}/envs/{env_id}

Querying an environment list

apig:envs:list

GET /v2/{project_id}/apigw/instances/{instance_id}/envs

Creating an app

apig:apps:create

POST /v2/{project_id}/apigw/instances/{instance_id}/apps

Deleting an app

apig:apps:delete

DELETE /v2/{project_id}/apigw/instances/{instance_id}/apps/{app_id}

Querying details of an app

apig:apps:get

GET /v2/{project_id}/apigw/instances/{instance_id}/apps/{app_id}

Querying an app list

apig:apps:list

GET /v2/{project_id}/apigw/instances/{instance_id}/apps

Querying the list of APIs bound to an app

apig:apps:listBindedApis

GET /v2/{project_id}/apigw/instances/{instance_id}/app-auths/binded-apis

Querying the list of APIs not bound to an app

apig:apps:listUnbindedApis

GET /v2/{project_id}/apigw/instances/{instance_id}/app-auths/unbinded-apis

Creating a signature key

apig:signs:create

POST /v2/{project_id}/apigw/instances/{instance_id}/signs

Deleting a signature key

apig:signs:delete

DELETE /v2/{project_id}/apigw/instances/{instance_id}/signs/{sign_id}

Querying a signature key list

apig:signs:list

GET /v2/{project_id}/apigw/instances/{instance_id}/signs

Querying the list of APIs bound to a signature key

apig:signs:listBindedApis

GET /v2/{project_id}/apigw/instances/{instance_id}/sign-bindings/binded-apis

Querying the list of APIs not bound to a signature key

apig:signs:listUnbindedApis

GET /v2/{project_id}/apigw/instances/{instance_id}/sign-bindings/unbinded-apis

Creating an access control policy

apig:acls:create

POST /v2/{project_id}/apigw/instances/{instance_id}/acls

Deleting an access control policy

apig:acls:delete

DELETE /v2/{project_id}/apigw/instances/{instance_id}/acls/{acl_id}

Querying details of an access control policy

apig:acls:get

GET /v2/{project_id}/apigw/instances/{instance_id}/acls/{acl_id}

Querying an access control policy list

apig:acls:list

GET /v2/{project_id}/apigw/instances/{instance_id}/acls

Querying the list of APIs bound to an access control policy

apig:acls:listBindedApis

GET /v2/{project_id}/apigw/instances/{instance_id}/acl-bindings/binded-apis

Querying the list of APIs not bound to an access control policy

apig:acls:listUnbindedApis

GET /v2/{project_id}/apigw/instances/{instance_id}/acl-bindings/unbinded-apis

Creating a request throttling policy

apig:throttles:create

POST /v2/{project_id}/apigw/instances/{instance_id}/throttles

Deleting a request throttling policy

apig:throttles:delete

DELETE /v2/{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}

Querying details of a request throttling policy

apig:throttles:get

GET /v2/{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}

Querying a request control policy list

apig:throttles:list

GET /v2/{project_id}/apigw/instances/{instance_id}/throttles

Querying the list of APIs bound to a request control policy

apig:throttles:listBindedApis

GET /v2/{project_id}/apigw/instances/{instance_id}/throttle-bindings/binded-apis

Querying the list of APIs not bound to a request control policy

apig:throttles:listUnbindedApis

GET /v2/{project_id}/apigw/instances/{instance_id}/throttle-bindings/unbinded-apis

Creating an excluded request throttling configuration

apig:specialThrottles:create

POST /v2/{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials

Deleting an excluded request throttling configuration

apig:specialThrottles:delete

DELETE /v2/{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials/{strategy_id}

Querying excluded request throttling configurations

apig:specialThrottles:get

GET /v2/{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials

Creating a VPC channel

apig:vpcChannels:create

POST /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels

Deleting a VPC channel

apig:vpcChannels:delete

DELETE /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}

Updating a VPC channel

apig:vpcChannels:update

PUT /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}

Creating a backend instance

apig:vpcChannels:addInstance

POST /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members

Deleting a backend instance

apig:vpcChannels:deleteInstance

DELETE /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members/{member_id}

Querying details of a VPC channel

apig:vpcs:get

GET /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}

Querying a VPC channel list

apig:vpcs:list

GET /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels

Creating a custom authorizer

apig:authorizers:create

POST /v2/{project_id}/apigw/instances/{instance_id}/authorizers

Deleting a custom authorizer

apig:authorizers:delete

DELETE /v2/{project_id}/apigw/instances/{instance_id}/authorizers/{authorizer_id}

Querying details of a custom authorizer

apig:authorizers:get

GET /v2/{project_id}/apigw/instances/{instance_id}/authorizers/{authorizer_id}

Query a custom authorizer list

apig:authorizers:list

GET /v2/{project_id}/apigw/instances/{instance_id}/authorizers

Querying a tag list

apig:tags:list

GET /v2/{project_id}/apigw/instances/{instance_id}/tags

Querying an instance feature list

apig:features:list

GET /v2/{project_id}/apigw/instances/{instance_id}/features

Creating an instance feature

apig:features:create

POST /v2/{project_id}/apigw/instances/{instance_id}/features

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback