API Gateway (APIG)
SCPs do not actually grant any permissions to a principal. They only set the permissions boundary for the principal. When SCPs are attached to a member account or an organizational unit (OU), they do not directly grant permissions to that member account or OU. Instead, the SCPs just determine what permissions are available for that member account or the member accounts under that OU.
This section describes the elements used by IAM custom identity policies and Organizations SCPs. The elements include actions, resources, and conditions.
For details about how to use these elements to create a custom SCP, see Creating an SCP.
Actions
Actions are specific operations that are allowed or denied in an SCP.
- The Access Level column describes how the action is classified (List, Read, or Write). This classification helps you understand the level of access that an action grants when you use it in an SCP.
- The Resource Type column indicates whether the action supports resource-level permissions.
- You can use a wildcard (*) to indicate all resource types. If this column is empty (-), the action does not support resource-level permissions, and you must specify all resources ("*") in your SCP statements.
- If this column includes a resource type, you must specify the URN in the Resource element of your statements.
- Required resources are marked with asterisks (*) in the table. If you specify a resource in a statement using this action, then it must be of this type.
For details about the resource types defined by APIG, see Resources.
- The Condition Key column includes keys that you can specify in the Condition element of an SCP statement.
- If the Resource Type column has values for an action, the condition key takes effect only for the listed resource types.
- If the Resource Type column is empty (-) for an action, the condition key takes effect for all resources that action supports.
- If the Condition Key column is empty (-) for an action, the action does not support any condition keys.
For details about the condition keys defined by APIG, see Conditions.
The following table lists the actions that you can define in SCP statements for APIG.
|
Action |
Description. |
Access Level |
Resource Type (*: required) |
Condition Key |
Alias |
|---|---|---|---|---|---|
|
apig:acl:list |
Grants permissions to query access control policies. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:acls:list |
|
apig:acl:create |
Grants permissions to create an access control policy. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:acls:create |
|
apig:acl:batchDelete |
Grants permissions to delete access control policies in batches. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:acls:delete |
|
apig:acl:delete |
Grants permissions to delete an access control policy. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:acls:delete |
|
apig:acl:get |
Grants permissions to query access control policy details. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:acls:get |
|
apig:acl:update |
Grants permissions to modify an access control policy. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:acls:update |
|
apig:api:bindAcl |
Grants permissions to bind APIs with access control policies. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:bindAcls |
|
apig:api:batchUnbindAcl |
Grants permissions to unbind access control policies from APIs in batches. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:unbindAcls |
|
apig:api:unbindAcl |
Grants permissions to unbind access control policies from APIs. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:unbindAcls |
|
apig:api:listBoundAcl |
Grants permissions to query access control policies bound to a specified API. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:listBindedAcls |
|
apig:acl:listBoundApi |
Grants permissions to query APIs bound to a specified access control policy. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:acls:listBindedApis |
|
apig:acl:listUnboundApi |
Grants permissions to query APIs that are not bound to a specified access control policy. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:acls:listUnbindedApis |
|
apig:api:bindRequestThrottling |
Grants permissions to bind APIs with request throttling policies. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:bindThrottles |
|
apig:api:batchUnbindRequestThrottling |
Grants permissions to unbind request throttling policies from APIs in batches. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:unbindThrottles |
|
apig:api:unbindRequestThrottling |
Grants permissions to unbind request throttling policies from APIs. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:unbindThrottles |
|
apig:requestThrottling:listBoundApi |
Grants permissions to query APIs bound to a specified request throttling policy. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:throttles:listBindedApis |
|
apig:api:listBoundRequestThrottling |
Grants permissions to query request throttling policies bound to a specified API. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:listBindedThrottles |
|
apig:requestThrottling:listUnboundApi |
Grants permissions to query APIs that are not bound to a specified request throttling policy. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:throttles:listUnbindedApis |
|
apig:apiGroup:list |
Grants permissions to query API groups. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:groups:list |
|
apig:apiGroup:create |
Grants permissions to create an API group. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:groups:create |
|
apig:apiGroup:delete |
Grants permissions to delete an API group. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:groups:delete |
|
apig:apiGroup:get |
Grants permissions to query API group details. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:groups:get |
|
apig:apiGroup:update |
Grants permissions to modify an API group. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:groups:update |
|
apig:apiGroup:checkApiGroupNameExistOrNot |
Grants permissions to check whether the API group name exists. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:groups:get |
|
apig:api:list |
Grants permissions to query APIs. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:list |
|
apig:api:create |
Grants permissions to create an API. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:create |
|
apig:api:delete |
Grants permissions to delete an API. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:delete |
|
apig:api:get |
Grants permissions to query API details. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:get |
|
apig:api:update |
Grants permissions to modify an API. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:update |
|
apig:api:onlineOrOffline |
Grants permissions to publish or take an API offline. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:publish |
|
apig:api:batchDelete |
Grants permissions to delete APIs in batches. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:delete |
|
apig:api:checkApiPathOrApiNameExistOrNot |
Grants permissions to verify the API definition. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:get |
|
apig:api:debug |
Grants permissions to debug an API. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:debug |
|
apig:api:batchOnlineOrOffline |
Grants permissions to publish or take APIs offline in batches. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:publish |
|
apig:api:listHistoryVersion |
Grants permissions to query historical API versions. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:get |
|
apig:api:switchVersion |
Grants permissions to switch the API version. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:publish |
|
apig:api:getRuntimeDefinition |
Grants permissions to query the API runtime definition. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:get |
|
apig:api:deleteHistoryVersion |
Grants permissions to take an API offline based on the version ID. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:offline |
|
apig:api:getHistoryVersion |
Grants permissions to query version details. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:get |
|
apig:app:list |
Grants permissions to query apps. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:list |
|
apig:app:create |
Grants permissions to create an app. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:create |
|
apig:app:delete |
Grants permissions to delete an app. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:delete |
|
apig:app:get |
Grants permissions to query app details. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:get |
|
apig:app:update |
Grants permissions to modify app information. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:update |
|
apig:app:listAppCode |
Grants permissions to query AppCodes. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:appCodes:list |
|
apig:app:createAppCode |
Grants permissions to create an AppCode. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:appCodes:create |
|
apig:app:generateAppCode |
Grants permissions to automatically generate AppCodes. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:appCodes:update |
|
apig:app:deleteAppCode |
Grants permissions to delete an AppCode. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:appCodes:delete |
|
apig:app:getAppCode |
Grants permissions to query AppCode details. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:appCodes:get |
|
apig:app:resetSecret |
Grants permissions to reset the AppSecret. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:update |
|
apig:app:validate |
Grants permissions to check whether a specified app exists. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:get |
|
apig:app:getBoundQuota |
Grants permissions to query the credential quota policies associated with a specified app. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:get |
|
apig:app:bindApi |
Grants permissions to bind APIs with apps. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:grantAppAccess |
|
apig:app:unbindApi |
Grants permissions to unbind APIs from apps. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:relieveAppAccess |
|
apig:app:listBoundApi |
Grants permissions to query APIs bound to a specified app. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:listBindedApis |
|
apig:api:listBoundApp |
Grants permissions to query apps bound to a specified API. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:listBindedApps |
|
apig:app:listUnboundApi |
Grants permissions to query APIs not bound to a specified app. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:listUnbindedApis |
|
apig:api:export |
Grants permissions to export APIs. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:export |
|
apig:api:import |
Grants permissions to import APIs. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:import |
|
apig:asyncTask:get |
Grants permission to query the result of an asynchronous task. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:export |
|
apig:certificate:list |
Grants permissions to query SSL certificates. |
list |
instance |
g:ResourceTag/<tag-key> |
- |
|
apig:certificate:create |
Grants permissions to create an SSL certificate. |
write |
instance |
g:ResourceTag/<tag-key> |
- |
|
apig:certificate:delete |
Grants permissions to delete an SSL certificate. |
write |
instance |
g:ResourceTag/<tag-key> |
- |
|
apig:certificate:get |
Grants permissions to query SSL certificate details. |
read |
instance |
g:ResourceTag/<tag-key> |
- |
|
apig:certificate:update |
Grants permissions to modify an SSL certificate. |
write |
instance |
g:ResourceTag/<tag-key> |
- |
|
apig:certificate:listBoundDomain |
Grants permissions to query domain names bound to a specified SSL certificate. |
list |
instance |
g:ResourceTag/<tag-key> |
- |
|
apig:certificate:batchBindDomain |
Grants permissions to bind a domain name to an SSL certificate. |
write |
instance |
g:ResourceTag/<tag-key> |
- |
|
apig:certificate:batchUnbindDomain |
Grants permissions to unbind domain names from a specified SSL certificate. |
write |
instance |
g:ResourceTag/<tag-key> |
- |
|
apig:apiGroup:batchBindCertificateToDomain |
Grants permissions to bind an SSL certificate to a domain name. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:domains:bindCertificate |
|
apig:apiGroup:batchUnbindCertificateFromDomain |
Grants permissions to unbind certificates from a specified domain name. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:domains:unbindCertificate |
|
apig:loadBalanceChannel:list |
Grants permissions to query the load balance channels. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:list |
|
apig:loadBalanceChannel:create |
Grants permissions to create a load balance channel. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:create |
|
apig:loadBalanceChannel:delete |
Grants permissions to delete a load balance channel. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:delete |
|
apig:loadBalanceChannel:get |
Grants permissions to query load balance channel details. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:get |
|
apig:loadBalanceChannel:update |
Grants permissions to update a load balance channel. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:update |
|
apig:loadBalanceChannel:updateHealthCheckConfig |
Grants permissions to modify the health check configuration of a load balance channel. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:update |
|
apig:loadBalanceChannel:listServerGroup |
Grants permissions to query the backend server groups of a specified load balance channel. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:get |
|
apig:loadBalanceChannel:createServerGroup |
Grants permissions to add or update backend server groups of a specified VPC channel. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:addOrUpdateMemberGroups |
|
apig:loadBalanceChannel:deleteServerGroup |
Grants permissions to delete the backend server groups of a specified VPC channel. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:deleteMemberGroup |
|
apig:loadBalanceChannel:getServerGroup |
Grants permissions to query details about the backend server group of a specified VPC channel. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:get |
|
apig:loadBalanceChannel:updateServerGroup |
Grants permissions to update the backend server groups of a specified VPC channel. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:updateMemberGroup |
|
apig:loadBalanceChannel:listBackendServerAddress |
Grants permissions to query the backend instances of a specified load balance channel. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:get |
|
apig:loadBalanceChannel:createBackendServerAddress |
Grants permissions to add or update backend instances of a specified load balance channel. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:addInstance |
|
apig:loadBalanceChannel:updateBackendServerAddress |
Grants permissions to update backend instances of a specified load balance channel. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:addInstance |
|
apig:loadBalanceChannel:deleteBackendServerAddress |
Grants permissions to delete backend instances of a specified load balance channel. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:deleteInstance |
|
apig:loadBalanceChannel:batchDisableBackendServerAddress |
Grants permissions to disable backend servers in batches. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:batchDisableInstance |
|
apig:loadBalanceChannel:batchEnableBackendServerAddress |
Grants permissions to enable backend servers in batches. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:vpcChannels:batchEnableInstance |
|
apig:instance:listTag |
Grants permissions to query tags. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:tags:list |
|
apig:api:listUnboundPlugin |
Grants permissions to query plug-ins that can be bound to a specified API. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:listBindedPlugins |
|
apig:api:listBoundPlugin |
Grants permissions to query plug-ins bound to a specified API. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:listBindedPlugins |
|
apig:api:bindPlugin |
Grants permissions to bind a plug-in to an API. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:bindPlugins |
|
apig:api:unbindPlugin |
Grants permissions to unbind plug-ins from a specified API. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:unbindPlugins |
|
apig:plugin:list |
Grants permissions to query plug-ins. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:plugins:list |
|
apig:plugin:create |
Grants permission to create extensions. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:plugins:create |
|
apig:plugin:delete |
Grants permission to delete extensions. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:plugins:delete |
|
apig:plugin:get |
Grants permissions to query plug-in details. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:plugins:get |
|
apig:plugin:update |
Grants permissions to modify a plug-in. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:plugins:update |
|
apig:plugin:bindApi |
Grants permissions to bind an API to a plug-in. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:bindPlugins |
|
apig:plugin:listUnbindApi |
Grants permissions to query APIs that can be bound to a specified plug-in. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:plugins:listUnbindedApis |
|
apig:plugin:listBoundApi |
Grants permissions to query APIs bound to a specified plug-in. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:plugins:listBindedApis |
|
apig:plugin:unbindApi |
Grants permissions to unbind APIs from a specified plug-in. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:unbindPlugins |
|
apig:apiGroup:listGatewayResponse |
Grants permissions to query the responses of a specified API group. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:gatewayResponses:list |
|
apig:apiGroup:createGatewayResponse |
Grants permissions to create a group response. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:gatewayResponses:create |
|
apig:apiGroup:deleteGatewayResponse |
Grants permissions to delete a group response. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:gatewayResponses:delete |
|
apig:apiGroup:getGatewayResponse |
Grants permissions to query group response details. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:gatewayResponses:get |
|
apig:apiGroup:updateGatewayResponse |
Grants permissions to modify a group response. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:gatewayResponses:updat |
|
apig:apiGroup:deleteGatewayResponseType |
Grants permissions to delete the response of an error type defined for an API group. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:gatewayResponses:update |
|
apig:apiGroup:getGatewayResponseType |
Grants permissions to query the response of an error type defined for an API group. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:gatewayResponses:get |
|
apig:apiGroup:updateGatewayResponseType |
Grants permissions to modify the response of an error type defined for an API group. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:gatewayResponses:update |
|
apig:instance:listApiOutline |
Grants permissions to query API quantities. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:get |
|
apig:instance:listAppOutline |
Grants permissions to query app quantities. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:get |
|
apig:instance:listApiGroupOutline |
Grants permissions to query API group quantities. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:groups:get |
|
apig:environmentVariable:list |
Grants permissions to query environment variables. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:variables:list |
|
apig:environmentVariable:create |
Grants permissions to create an environment variable. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:variables:create |
|
apig:environmentVariable:delete |
Grants permissions to delete an environment variable. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:variables:delete |
|
apig:environmentVariable:get |
Grants permissions to query environment variable details. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:variables:get |
|
apig:environmentVariable:update |
Grants permissions to modify an environment variable. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:variables:update |
|
apig:environment:list |
Grants permissions to query environments. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:envs:list |
|
apig:environment:create |
Grants permissions to create an environment. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:envs:create |
|
apig:environment:delete |
Grants permissions to delete an environment. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:envs:delete |
|
apig:environment:update |
Grants permissions to modify an environment. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:envs:update |
|
apig:instance:listMetricData |
Grants permissions to query metric data of a specified gateway. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:metricData:get |
|
apig:instance:listApiMonitoring |
Grants permissions to query API calls within a specific period. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:get |
|
apig:instance:listApiGroupMonitoring |
Grants permissions to query API calls under an API group in the last one hour. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:groups:get |
|
apig:requestThrottling:list |
Grants permissions to query request throttling policies. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:throttles:list |
|
apig:requestThrottling:create |
Grants permissions to create a request throttling policy. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:throttles:create |
|
apig:requestThrottling:delete |
Grants permissions to delete a request throttling policy. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:throttles:delete |
|
apig:requestThrottling:get |
Grants permissions to query request throttling policy details. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:throttles:get |
|
apig:requestThrottling:update |
Grants permissions to modify a request throttling policy. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:throttles:update |
|
apig:requestThrottling:batchDelete |
Grants permissions to delete request throttling policies in batches. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:throttles:delete |
|
apig:api:bindSignatureKey |
Grants permissions to bind signature keys to APIs. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:bindSigns |
|
apig:api:unbindSignatureKey |
Grants permissions to unbind signature keys from APIs. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:unbindSigns |
|
apig:signatureKey:listBoundApi |
Grants permissions to query APIs bound to a specified signature key. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:signs:listBindedApis |
|
apig:api:listBoundSignatureKey |
Grants permissions to query signature keys bound to a specified API. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:listBindedSigns |
|
apig:signatureKey:listUnboundApi |
Grants permissions to query APIs not bound to a specified signature key. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:signs:listUnbindedApis |
|
apig:signatureKey:list |
Grants permissions to query signature keys. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:signs:list |
|
apig:signatureKey:create |
Grants permissions to create a signature key. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:signs:create |
|
apig:signatureKey:delete |
Grants permissions to delete a signature key. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:signs:delete |
|
apig:signatureKey:update |
Grants permissions to modify a signature key. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:signs:update |
|
apig:requestThrottling:listSpecial |
Grants permissions to query excluded request throttling configurations. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:specialThrottles:get |
|
apig:requestThrottling:createSpecial |
Grants permissions to create an excluded request throttling configuration. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:specialThrottles:create |
|
apig:requestThrottling:deleteSpecial |
Grants permissions to delete an excluded request throttling configuration. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:specialThrottles:delete |
|
apig:requestThrottling:updateSpecial |
Grants permissions to modify an excluded configuration of a specified request throttling policy. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:specialThrottles:update |
|
apig:instance:listSingleInstanceTag |
Grants permissions to query tags of a specified gateway. |
list |
instance * |
|
apig:instanceTags:list |
|
apig:instance:batchCreateOrDeleteTag |
Grants permissions to add or delete gateway tags in batches. |
write |
instance * |
|
apig:instanceTags:create |
|
- |
|
||||
|
apig::listTag |
Grants permissions to query all gateway tags in the project. |
list |
- |
- |
apig:instanceTags:list |
|
apig:instance:getNumByTags |
Grants permissions to query the number of gateways by tag. |
read |
instance * |
- |
- |
|
- |
g:TagKeys |
||||
|
apig:instance:listByTags |
Grants permissions to query gateways by tag. |
list |
instance * |
- |
- |
|
- |
g:TagKeys |
||||
|
apig:instance:list |
Grants permissions to query dedicated gateways. |
list |
- |
- |
apig:instances:list |
|
apig:instance:create |
Grants permissions to create a dedicated gateway. |
write |
- |
|
apig:instances:create |
|
apig:instance:delete |
Grants permissions to delete a dedicated gateway. |
write |
instance * |
|
apig:instances:delete |
|
apig:instance:get |
Grants permissions to query dedicated gateway details. |
read |
instance * |
|
apig:instances:get |
|
apig:instance:update |
Grants permissions to update a dedicated gateway. |
write |
instance * |
|
apig:instances:update |
|
apig:instance:unbindEip |
Grants permissions to unbind an EIP from a specified dedicated gateway. |
write |
instance * |
|
apig:instances:update |
|
apig:instance:bindOrChangeEip |
Grants permissions to add or change EIPs of a specified dedicated gateway. |
write |
instance * |
|
apig:instances:update |
|
apig:instance:deleteOutboundEip |
Grants permissions to disable public outbound access for a specified dedicated gateway. |
write |
instance * |
|
apig:instances:update |
|
apig:instance:createOutboundEip |
Grants permissions to enable public outbound access for a specified dedicated gateway. |
write |
instance * |
|
apig:instances:update |
|
apig:instance:changeOutboundEipBandwidth |
Grants permissions to modify the public outbound access bandwidth of a specified dedicated gateway. |
write |
instance * |
|
apig:instances:update |
|
apig:instance:getCreateProgress |
Grants permissions to query the creation progress of a specified dedicated gateway. |
read |
instance * |
|
- |
|
apig:instance:deleteIngressEip |
Grants permissions to disable the public inbound access for a specified dedicated gateway. |
write |
instance * |
|
apig:instances:update |
|
apig:instance:createIngressEip |
Grants permissions to enable the public inbound access for a specified dedicated gateway. |
write |
instance * |
|
apig:instances:update |
|
apig:instance:changeIngressEipBindwidth |
Grants permissions to update the public outbound access bandwidth of a specified dedicated gateway. |
write |
instance * |
|
apig:instances:update |
|
apig:instance:resize |
Grants permissions to create a specification change order for a pay-per-use dedicated gateway. |
write |
instance * |
|
- |
|
apig:instance:getRestriction |
Grants permissions to query gateway constraint information. |
read |
instance * |
|
apig:instances:get |
|
apig:instance:listParameter |
Grants permissions to query the gateway parameters. |
list |
instance * |
|
apig:features:list |
|
apig:instance:updateParameter |
Grants permissions to edit the gateway parameters. |
write |
instance * |
|
apig:features:create |
|
apig:instance:listFeature |
Grants permissions to query features supported by a specified gateway. |
list |
instance * |
|
- |
|
apig:instance:importMicroservice |
Grants permissions to import microservices to a dedicated gateway. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apis:import |
|
apig:apiGroup:bindDomain |
Grants permissions to bind independent domain names. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:domains:create |
|
apig:apiGroup:unbindDomain |
Grants permissions to unbind independent domain names. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:domains:delete |
|
apig:apiGroup:updateDomainConfig |
Grants permissions to modify an independent domain name. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:domains:update |
|
apig:apiGroup:createAndBindCertificateToDomain |
Grants permissions to create certificates and bind them to independent domain names. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:domains:bindCertificate |
|
apig:apiGroup:unbindAndDeleteCertificateFromDomain |
Grants permissions to delete certificates and delete them from independent domain names. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:domains:unbindCertificate |
|
apig:apiGroup:getCertificateOfDomain |
Grants permissions to query certificates of independent domain names. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:domains:getCertificate |
|
apig:apiGroup:updateSLDomainSetting |
Grants permissions to set accessibility of a debugging domain name. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:domains:updateSLDomainSetting |
|
apig:customAuthorizer:list |
Grants permissions to query custom authorizers. |
list |
instance * |
g:ResourceTag/<tag-key> |
apig:authorizers:list |
|
apig:customAuthorizer:create |
Grants permissions to create a custom authorizer. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:authorizers:create |
|
apig:customAuthorizer:delete |
Grants permissions to delete a custom authorizer. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:authorizers:delete |
|
apig:customAuthorizer:get |
Grants permissions to query custom authorizer details. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:authorizers:get |
|
apig:customAuthorizer:update |
Grants permissions to modify a custom authorizer. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:authorizers:update |
|
apig:instance:listVpcEndpoint |
Grants permissions to query the VPC endpoint connections of a specified gateway. |
list |
instance * |
|
- |
|
apig:instance:acceptOrRejectVpcEndpointConnection |
Grants permissions to accept or reject VPC endpoint connections. |
write |
instance * |
|
- |
|
apig:instance:listVpcEndpointPermission |
Grants permissions to query the whitelist records of a gateway's VPC endpoint service. |
list |
instance * |
|
- |
|
apig:instance:batchAddVpcEndpointPermission |
Grants permissions to add whitelist records of a gateway's VPC endpoint service in batches. |
write |
instance * |
|
- |
|
apig:instance:batchDeleteVpcEndpointPermission |
Grants permissions to delete whitelist records of a gateway's VPC endpoint service in batches. |
write |
instance * |
|
- |
|
apig:app:deleteAcl |
Grants permissions to delete an access control rule of a credential. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:get |
|
apig:app:getAcl |
Grants permissions to query access control rules of a credential. |
read |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:get |
|
apig:app:updateAcl |
Grants permissions to set access control rules of credentials. |
write |
instance * |
g:ResourceTag/<tag-key> |
apig:apps:get |
|
apig:clientQuota:list |
Grants permissions to query credential quota policies. |
list |
instance * |
g:ResourceTag/<tag-key> |
- |
|
apig:clientQuota:create |
Grants permissions to create a credential quota policy. |
write |
instance * |
g:ResourceTag/<tag-key> |
- |
|
apig:clientQuota:delete |
Grants permissions to delete a credential quota policy. |
write |
instance * |
g:ResourceTag/<tag-key> |
- |
|
apig:clientQuota:get |
Grants permissions to query credential quota policy details. |
read |
instance * |
g:ResourceTag/<tag-key> |
- |
|
apig:clientQuota:update |
Grants permissions to modify a credential quota policy. |
write |
instance * |
g:ResourceTag/<tag-key> |
- |
|
apig:clientQuota:listBoundApp |
Grants permissions to query the credentials bound to quota policies. |
list |
instance * |
g:ResourceTag/<tag-key> |
- |
|
apig:clientQuota:bindApp |
Grants permissions to bind credential quotas with credentials. |
write |
instance * |
g:ResourceTag/<tag-key> |
- |
|
apig:clientQuota:unbindApp |
Grants permissions to unbind credential quotas from credentials. |
write |
instance * |
g:ResourceTag/<tag-key> |
- |
|
apig:clientQuota:listUnboundApp |
Grants permissions to query credentials that can be bound to a specified credential quota. |
list |
instance * |
g:ResourceTag/<tag-key> |
- |
|
apig:instance:listFeatureHistory |
Grants permissions to query the feature history. |
list |
instance * |
g:ResourceTag/<tag-key> |
- |
|
apig:instance:addCustomIngressPort |
Grants permissions to add a custom inbound port. |
write |
instance * |
|
- |
|
apig:instance:listCustomIngressPort |
Grants permissions to query custom inbound ports. |
list |
instance * |
|
- |
|
apig:instance:deleteCustomIngressPort |
Grants permissions to delete a custom inbound port. |
write |
instance * |
|
- |
|
apig:instance:listCustomIngressPortDomain |
Grants permissions to query domain names bound to a custom inbound port. |
list |
instance * |
|
- |
Each API of APIG usually supports one or more actions. Table 2 lists the supported actions and dependencies.
|
API |
Action |
Dependencies |
|---|---|---|
|
GET /{project_id}/apigw/instances/{instance_id}/acls |
apig:acl:list |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/acls |
apig:acl:create |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/acls |
apig:acl:batchDelete |
apig:instance:get |
|
DELETE /{project_id}/apigw/instances/{instance_id}/acls/{acl_id} |
apig:acl:delete |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/acls/{acl_id} |
apig:acl:get |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/acls/{acl_id} |
apig:acl:update |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/acl-bindings |
apig:api:bindAcl |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/acl-bindings |
apig:api:batchUnbindAcl |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/acl-bindings/{acl_bindings_id} |
apig:api:unbindAcl |
|
|
GET /{project_id}/apigw/instances/{instance_id}/acl-bindings/binded-acls |
apig:api:listBoundAcl |
|
|
GET /{project_id}/apigw/instances/{instance_id}/acl-bindings/binded-apis |
apig:acl:listBoundApi |
|
|
GET /{project_id}/apigw/instances/{instance_id}/acl-bindings/unbinded-apis |
apig:acl:listUnboundApi |
|
|
POST /{project_id}/apigw/instances/{instance_id}/throttle-bindings |
apig:api:bindRequestThrottling |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/throttle-bindings |
apig:api:batchUnbindRequestThrottling |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/throttle-bindings/{throttle_binding_id} |
apig:api:unbindRequestThrottling |
|
|
GET /{project_id}/apigw/instances/{instance_id}/throttle-bindings/binded-apis |
apig:requestThrottling:listBoundApi |
|
|
GET /{project_id}/apigw/instances/{instance_id}/throttle-bindings/binded-throttles |
apig:api:listBoundRequestThrottling |
|
|
GET /{project_id}/apigw/instances/{instance_id}/throttle-bindings/unbinded-apis |
apig:requestThrottling:listUnboundApi |
|
|
GET /{project_id}/apigw/instances/{instance_id}/api-groups |
apig:apiGroup:list |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/api-groups |
apig:apiGroup:create |
apig:instance:get |
|
DELETE /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id} |
apig:apiGroup:delete |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id} |
apig:apiGroup:get |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id} |
apig:apiGroup:update |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/api-groups/check |
apig:apiGroup:checkApiGroupNameExistOrNot |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/apis |
apig:api:list |
|
|
POST /{project_id}/apigw/instances/{instance_id}/apis |
apig:api:create |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/apis/{api_id} |
apig:api:delete |
|
|
GET /{project_id}/apigw/instances/{instance_id}/apis/{api_id} |
apig:api:get |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/apis/{api_id} |
apig:api:update |
|
|
POST /{project_id}/apigw/instances/{instance_id}/apis/action |
apig:api:onlineOrOffline |
|
|
- |
apig:api:batchDelete |
|
|
POST /{project_id}/apigw/instances/{instance_id}/apis/check |
apig:api:checkApiPathOrApiNameExistOrNot |
|
|
POST /{project_id}/apigw/instances/{instance_id}/apis/debug/{api_id} |
apig:api:debug |
|
|
POST /{project_id}/apigw/instances/{instance_id}/apis/publish |
apig:api:batchOnlineOrOffline |
|
|
GET /{project_id}/apigw/instances/{instance_id}/apis/publish/{api_id} |
apig:api:listHistoryVersion |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/apis/publish/{api_id} |
apig:api:switchVersion |
|
|
GET /{project_id}/apigw/instances/{instance_id}/apis/runtime/{api_id} |
apig:api:getRuntimeDefinition |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/apis/versions/{version_id} |
apig:api:deleteHistoryVersion |
|
|
GET /{project_id}/apigw/instances/{instance_id}/apis/versions/{version_id} |
apig:api:getHistoryVersion |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/apps |
apig:app:list |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/apps |
apig:app:create |
apig:instance:get |
|
DELETE /{project_id}/apigw/instances/{instance_id}/apps/{app_id} |
apig:app:delete |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/apps/{app_id} |
apig:app:get |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/apps/{app_id} |
apig:app:update |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-codes |
apig:app:listAppCode |
|
|
POST /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-codes |
apig:app:createAppCode |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-codes |
apig:app:generateAppCode |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-codes/{app_code_id} |
apig:app:deleteAppCode |
|
|
GET /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-codes/{app_code_id} |
apig:app:getAppCode |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/apps/secret/{app_id} |
apig:app:resetSecret |
|
|
GET /{project_id}/apigw/instances/{instance_id}/apps/validation/{app_id} |
apig:app:validate |
|
|
GET /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/bound-quota |
apig:app:getBoundQuota |
|
|
POST /{project_id}/apigw/instances/{instance_id}/app-auths |
apig:app:bindApi |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/app-auths/{app_auth_id} |
apig:app:unbindApi |
|
|
GET /{project_id}/apigw/instances/{instance_id}/app-auths/binded-apis |
apig:app:listBoundApi |
|
|
GET /{project_id}/apigw/instances/{instance_id}/app-auths/binded-apps |
apig:api:listBoundApp |
|
|
GET /{project_id}/apigw/instances/{instance_id}/app-auths/unbinded-apis |
apig:app:listUnboundApi |
|
|
POST /{project_id}/apigw/instances/{instance_id}/openapi/export |
apig:api:export |
|
|
POST /{project_id}/apigw/instances/{instance_id}/openapi/async-export |
apig:api:export |
|
|
POST /{project_id}/apigw/instances/{instance_id}/openapi/import |
apig:api:import |
|
|
POST /{project_id}/apigw/instances/{instance_id}/openapi/async-import |
apig:api:import |
|
|
GET /{project_id}/apigw/instances/{instance_id}/async-tasks/{task_id} |
apig:asyncTask:get |
apig:instance:get |
|
GET /{project_id}/apigw/certificates |
apig:certificate:list |
- |
|
POST /{project_id}/apigw/certificates |
apig:certificate:create |
apig:instance:get |
|
DELETE /{project_id}/apigw/certificates/{certificate_id} |
apig:certificate:delete |
- |
|
GET /{project_id}/apigw/certificates/{certificate_id} |
apig:certificate:get |
- |
|
PUT /{project_id}/apigw/certificates/{certificate_id} |
apig:certificate:update |
apig:instance:get |
|
GET /{project_id}/apigw/certificates/{certificate_id}/attached-domains |
apig:certificate:listBoundDomain |
- |
|
POST /{project_id}/apigw/certificates/{certificate_id}/domains/attach |
apig:certificate:batchBindDomain |
|
|
POST /{project_id}/apigw/certificates/{certificate_id}/domains/detach |
apig:certificate:batchUnbindDomain |
|
|
POST /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificates/attach |
apig:apiGroup:batchBindCertificateToDomain |
|
|
POST /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificates/detach |
apig:apiGroup:batchUnbindCertificateFromDomain |
|
|
GET /{project_id}/apigw/instances/{instance_id}/vpc-channels |
apig:loadBalanceChannel:list |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/vpc-channels |
apig:loadBalanceChannel:create |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id} |
apig:loadBalanceChannel:delete |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id} |
apig:loadBalanceChannel:get |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id} |
apig:loadBalanceChannel:update |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/health-config |
apig:loadBalanceChannel:updateHealthCheckConfig |
|
|
GET /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/member-groups |
apig:loadBalanceChannel:listServerGroup |
|
|
POST /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/member-groups |
apig:loadBalanceChannel:createServerGroup |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/member-groups/{member_group_id} |
apig:loadBalanceChannel:deleteServerGroup |
|
|
GET /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/member-groups/{member_group_id} |
apig:loadBalanceChannel:getServerGroup |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/member-groups/{member_group_id} |
apig:loadBalanceChannel:updateServerGroup |
|
|
GET /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members |
apig:loadBalanceChannel:listBackendServerAddress |
|
|
POST /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members |
apig:loadBalanceChannel:createBackendServerAddress |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members |
apig:loadBalanceChannel:updateBackendServerAddress |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members/{member_id} |
apig:loadBalanceChannel:deleteBackendServerAddress |
|
|
POST /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members/batch-disable |
apig:loadBalanceChannel:batchDisableBackendServerAddress |
|
|
POST /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members/batch-enable |
apig:loadBalanceChannel:batchEnableBackendServerAddress |
|
|
GET /{project_id}/apigw/instances/{instance_id}/tags |
apig:instance:listTag |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/apis/{api_id}/attachable-plugins |
apig:api:listUnboundPlugin |
|
|
GET /{project_id}/apigw/instances/{instance_id}/apis/{api_id}/attached-plugins |
apig:api:listBoundPlugin |
|
|
POST /{project_id}/apigw/instances/{instance_id}/apis/{api_id}/plugins/attach |
apig:api:bindPlugin |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/apis/{api_id}/plugins/detach |
apig:api:unbindPlugin |
|
|
GET /{project_id}/apigw/instances/{instance_id}/plugins |
apig:plugin:list |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/plugins |
apig:plugin:create |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id} |
apig:plugin:delete |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id} |
apig:plugin:get |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id} |
apig:plugin:update |
|
|
POST /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id}/attach |
apig:plugin:bindApi |
|
|
GET /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id}/attachable-apis |
apig:plugin:listUnbindApi |
|
|
GET /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id}/attached-apis |
apig:plugin:listBoundApi |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id}/detach |
apig:plugin:unbindApi |
|
|
GET /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses |
apig:apiGroup:listGatewayResponse |
|
|
POST /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses |
apig:apiGroup:createGatewayResponse |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses/{response_id} |
apig:apiGroup:deleteGatewayResponse |
|
|
GET /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses/{response_id} |
apig:apiGroup:getGatewayResponse |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses/{response_id} |
apig:apiGroup:updateGatewayResponse |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses/{response_id}/{response_type} |
apig:apiGroup:deleteGatewayResponseType |
|
|
GET /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses/{response_id}/{response_type} |
apig:apiGroup:getGatewayResponseType |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses/{response_id}/{response_type} |
apig:apiGroup:updateGatewayResponseType |
|
|
GET /{project_id}/apigw/instances/{instance_id}/resources/outline/apis |
apig:instance:listApiOutline |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/resources/outline/apps |
apig:instance:listAppOutline |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/resources/outline/groups |
apig:instance:listApiGroupOutline |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/env-variables |
apig:environmentVariable:list |
|
|
POST /{project_id}/apigw/instances/{instance_id}/env-variables |
apig:environmentVariable:create |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/env-variables/{env_variable_id} |
apig:environmentVariable:delete |
|
|
GET /{project_id}/apigw/instances/{instance_id}/env-variables/{env_variable_id} |
apig:environmentVariable:get |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/env-variables/{env_variable_id} |
apig:environmentVariable:update |
|
|
GET /{project_id}/apigw/instances/{instance_id}/envs |
apig:environment:list |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/envs |
apig:environment:create |
apig:instance:get |
|
DELETE /{project_id}/apigw/instances/{instance_id}/envs/{env_id} |
apig:environment:delete |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/envs/{env_id} |
apig:environment:update |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/metric-data |
apig:instance:listMetricData |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/statistics/api/latest |
apig:instance:listApiMonitoring |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/statistics/group/latest |
apig:instance:listApiGroupMonitoring |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/throttles |
apig:requestThrottling:list |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/throttles |
apig:requestThrottling:create |
apig:instance:get |
|
DELETE /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id} |
apig:requestThrottling:delete |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id} |
apig:requestThrottling:get |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id} |
apig:requestThrottling:update |
apig:instance:get |
|
- |
apig:requestThrottling:batchDelete |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/sign-bindings |
apig:api:bindSignatureKey |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/sign-bindings/{sign_bindings_id} |
apig:api:unbindSignatureKey |
|
|
GET /{project_id}/apigw/instances/{instance_id}/sign-bindings/binded-apis |
apig:signatureKey:listBoundApi |
|
|
GET /{project_id}/apigw/instances/{instance_id}/sign-bindings/binded-signs |
apig:api:listBoundSignatureKey |
|
|
GET /{project_id}/apigw/instances/{instance_id}/sign-bindings/unbinded-apis |
apig:signatureKey:listUnboundApi |
|
|
GET /{project_id}/apigw/instances/{instance_id}/signs |
apig:signatureKey:list |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/signs |
apig:signatureKey:create |
apig:instance:get |
|
DELETE /{project_id}/apigw/instances/{instance_id}/signs/{sign_id} |
apig:signatureKey:delete |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/signs/{sign_id} |
apig:signatureKey:update |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials |
apig:requestThrottling:listSpecial |
|
|
POST /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials |
apig:requestThrottling:createSpecial |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials/{strategy_id} |
apig:requestThrottling:deleteSpecial |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials/{strategy_id} |
apig:requestThrottling:updateSpecial |
|
|
GET /{project_id}/apigw/instances/{instance_id}/instance-tags |
apig:instance:listSingleInstanceTag |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/instance-tags/action |
apig:instance:batchCreateOrDeleteTag |
apig:instance:get |
|
GET /{project_id}/apigw/instance-tags |
apig::listTag |
apig:instance:get |
|
POST /{project_id}/apigw/resource-instances/count |
apig:instance:getNumByTags |
- |
|
POST /{project_id}/apigw/resource-instances/filter |
apig:instance:listByTags |
- |
|
GET /{project_id}/apigw/instances |
apig:instance:list |
- |
|
POST /{project_id}/apigw/instances |
apig:instance:create |
|
|
DELETE /{project_id}/apigw/instances/{instance_id} |
apig:instance:delete |
|
|
GET /{project_id}/apigw/instances/{instance_id} |
apig:instance:get |
- |
|
PUT /{project_id}/apigw/instances/{instance_id} |
apig:instance:update |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/eip |
apig:instance:unbindEip |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/eip |
apig:instance:bindOrChangeEip |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/nat-eip |
apig:instance:deleteOutboundEip |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/nat-eip |
apig:instance:createOutboundEip |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/nat-eip |
apig:instance:changeOutboundEipBandwidth |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/progress |
apig:instance:getCreateProgress |
- |
|
DELETE /{project_id}/apigw/instances/{instance_id}/ingress-eip |
apig:instance:deleteIngressEip |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/ingress-eip |
apig:instance:createIngressEip |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/ingress-eip |
apig:instance:changeIngressEipBindwidth |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/postpaid-resize |
apig:instance:resize |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/restriction |
apig:instance:getRestriction |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/features |
apig:instance:listParameter |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/features |
apig:instance:updateParameter |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/instance-features |
apig:instance:listFeature |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/microservice/import |
apig:instance:importMicroservice |
|
|
POST /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains |
apig:apiGroup:bindDomain |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id} |
apig:apiGroup:unbindDomain |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id} |
apig:apiGroup:updateDomainConfig |
|
|
POST /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificate |
apig:apiGroup:createAndBindCertificateToDomain |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificate/{certificate_id} |
apig:apiGroup:unbindAndDeleteCertificateFromDomain |
|
|
GET /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificate/{certificate_id} |
apig:apiGroup:getCertificateOfDomain |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/sl-domain-access-settings |
apig:apiGroup:updateSLDomainSetting |
|
|
GET /{project_id}/apigw/instances/{instance_id}/authorizers |
apig:customAuthorizer:list |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/authorizers |
apig:customAuthorizer:create |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/authorizers/{authorizer_id} |
apig:customAuthorizer:delete |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/authorizers/{authorizer_id} |
apig:customAuthorizer:get |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/authorizers/{authorizer_id} |
apig:customAuthorizer:update |
|
|
GET /{project_id}/apigw/instances/{instance_id}/vpc-endpoint/connections |
apig:instance:listVpcEndpoint |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/vpc-endpoint/connections/action |
apig:instance:acceptOrRejectVpcEndpointConnection |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions |
apig:instance:listVpcEndpointPermission |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions/batch-add |
apig:instance:batchAddVpcEndpointPermission |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions/batch-delete |
apig:instance:batchDeleteVpcEndpointPermission |
apig:instance:get |
|
DELETE /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-acl |
apig:app:deleteAcl |
|
|
GET /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-acl |
apig:app:getAcl |
|
|
PUT /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-acl |
apig:app:updateAcl |
|
|
GET /{project_id}/apigw/instances/{instance_id}/app-quotas |
apig:clientQuota:list |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/app-quotas |
apig:clientQuota:create |
apig:instance:get |
|
DELETE /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id} |
apig:clientQuota:delete |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id} |
apig:clientQuota:get |
apig:instance:get |
|
PUT /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id} |
apig:clientQuota:update |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id}/bound-apps |
apig:clientQuota:listBoundApp |
apig:instance:get |
|
POST /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id}/binding-apps |
apig:clientQuota:bindApp |
|
|
DELETE /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id}/bound-apps/{app_id} |
apig:clientQuota:unbindApp |
|
|
GET /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id}/bindable-apps |
apig:clientQuota:listUnboundApp |
|
|
- |
apig:instance:listFeatureHistory |
|
|
POST /{project_id}/apigw/instances/{instance_id}/custom-ingress-ports |
apig:instance:addCustomIngressPort |
apig:instance:get |
|
GET /{project_id}/apigw/instances/{instance_id}/custom-ingress-ports |
apig:instance:listCustomIngressPort |
apig:instance:get |
|
DELETE /{project_id}/apigw/instances/{instance_id}/custom-ingress-ports/{ingress_port_id} |
apig:instance:deleteCustomIngressPort |
|
|
GET /{project_id}/apigw/instances/{instance_id}/custom-ingress-ports/{ingress_port_id}/domains |
apig:instance:listCustomIngressPortDomain |
|
Resources
A resource type indicates the resources that an SCP applies to. If you specify a resource type for any action in Table 3, the resource URN must be specified in the SCP statements using that action, and the SCP applies only to resources of this type. If no resource type is specified, the Resource element is marked with an asterisk (*) and the SCP applies to all resources. You can also set condition keys in an SCP to define resource types.
The following table lists the resource types that you can define in SCP statements for APIG.
Conditions
APIG does not support service-specific condition keys in SCPs. It can only use global condition keys applicable to all services. For details, see Global Condition Keys.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
