Help Center> ROMA Connect> User Guide> Service Integration Guide (Old Edition)> Creating and Exposing Function APIs> (Optional) Authorizing Apps to Call an API
Updated on 2022-12-05 GMT+08:00
View PDF

(Optional) Authorizing Apps to Call an API

Overview

If the function API uses the App authentication mode, you need to authorize specified integration applications to call this API. When a user calls the API, the key and secret of the integration applications are used for authenticating API requests.

Prerequisites

  • The security authentication mode of the API is set to App.
  • The API has been published in an environment. Otherwise, publish the API first.

Granting Permissions for Integration Applications

  1. Log in to the ROMA Connect console. On the Instances page, click View Console next to a specific instance.
  2. In the navigation pane on the left, choose API Connect > API Management. On the APIs tab page, select Authorize of an API.
  3. On the Authorize App page, click Select App.
  4. In the Select App dialog box, configure authorization information and click OK.
    After the authorization is complete, click on the left of the API to view the list of authorized integration applications.
    Table 1 Authorization configuration

    Parameter

    Description

    Environment

    Select the environment in which the API has been published.

    Integration Applications

    Select the integration applications to be authorized for API calling.

    Access Parameters

    Set access parameters for the selected integration applications to be authorized. The access parameters will be added to the backend signature authentication information and sent to a backend service. The backend service then returns different response parameters based on the carried access parameters.

    Green Channel

    Determine whether to enable the green channel. After the green channel is enabled, you also need to set Whitelist and Blacklist.

    Whitelist

    Mandatory only when Green Channel is enabled.

    Enter the IP addresses or IP address segments to be added to the whitelist. The IP addresses in the whitelist can call APIs without authentication.

    Blacklist

    Available only when Green Channel is enabled.

    Enter the IP addresses or IP address segments to be added to the blacklist. The IP addresses in the blacklist are not allowed to call APIs.