Help Center/ Virtual Private Network/ API Reference/ Application Examples/ Example 7: Creating an Access Policy
Updated on 2024-12-03 GMT+08:00

Example 7: Creating an Access Policy

Scenario

This section describes how to create an access policy by calling an API.

Prerequisites

  • You have created a P2C VPN gateway.
  • You have created a VPN server and set the authentication mode of the server to password authentication. For details, see Creating a Server.
  • You have determined the endpoint for calling APIs.
  • You have obtained a user token if you need to use token authentication. In addition, you need to add X-Auth-Token to the request header when calling an API. For details about token authentication, see Authentication.

    The token obtained through IAM is valid for only 24 hours. When using a token for authentication, cache it to avoid frequent calling.

    Calling the APIs related to access policies is an asynchronous process. The configuration takes effect after a period of time. If you frequently perform operations on access policies within a short period of time, the queue may be congested due to limited performance, and the error message "VPN.0030, The system is busy, please try later." is returned. In this case, you need to wait for a while before calling the APIs again.

Data Preparation

Table 1 Key parameters in the request for creating an access policy

Parameter

Description

Example Value

vpn_server_id

Specifies the ID of a VPN server.

0e325fb6-83b9-4004-a343-8b6fc714a5d9

user_group_id

Specifies the ID of a user group.

7625fd92-2e20-4e4d-8c56-66f110fbfaa8

Procedure

  1. Create an access policy.
    1. Send POST https://{endpoint}/v5/{project_id}/p2c-vpn-gateways/vpn-servers/{vpn_server_id}/access-policies. {vpn_server_id} specifies the ID of the created VPN server.
    2. Add X-Auth-Token to the request header.
    3. Specify the following parameters in the request body:
      {
          "access_policy": {
              "name": "policy-001",
              "user_group_id": "7625fd92-2e20-4e4d-8c56-66f110fbfaa8",
              "description": "AccessPolicy1",
              "dest_ip_cidrs": [
                "172.16.0.0/24",
                "172.16.1.0/24"
              ]
          }
      }
    4. Check the response.
      • The request is successful if the following response is displayed. In the response, id specifies the ID of the created user group.
        {
            "access_policy": {
                "id": "4f746482-a575-4e1f-9e80-5f6f69ff8588"
            },
            "request_id": "1663cd8cacbb3497ebc88877e5a3ad89"
        }
  2. Query the access policy.
    1. Send GET https://{endpoint}/v5/{project_id}/p2c-vpn-gateways/vpn-servers/{vpn_server_id}/access-policies/{policy_id}. {vpn_server_id} specifies the ID of the created VPN server. {policy_id} specifies the ID of the created access policy.
    2. Add X-Auth-Token to the request header.
    3. Check the response.
      {
          "access_policy": {
              "id": "4f746482-a575-4e1f-9e80-5f6f69ff8588",
              "name": "policy-001",
              "user_group_id": "7625fd92-2e20-4e4d-8c56-66f110fbfaa8",
              "user_group_name": "user-group1",
              "description": "AccessPolicy1",
              "dest_ip_cidrs": [
                  "172.16.0.0/24",
                  "172.16.1.0/24"
              ],
              "created_at": "2024-06-17T13:32:19.57Z",
              "updated_at": "2024-06-17T13:32:19.57Z"
          },
          "request_id": "85657002f01c35576606003cc36114ab"
      }