Configuring API Access Control
Access control protects backend services by controlling API access of IP addresses and accounts. Policies allow or deny the access of certain IP addresses or accounts to an API.
An access control policy and an API are independent of each other. An access control policy takes effect for an API only after it is bound to the API.
Constraints
An API can be bound only to one access control policy of the same restriction type in an environment, but each access control policy can be bound to multiple APIs.
Creating an Access Control Policy
- Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
- In the navigation pane on the left, choose API Connect > API Policies. On the Policies tab, click Create Policy.
- On the Select Policy Type page, select Access Control in the Traditional Policy area.
- On the page displayed, configure access control information.
Table 1 Parameters for creating an access control policy Parameter
Description
Policy Name
Enter an access control policy name. Using naming rules facilitates future search.
Type
Select the restriction type of the access control policy.
- IP address: restricts API calling by IP address.
- Account name: restricts API calling by account name. This option is available only to APIs using IAM authentication.
The restriction also applies to the IAM users under the specified accounts. IAM users cannot be specified separately.
- Account ID: restricts API calling by account ID. This option is available only to APIs using IAM authentication.
The restriction also applies to the IAM users under the specified accounts. IAM users cannot be specified separately.
Effect
Select the access control type. This parameter is used along with Restriction Type.
- Allow: Only specified IP addresses or accounts are allowed to call APIs.
- Deny: Specified IP addresses or accounts are not allowed to call APIs.
IP Addresses
Mandatory for Type set to IP address.
Click Add IP Address to add the IP addresses or IP address segments that are allowed or forbidden to call an API.
Account Name
Mandatory when Type is set to Account name.
Enter the account names that are allowed or forbidden to call an API. Use commas (,) to separate multiple account names.
Click the username in the upper right corner of the console. Choose My Credentials and obtain the account name on the API Credentials page.
Account ID
Mandatory when Type is set to Account ID.
Enter the account IDs that are allowed or forbidden to call an API. Use commas (,) to separate multiple account IDs.
Click the username in the upper right corner of the console. Choose My Credentials and obtain the account ID on the API Credentials page.
- Click OK.
After the access control policy is created, you also need to perform the operations described in Binding an Access Control Policy to an API to make the policy take effect for the API.
Binding an Access Control Policy to an API
- On the Policies tab, filter policies by Access Control.
- Click the name of a policy to go to the details page.
- On the APIs tab, select the environment of the APIs you want to bind the policy to and click Bind to APIs.
- On the page displayed, select the APIs to bind the policy to.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot