Create a Device Policy
Function
This API is used by an application to create a policy on the IoT platform. The policy takes effect only after being bound to a device or product.
-
A maximum of 50 device policies can be created for an instance.
-
This API is supported only by standard and enterprise editions.
Debugging
You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.
URI
POST /v5/iot/{project_id}/device-policies
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Parameter description: project ID. For details about how to obtain the project ID, see Obtaining a Project ID. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
No |
String |
Parameter description: user token. Obtain the token by calling the IAM API for obtaining a user token through password authentication. In the returned response header, X-Subject-Token is the desired user token. For details about how to obtain the token, see Token Authentication. |
|
Instance-Id |
No |
String |
Parameter description: instance ID. Unique identifier of each instance in the physical multi-tenant scenario. Mandatory for professional editions and recommended in other cases. Log in to the IoTDA console and choose Overview in the navigation pane to view the instance ID. For details, see Viewing Instance Details. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
policy_name |
Yes |
String |
Parameter description: policy name. Value: The value can contain a maximum of 128 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. |
|
app_id |
No |
String |
Parameter description: resource space ID. This parameter is optional. If you have multiple resource spaces, you can use this parameter to specify the resource space to which the device to create will belong. If this parameter is not specified, the device to create will belong to the default resource space. Value: The value can contain a maximum of 36 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. |
|
statement |
Yes |
Array of Statement objects |
Parameter description: policy document. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
effect |
Yes |
String |
Specifies whether to allow or reject the operation. If there are both ALLOW and DENY statements, the DENY statement takes precedence.
|
|
actions |
Yes |
Array of strings |
Specifies the operation allowed or denied by the policy. Format: Service name:Resource:Operation. Options:
|
|
resources |
Yes |
Array of strings |
Specifies the resource on which the operation is allowed or rejected. Format: Resource type:Resource name. For example, the resource subscribed by the device is topic:/v1/${devices.deviceId}/test/hello. Value: Length of the resource list: 1 to 10. Only letters, digits, and special characters (/{}$=+#?*:._-) are allowed. |
Response Parameters
Status code: 201
|
Parameter |
Type |
Description |
|---|---|---|
|
app_id |
String |
Parameter description: resource space ID. |
|
policy_id |
String |
Policy ID. |
|
policy_name |
String |
Policy name. |
|
statement |
Array of Statement objects |
Policy documents. |
|
create_time |
String |
Time when the policy was created on the IoT platform. The value is in the format of yyyyMMdd'T'HHmmss'Z', for example, 20151212T121212Z. |
|
update_time |
String |
Time when the policy was updated on the IoT platform. The value is in the format of yyyyMMdd'T'HHmmss'Z', for example, 20151212T121212Z. |
|
Parameter |
Type |
Description |
|---|---|---|
|
effect |
String |
Specifies whether to allow or reject the operation. If there are both ALLOW and DENY statements, the DENY statement takes precedence.
|
|
actions |
Array of strings |
Specifies the operation allowed or denied by the policy. Format: Service name:Resource:Operation. Options:
|
|
resources |
Array of strings |
Specifies the resource on which the operation is allowed or rejected. Format: Resource type:Resource name. For example, the resource subscribed by the device is topic:/v1/${devices.deviceId}/test/hello. Value: Length of the resource list: 1 to 10. Only letters, digits, and special characters (/{}$=+#?*:._-) are allowed. |
Example Requests
-
Creates a device policy, allowing devices to subscribe to and publish messages through specified topics.
POST https://{endpoint}/v5/iot/{project_id}/device-policies { "policy_name" : "myPolicyAllow", "app_id" : "jeQDJQZltU8iKgFFoW060F5SGZka", "statement" : [ { "effect" : "ALLOW", "actions" : [ "iotda:devices:publish\riotda:devices:subscribe" ], "resources" : [ "topic:/v1/${devices.deviceId}/test/allow" ] } ] } -
Creates a device policy, forbidding devices to subscribe to and publish messages through specified topics.
POST https://{endpoint}/v5/iot/{project_id}/device-policies { "policy_name" : "myPolicyDeny", "app_id" : "jeQDJQZltU8iKgFFoW060F5SGZka", "statement" : [ { "effect" : "DENY", "actions" : [ "iotda:devices:publish\riotda:devices:subscribe" ], "resources" : [ "topic:/v1/${devices.deviceId}/test/deny" ] } ] }
Example Responses
Status code: 201
Created
{
"app_id" : "jeQDJQZltU8iKgFFoW060F5SGZka",
"policy_id" : "5c90fa7d3c4e4405e8525079",
"policy_name" : "testPolicy",
"statement" : [ {
"effect" : "ALLOW",
"actions" : [ "iotda:devices:publish", "iotda:devices:subscribe" ],
"resources" : [ "topic:/v1/${devices.deviceId}/test/hello", "topic:/v1/${devices.productId}/test/hello" ]
} ],
"create_time" : "20230810T070547Z",
"update_time" : "20230810T070547Z"
}
Status Codes
|
Status Code |
Description |
|---|---|
|
201 |
Created |
|
400 |
Bad Request |
|
401 |
Unauthorized |
|
403 |
Forbidden |
|
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
