Help Center/ ROMA Connect/ User Guide/ Service Integration Guide/ Exposing an API/ (Optional) Authorizing Credentials to Call APIs
Updated on 2022-12-05 GMT+08:00

(Optional) Authorizing Credentials to Call APIs

Credentials need to be authorized to call APIs that use App authentication. When calling an API, a user is authenticated using the key and secret of a credential.

An API's integration application can directly call the API.

Constraints

The security authentication mode of the API is set to App.

Prerequisites

The API has been published in an environment. Otherwise, publish the API first.

Procedure

  1. Log in to the ROMA Connect console. On the Instances page, click View Console next to a specific instance.
  2. In the navigation pane on the left, choose API Connect > APIs. Choose More > Authorize Credentials of an API.
  3. On the page displayed, click Select Credentials.
  4. Configure authorization information and click OK.
    After the authorization is complete, a list of authorized credentials will be displayed.
    Table 1 Authorization configuration

    Parameter

    Description

    Environment

    Select the environment the API has been published in.

    Credentials

    Select the credentials you want to authorize.

    Access Parameters

    Set access parameters for the selected credentials to be authorized. The access parameters will be added to the backend signature authentication information and sent to a backend service. The backend service then returns different response parameters based on the carried access parameters.

    Green Channel

    Enabling Green Channel allows whitelisted clients to call the API without authentication.

    Whitelist

    Mandatory only when Green Channel is enabled.

    Enter the IP addresses or IP address segments to be added to the whitelist. Whitelisted clients can call the API without authentication.

    Blacklist

    Available only when Green Channel is enabled.

    Enter the IP addresses or IP address segments to be added to the blacklist. Blacklisted clients are not allowed to call the API.