Help Center/ DataArts Studio/ User Guide/ DataArts DataService/ Developing APIs in DataArts DataService/ Authorizing API Calling/ Authorizing an API Which Uses IAM Authentication Through a Whitelist
Updated on 2024-10-23 GMT+08:00

Authorizing an API Which Uses IAM Authentication Through a Whitelist

APIs which use IAM authentication support two authorization modes: app of the IAM type and whitelist. The former can only authorize APIs to the current account, while the latter can authorize APIs to any account. You can choose either mode based on the application scenario.
  • API authorization through apps of the IAM type: An app of the IAM type is the current Huawei account. Only one such app can be created for each DataArts Studio instance. Therefore, authorizing an API which uses IAM authentication to an app of the IAM type is authorizing the API to the current account. After authorization, you can obtain the tokens of the current account and its users from IAM. The tokens can be used for security authentication during API calls.
  • API authorization through a whitelist: A Huawei account whitelist can be added for an API which uses IAM authentication. Accounts in the whitelist can use the API. After authorization, you can obtain the tokens of the authorized account and its users from IAM. The tokens can be used for security authentication during API calls.

This section describes how to authorize an API to an account through a whitelist.

Notes and Constraints

  • In DataArts DataService Exclusive, APIs which use IAM authentication must be authorized through apps or whitelists so that they can be called.
  • Only APIs using IAM authentication can be authorized through a whitelist.

Authorizing an API to an Account Through a Whitelist

An API that uses IAM authentication can be called only after it is authorized.

  1. On the DataArts Studio console, locate a workspace and click DataArts DataService.
  1. In the left navigation pane, choose an edition, for example, Exclusive Edition. The Overview page is displayed.
  2. Choose API Development > APIs.
  3. Locate the row that contains the API to be authorized to another Huawei account, click More in the Operation column, and select View Authorization.
  4. Click the Whitelist Info tab and click Create.
  5. In the displayed dialog box, set the tenant name, tenant ID, and authorization expiration time, select a cluster, and click OK.
    To obtain the tenant name and tenant ID, log in using the account to be authorized or a user of the account and perform the following steps (the tenant name and ID are the account name and ID, respectively):
    1. Register with and log in to the management console.
    2. Hover the cursor on the username in the upper right corner and select My Credentials from the drop-down list.
    3. On the API Credentials page, obtain the account name, account ID, IAM username, and IAM user ID, and obtain the project and its ID from the project list.
    Figure 1 Creating a whitelist

  6. After the authorization is successful, you can view the authorized accounts on the Whitelists page.

    If you do not want to authorize the API to an account, click Delete in the Operation column of the row that contains the tenant name.

Related Operations

Adding a whitelist for multiple APIs: On the APIs page, select APIs, click Batch Operation above the API list, and click Add Whitelist.

You can add a whitelist only for multiple APIs that use IAM authentication.

Figure 2 Batch Operation