Creating a Custom Authorizer
Function
Creating a Custom Authorizer
Authorization Information
Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
URI
POST /v2/{project_id}/apic/instances/{instance_id}/authorizers
| Parameter | Mandatory | Type | Description | 
|---|---|---|---|
| project_id | Yes | String | Project ID. For details about how to obtain the project ID, see Appendix > Obtaining a Project ID in the ROMA Connect API Reference. | 
| instance_id | Yes | String | Instance ID. | 
Request Parameters
| Parameter | Mandatory | Type | Description | 
|---|---|---|---|
| X-Auth-Token | Yes | String | User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header). | 
| Parameter | Mandatory | Type | Description | 
|---|---|---|---|
| name | Yes | String | Custom authorizer name. The value contains 3 to 64 characters, including letters, digits, and underscores (_). The value must start with a letter. | 
| type | Yes | String | Custom authorizer type. 
 | 
| authorizer_type | Yes | String | Type of the custom authentication function. 
 | 
| authorizer_uri | Yes | String | Function URN. Note: To use a custom backend function API, the API request method must be POST and the API status must be Deployed. | 
| network_type | No | String | Function network architecture: 
 Note: This field does not take effect in APIC scenarios. | 
| authorizer_version | No | String | Function version. If both the alias and version are specified, the version will be ignored and only the alias will be used. | 
| authorizer_alias_uri | No | String | Function alias. If both the alias and version are specified, the version will be ignored and only the alias will be used. | 
| identities | No | Array of Identity objects | Authentication source. | 
| ttl | No | Integer | Cache time. | 
| user_data | No | String | User data. | 
| ld_api_id | No | String | Custom backend service ID. This parameter is mandatory when the type of the user-defined authentication function is LD. | 
| need_body | No | Boolean | Indicates whether to send request body. | 
| auth_downgrade_enabled | No | Boolean | Relaxed mode. (Whether the gateway receives requests from clients when the function authentication service cannot be connected or returns an error code starting with "5".) | 
| Parameter | Mandatory | Type | Description | 
|---|---|---|---|
| name | Yes | String | Parameter name. The value must start with a digit or letter, and can include digits, letters, underscores (_), hyphens (-), and periods (.). | 
| location | Yes | String | Parameter location. | 
| validation | No | String | Parameter verification expression. The default value is null, indicating that no verification is performed. | 
Response Parameters
Status code: 201
| Parameter | Type | Description | 
|---|---|---|
| name | String | Custom authorizer name. The value contains 3 to 64 characters, including letters, digits, and underscores (_). The value must start with a letter. | 
| type | String | Custom authorizer type. 
 | 
| authorizer_type | String | Type of the custom authentication function. 
 | 
| authorizer_uri | String | Function URN. Note: To use a custom backend function API, the API request method must be POST and the API status must be Deployed. | 
| network_type | String | Function network architecture: 
 Note: This field does not take effect in APIC scenarios. | 
| authorizer_version | String | Function version. If both the alias and version are specified, the version will be ignored and only the alias will be used. | 
| authorizer_alias_uri | String | Function alias. If both the alias and version are specified, the version will be ignored and only the alias will be used. | 
| identities | Array of Identity objects | Authentication source. | 
| ttl | Integer | Cache time. | 
| user_data | String | User data. | 
| ld_api_id | String | Custom backend service ID. This parameter is mandatory when the type of the user-defined authentication function is LD. | 
| need_body | Boolean | Indicates whether to send request body. | 
| auth_downgrade_enabled | Boolean | Relaxed mode. (Whether the gateway receives requests from clients when the function authentication service cannot be connected or returns an error code starting with "5".) | 
| id | String | Custom authorizer ID. | 
| create_time | String | Creation time. | 
| roma_app_id | String | ID of the application to which the custom authorizer belongs. | 
| roma_app_name | String | Name of the application to which the custom authorizer belongs. | 
| Parameter | Type | Description | 
|---|---|---|
| name | String | Parameter name. The value must start with a digit or letter, and can include digits, letters, underscores (_), hyphens (-), and periods (.). | 
| location | String | Parameter location. | 
| validation | String | Parameter verification expression. The default value is null, indicating that no verification is performed. | 
Status code: 400
| Parameter | Type | Description | 
|---|---|---|
| error_code | String | Error code. | 
| error_msg | String | Error description. | 
Status code: 401
| Parameter | Type | Description | 
|---|---|---|
| error_code | String | Error code. | 
| error_msg | String | Error description. | 
Status code: 403
| Parameter | Type | Description | 
|---|---|---|
| error_code | String | Error code. | 
| error_msg | String | Error description. | 
Status code: 404
| Parameter | Type | Description | 
|---|---|---|
| error_code | String | Error code. | 
| error_msg | String | Error description. | 
Status code: 500
| Parameter | Type | Description | 
|---|---|---|
| error_code | String | Error code. | 
| error_msg | String | Error description. | 
Example Requests
Create a custom frontend authorizer with function type as custom backend function and authentication source as header.
{
  "name" : "Authorizer_demo",
  "type" : "FRONTEND",
  "authorizer_type" : "LD",
  "ld_api_id" : "6f8e61317e4e4fbf8e8220cc19fcced9",
  "authorizer_uri" : "/test",
  "network_type" : "",
  "authorizer_version" : "",
  "authorizer_alias_uri" : "",
  "identities" : [ {
    "name" : "header",
    "location" : "HEADER"
  } ],
  "ttl" : 5
}
 Example Responses
Status code: 201
Created
{
  "name" : "Authorizer_demo",
  "type" : "FRONTEND",
  "authorizer_type" : "LD",
  "authorizer_uri" : "/test",
  "network_type" : "",
  "authorizer_version" : "",
  "authorizer_alias_uri" : "",
  "identities" : [ {
    "name" : "header",
    "location" : "HEADER"
  } ],
  "ttl" : 5,
  "id" : "0d982c1ac3da493dae47627b6439fc5c",
  "create_time" : "2020-09-23T02:32:10.354159293Z",
  "need_body" : true
}
  Status code: 400
Bad Request
{
  "error_code" : "APIG.2011",
  "error_msg" : "Invalid parameter value,parameterName:type. Please refer to the support documentation"
}
  Status code: 401
Unauthorized
{
  "error_code" : "APIG.1002",
  "error_msg" : "Incorrect token or token resolution failed"
}
  Status code: 403
Forbidden
{
  "error_code" : "APIG.1005",
  "error_msg" : "No permissions to request this method"
}
  Status code: 404
Not Found
{
  "error_code" : "APIG.3019",
  "error_msg" : "The function URN does not exist"
}
  Status code: 500
Internal Server Error
{
  "error_code" : "APIG.9999",
  "error_msg" : "System error"
}
 Status Codes
| Status Code | Description | 
|---|---|
| 201 | Created | 
| 400 | Bad Request | 
| 401 | Unauthorized | 
| 403 | Forbidden | 
| 404 | Not Found | 
| 500 | Internal Server Error | 
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot 
    