检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Common Errors Related to IAM Authentication Information When an API using IAM authentication is called, the following IAM authentication error may be encountered: Incorrect IAM authentication information: verify aksk signature fail Incorrect IAM authentication information: AK access
Developing API Calling Authentication (IAM) Token Authentication AK/SK Authentication Parent topic: Developer Guide for Service Integration
Parent topic: Developing API Calling Authentication (IAM)
Parent topic: Developing API Calling Authentication (IAM)
Create a user group on the IAM console, and assign the ROMA ReadOnlyAccess policy to the group. Create an IAM user. Create a user on the IAM console and add the user to the group created in 1. Log in and verify permissions.
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
IAM is free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. ROMA Connect Permissions By default, new IAM users do not have any permissions assigned.
For example, you have obtained the IAM endpoint (iam.xxx.com) of a region and found resource-path (/v3/auth/tokens) in the URI of the API that is used to obtain a user token.
In the dialog box displayed, grant permissions to IAM users. In the Users area, select the IAM users to be authorized. In the Selected area, configure management permissions of the integration application for selected IAM users.
Configuration Example Prerequisites You have obtained the endpoint address of the region where IAM and ROMA Connect are deployed. You have obtained the ROMA Connect instance ID as well as the project ID of the region where the instance is located.
For IAM users, the integration applications created by themselves are called self-created applications, and the integration applications created and authorized by other IAM users are called authorized applications.
This option is available only to APIs using IAM authentication. The restriction also applies to the IAM users under the specified accounts. IAM users cannot be specified separately. Account ID: restricts API calling by account ID.
IAM authentication (with a token): The service system obtains the authentication token from the cloud service and secures the API request with the token. IAM authentication (with an AK/SK pair): The service system integrates the ROMA Connect SDK to sign API requests.
IAM authentication (with AK/SK) Sign API requests using the obtained SDK. For details, see AK/SK Authentication. IAM authentication (two-factor) An API request carries authentication information of both IAM authentication and custom authentication.
IAM authentication (with AK/SK) Sign API requests using the obtained SDK. For details, see AK/SK Authentication. IAM authentication (two-factor) An API request carries authentication information of both IAM authentication and custom authentication.
IAM user An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys). The account name, username, and password will be required for API authentication.
This option is available only to APIs using IAM authentication. The restriction also applies to the IAM users under the specified accounts. IAM users cannot be specified separately. Effect Select the access control type. This parameter is used along with Restriction Type.
Developer Guide for Service Integration Overview Developing API Calling Authentication (App) Developing API Calling Authentication (IAM) Developing Custom Function Backends Developing Custom Data Backends Developing Signature Verification for Backend Services
Integration Backend Service Fails to Be Invoked Error Message "No backend available" Is Displayed When an API Is Called Error Message "The API does not exist or has not been published in an environment" Is Displayed When an API Is Called Using JavaScript Common Errors Related to IAM
Identity and Access Management (IAM) IAM provides identity authentication, permissions management, and access control on a cloud platform. With IAM, you can control access to ROMA Connect.
