检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For details about IAM authentication, see Using IAM Authentication to Call APIs. Scenario SDKs are used when you call APIs through app authentication. Download SDKs and related documentation and then call APIs by following the instructions in the documentation.
Developing a Custom Authorizer with FunctionGraph Scenario In addition to IAM and app authentication, APIG also supports custom authentication with your own authentication system, which can better adapt to your business capabilities.
Scheme Object (2.0)/Security Scheme Object (3.0) Swagger: securityDefinitions: apig-auth-app: in: header name: Authorization type: apiKey x-apigateway-auth-type: AppSigv1 apig-auth-iam: in: header name: unused type: apiKey x-apigateway-auth-type: IAM
APIG.0301 Incorrect IAM authentication information. 401 The IAM authentication details are incorrect. Check the token by referring to Common Errors Related to IAM Authentication Information.
AppSigv1 and IAM are supported. type Yes String Authentication type. Only apiKey is supported. name Yes String Name of the parameter for authentication. in Yes String Only header is supported. description No String Description about the authentication.
Example Requests Add whitelist records for a vpc endpoint service. { "permissions" : [ "iam:domain::7cc2018e40394f7c9692f1713e76234d" ] } Example Responses Status code: 200 OK { "permissions" : [ "iam:domain::930ba6b0ea64457e8ed1861e596c7a9a" ] } Status code: 401 Unauthorized
Example Requests Delete whitelist records for a vpc endpoint service. { "permissions" : [ "iam:domain::7cc2018e40394f7c9692f1713e76234d" ] } Example Responses Status code: 200 OK { "permissions" : [ "iam:domain::930ba6b0ea64457e8ed1861e596c7a9a" ] } Status code: 401 Unauthorized
IAM (token) Obtain the username and password for the cloud platform. IAM (AK/SK) Obtain the AK/SK of an account for the cloud platform and the signing SDK.
AppSigv1 apig-auth-app-header: type: apiKey name: Authorization in: header x-apigateway-auth-opt: appcode-auth-type: header x-apigateway-auth-type: AppSigv1 apig-auth-iam: type: apiKey name: unused in: header x-apigateway-auth-type: IAM
For security purposes, create IAM users and grant them permissions for routine management. IAM user A user is created using a domain to use cloud services. Each user has its own identity credentials (password and access keys).
IAM (token) Obtain the username and password for the cloud platform. IAM (AK/SK) Obtain the AK/SK of an account for the cloud platform and the signing SDK. Custom Obtain the custom authentication information to carry in request parameters from the API provider.
APIG.0802 The IAM user is forbidden in the currently selected region 403 The IAM user is disabled in the current region. Contact technical support. APIG.2102 PublicKey is null 400 The signature key is not found. Contact technical support.
Why Can't I Create a Header Parameter Named x-auth-token for an API Called Through IAM Authentication? Can Mobile Apps Call APIs? Can Applications Deployed in a VPC Call APIs? Does APIG Support WebSocket Data Transmission?
Account ID: Control IAM authentication–based API access by account ID, not IAM user ID. Configure a single or multiple account IDs separated by commas (,). Each account ID contains 32 characters (letters and digits), separated by commas (,). Max. 1,024 characters.
API Authentication App Authentication Preparation for App Authentication App Authentication for Java IAM Authentication App Authentication for Python Backend Service Signatures Java Python C# 02 Purchase Purchase dedicated gateways to manage APIs.
Minimum: 1 Maximum: 500 Default: 20 permission No String Permission account ID in format "iam:domain::domain_id". Fuzzy search is supported. Request Parameters Table 3 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String User token.
x-apigateway-responses: {} Importing a Function Backend Service API Import the request parameter definition of a FunctionGraph backend service API that uses the GET method and is accessed through IAM authentication.
NOTE: APIG performs access control on accounts, not IAM users created using accounts. Click OK. You can bind the policy to APIs to control API access. Binding an Access Control Policy to an API Go to the page for binding an access control policy to an API.
Restrictions Before adding a backend policy, set the security authentication mode of the frontend to Custom or enable Two-Factor Authentication (App or IAM authentication). API requests that do not meet the conditions of any backend will be forwarded to the default backend.
Contact technical support. 500 APIG.9004 IAM request failed. IAM request failed. Contact technical support. 500 APIG.9005 VPC request failed. VPC request failed. Contact technical support. 500 APIG.9006 DNS request failed. DNS request failed.
