检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
With IAM, you can: Create IAM users for employees in your Huawei Cloud Account based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing APIG resources.
Using IAM Identity Policies to Grant Access to APIG Identity policies provided by Identity and Access Management (IAM) let you control access to APIG.
Using IAM to Grant Access to APIG Using IAM Roles or Policies to Grant Access to APIG Using IAM Identity Policies to Grant Access to APIG
You may encounter the following errors related to IAM authentication information: Incorrect IAM authentication information: verify aksk signature fail Incorrect IAM authentication information: AK access failed to reach the limit,forbidden Incorrect IAM authentication information:
AppSigv1: App authentication IAM: IAM authentication type Yes String Authentication type. Only apiKey is supported. name Yes String Name of the parameter for authentication. in Yes String Only header is supported. description No String Description.
Why Can't I Create a Header Parameter Named x-auth-token for an API Called Through IAM Authentication? The header parameter x-auth-token has already been defined in APIG. To use this parameter to call an API, add the parameter and its value to the request header.
Identity Authentication and Access Control APIG provides API authentication, including app authentication, IAM authentication, and custom authorizer. In IAM authentication scenarios, the token expiration time is determined by IAM when you call APIs using a token.
Calling APIs Through IAM Authentication Token Authentication AK/SK Authentication
Configuring Two-factor Authentication (App + Custom) Scenario Two-factor authentication allows you to customize an API authentication policy together with the app or IAM authentication.
Identity authentication Configure IAM or App authentication for APIs to prevent malicious calling. Access control policies Configure a whitelist or blacklist of IP addresses/IP address ranges or accounts for APIs to secure access.
Developing a Custom Authorizer with FunctionGraph Scenario In addition to IAM and app authentication, APIG also supports custom authentication with your own authentication system, which can better adapt to your business capabilities.
IAM (token) Obtain the username and password for the cloud platform. IAM (AK/SK) Obtain the AK/SK of an account for the cloud platform and the signing SDK.
Assume that an IAM user wants to call an API to publish an API. With role/policy-based authorization, the IAM user must be granted the permissions allowing for action apig:api:publish.
General Procedure Configuring the API Frontend Set the security authentication mode of the API frontend to Custom or enable Two-Factor Authentication (app or IAM authentication), and select a custom authorizer.
Related Documents IAM Service Overview Using IAM to Grant Access to APIG Permissions Policies and Supported Actions
Parent topic: Calling APIs Through IAM Authentication
APIG.0301 Incorrect IAM authentication information. 401 The IAM authentication details are incorrect. Check the token by referring to Common Errors Related to IAM Authentication Information.
Replace {user_name} and {password} respectively with the username and password of the IAM server. {project_id}: The project ID.
For details about IAM authentication, see Using IAM Authentication to Call APIs. Scenario SDKs are used when you call APIs through app authentication. Download SDKs and related documentation and then call APIs by following the instructions in the documentation.
API calling through IAM authentication (token authentication): API callers obtain a token from the cloud service platform and add the token to their API requests.
