检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
AppSigv1 apig-auth-app-header: type: apiKey name: Authorization in: header x-apigateway-auth-opt: appcode-auth-type: header x-apigateway-auth-type: AppSigv1 apig-auth-iam: type: apiKey name: unused in: header x-apigateway-auth-type: IAM
For security purposes, create IAM users and grant them permissions for routine management. IAM user A user is created using a domain to use cloud services. Each user has its own identity credentials (password and access keys).
IAM (token) Obtain the username and password for the cloud platform. IAM (AK/SK) Obtain the AK/SK of an account for the cloud platform and the signing SDK. Custom Obtain the custom authentication information to carry in request parameters from the API provider.
APIG.0802 The IAM user is forbidden in the currently selected region 403 The IAM user is disabled in the current region. Contact technical support. APIG.2102 PublicKey is null 400 The signature key is not found. Contact technical support.
Why Can't I Create a Header Parameter Named x-auth-token for an API Called Through IAM Authentication? Can Mobile Apps Call APIs? Can Applications Deployed in a VPC Call APIs? Does APIG Support WebSocket Data Transmission?
Account ID: Control IAM authentication–based API access by account ID, not IAM user ID. Configure a single or multiple account IDs separated by commas (,). Each account ID contains 32 characters (letters and digits), separated by commas (,). Max. 1,024 characters.
API Authentication App Authentication Preparation for App Authentication App Authentication for Java IAM Authentication App Authentication for Python Backend Service Signatures Java Python C# 02 Purchase Purchase dedicated gateways to manage APIs.
Minimum: 1 Maximum: 500 Default: 20 permission No String Permission account ID in format "iam:domain::domain_id". Fuzzy search is supported. Request Parameters Table 3 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String User token.
x-apigateway-responses: {} Importing a Function Backend Service API Import the request parameter definition of a FunctionGraph backend service API that uses the GET method and is accessed through IAM authentication.
NOTE: APIG performs access control on accounts, not IAM users created using accounts. Click OK. You can bind the policy to APIs to control API access. Binding an Access Control Policy to an API Go to the page for binding an access control policy to an API.
Restrictions Before adding a backend policy, set the security authentication mode of the frontend to Custom or enable Two-Factor Authentication (App or IAM authentication). API requests that do not meet the conditions of any backend will be forwarded to the default backend.
Contact technical support. 500 APIG.9004 IAM request failed. IAM request failed. Contact technical support. 500 APIG.9005 VPC request failed. VPC request failed. Contact technical support. 500 APIG.9006 DNS request failed. DNS request failed.
Table 1 Common practices Practice Description Developing a Custom Authorizer with FunctionGraph In addition to IAM and app authentication, APIG also supports custom authentication with your own authentication system, which can better adapt to your business capabilities.
Authentication Mode App and IAM authentication is supported. You can also choose not to authenticate requests. App: Requests will be authenticated by APIG. This authentication mode is recommended. IAM: Requests will be authenticated by IAM.
Options: NONE APP IAM AUTHORIZER match_mode String API matching mode.
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.
Specify an account ID (not IAM user ID) for an API with IAM authentication. For details, see Obtaining an Account Name and Account ID. Threshold The maximum number of times an API can be called by the tenant within a specified period.
NONE APP IAM AUTHORIZER match_mode String API matching mode. SWA: Prefix match. NORMAL: Exact match.
NONE APP IAM AUTHORIZER match_mode String API matching mode. SWA: Prefix match. NORMAL: Exact match.
If the authentication mode of the target API has been set to None or IAM, you do not need to create apps to call this API. Creating an App Access the shared gateway console. In the navigation pane, choose API Calling > Apps. Click Create App, and configure the app information.
