All Products
Search
Document Center

Mobile Platform as a Service:Mini Program permission control

Last Updated:Jul 26, 2023

In order to control the access scope of the Mini Program in the App, you can add Server domain name whitelist, API whitelist, and Built-in WebView domain name whitelist for the Mini Program in the mPaaS console. After the Mini Program permission control switch is turned on, only the resources added to the whitelist can be accessed or used by the current Mini Program.

  • Server domain name whitelist: Refers to the domain name whitelist of the target server (input URL) in my.request. HTTPS protocol supported, up to 30 domain names can be added.

  • API whitelist: The API whitelist called by the Mini Program. If permission control is enabled, APIs that are not added to the whitelist cannot be successfully called by the Mini Program.

    Note

    The API provided by the mPaaS official website has been added with permission files by default, and no configuration is required. You only need to configure your custom API here.

  • Built-in WebView domain name whitelist: The access addresses whitelist of web-view component. HTTPS protocol supported.

Prerequisite

You have created a Mini Program in the Mini Program package management.

Select a Mini Program

At the top of the page, you can select an existing Mini Program through the drop-down list. After selection, the name and AppId of the Mini Program will be displayed below.

Note

The Mini Programs created in the Mini Program package management tab on the left will be synchronized to this drop-down list in real time.

Permission control switch

Through the Mini Program permission control switch, you can choose whether to enable the Server domain name whitelist, API whitelist, and Built-in WebView domain name whitelist, so as to realize the permission control of the selected Mini Program.

Server domain name whitelist

In the whitelist configuration area below, you can add server domain names to the whitelist.

Add a server domain name to the whitelist

  1. Log in to the mPaaS console and select an application. In the left navigation bar, select Mini Program > Release Mini Program.

  2. Select the Manage open platform Mini Program tab, and click Add in the Server domain name whitelist tab below.

  3. In the pop-up Add server domain name whitelist window, enter the following information:

    • Domain name: Required. Only the server domain name of HTTPS protocol is supported here. For non-HTTPS domain names, it will be intercepted when calling.

    • Remark: Optional, enter the description of this domain name, up to 200 characters.

  4. Click OK to finish.

    Note

    You can add up to 30 server domain names to the whitelist.

Edit and delete a server domain name

All server domain names in the whitelist list can be edited. Click Edit in the Operation column on the right to change the server domain name and its description.

To delete a server domain name from the whitelist, click Delete in the Operation column on the right, and click OK in the pop-up confirmation box to delete the server domain name.

API whitelist

In the whitelist configuration area below, you can add Mini Program APIs to the whitelist.

Add an API to the whitelist

  1. Log in to the mPaaS console and select an application. In the left navigation bar, select Mini Program > Release Mini Program.

  2. Select the Manage open platform Mini Program tab, and click Add in the API whitelist tab below.

  3. In the pop-up Add Mini Program API Whitelist window, enter the following information:

    • API: The API to be added to the whitelist.

    • Remark: Optional, enter the description information of this API, up to 200 characters.

  4. Click OK to finish.

Edit and delete an API

All APIs in the whitelist list can be edited. Click Edit in the Operation column on the right to change the API and its description.

To delete an API from the whitelist, click Delete in the Operation column on the right, and click OK in the pop-up confirmation box to delete the API.

Built-in WebView domain name whitelist

In the whitelist configuration area below, you can add built-in WebView domain names to the whitelist.

Add a built-in WebView domain name to the whitelist

  1. Log in to the mPaaS console and select an application. In the left navigation bar, select Mini Program > Release Mini Program.

  2. Select the Manage open platform Mini Program tab, and click Add in the Built-in WebView domain name whitelist tab below.

  3. In the pop-up Add WebView domain Name whitelist window, enter the following information:

    • Domain name: Required. Only the server domain name of HTTPS protocol is supported here. For non-HTTPS domain names, it will be intercepted when calling.

    • Remark: Optional, enter the description of this domain name, up to 200 characters.

  4. Click OK to finish.

Edit and delete a built-in WebView domain name

All WebView domain names in the whitelist list can be edited. Click Edit in the Operation column on the right to change the WebView domain name and its description.

To delete a WebView domain name from the whitelist, click Delete in the Operation column on the right, and click OK in the pop-up confirmation box to delete the WebView domain name.