All Products
Search
Document Center

Mini Program permission control

Last Updated: Feb 05, 2021

In order to control the access scope of the Mini Program in the App, you can add Server domain name whitelist, API whitelist, and Built-in WebView domain name whitelist for the Mini Program in the mPaaS console. After the Mini Program permission control switch in the figure below is turned on, only the resources added to the whitelist can be accessed or used by the current Mini Program.

  • Server domain name whitelist: Refers to the domain name whitelist of the target server (input URL) in my.request. HTTPS protocol supported, up to 30 domain names can be added.
  • API whitelist: The API whitelist called by the Mini Program. If permission control is enabled, APIs that are not added to the whitelist cannot be successfully called by the Mini Program.
    Note: The API provided by the mPaaS official website has been added with permission files by default, and no configuration is required. You only need to configure your custom API here.
  • Built-in WebView domain name whitelist: The access addresses whitelist of web-view component. HTTPS protocol supported.

permission control

Prerequisite

You have created a Mini Program in the Mini Program package management.

Select a Mini Program

At the top of the page, you can select an existing Mini Program through the drop-down list. After selection, the name and AppId of the Mini Program will be displayed below.

Note: The Mini Programs created in the Mini Program package management tab on the left will be synchronized to this drop-down list in real time.

Select a Mini Program

Permission control switch

Through the Mini Program permission control switch, you can choose whether to enable the Server domain name whitelist, API whitelist, and Built-in WebView domain name whitelist, so as to realize the permission control of the selected Mini Program.

switch

Server domain name whitelist

In the whitelist configuration area below, you can add server domain names to the whitelist.

Server domain name whitelist

Add a server domain name to the whitelist

  1. Log in to the mPaaS console and select an application. In the left navigation bar, select Mini Program > Release Mini Program.
  2. Select the Manage open platform Mini Program tab, and click Add in the Server domain name whitelist tab below.
  3. In the pop-up Add server domain name whitelist window, enter the following information:
    添加服务器域名白名单
    • Domain name: Required. Only the server domain name of HTTPS protocol is supported here. For non-HTTPS domain names, it will be intercepted when calling.
    • Remark: Optional, enter the description of this domain name, up to 200 characters.
  4. Click OK to finish.
    Note: You can add up to 30 server domain names to the whitelist.

Edit and delete a server domain name

All server domain names in the whitelist list can be edited. Click Edit in the Operation column on the right to change the server domain name and its description.

To delete a server domain name from the whitelist, click Delete in the Operation column on the right, and click OK in the pop-up confirmation box to delete the server domain name.

delete

API whitelist

In the whitelist configuration area below, you can add Mini Program APIs to the whitelist.

API whitelist

Add an API to the whitelist

  1. Log in to the mPaaS console and select an application. In the left navigation bar, select Mini Program > Release Mini Program.
  2. Select the Manage open platform Mini Program tab, and click Add in the API whitelist tab below.
  3. In the pop-up Add Mini Program API Whitelist window, enter the following information: Add an API to the whitelist
    • API: The API to be added to the whitelist.
    • Remark: Optional, enter the description information of this API, up to 200 characters.
  4. Click OK to finish.

Edit and delete an API

All APIs in the whitelist list can be edited. Click Edit in the Operation column on the right to change the API and its description.

To delete an API from the whitelist, click Delete in the Operation column on the right, and click OK in the pop-up confirmation box to delete the API.

delete

Built-in WebView domain name whitelist

In the whitelist configuration area below, you can add built-in WebView domain names to the whitelist.

Built-in WebView domain name whitelist

Add a built-in WebView domain name to the whitelist

  1. Log in to the mPaaS console and select an application. In the left navigation bar, select Mini Program > Release Mini Program.
  2. Select the Manage open platform Mini Program tab, and click Add in the Built-in WebView domain name whitelist tab below.
  3. In the pop-up Add WebView domain Name whitelist window, enter the following information: Add domain name to the whitelist
    • Domain name: Required. Only the server domain name of HTTPS protocol is supported here. For non-HTTPS domain names, it will be intercepted when calling.
    • Remark: Optional, enter the description of this domain name, up to 200 characters.
  4. Click OK to finish.

Edit and delete a built-in WebView domain name

All WebView domain names in the whitelist list can be edited. Click Edit in the Operation column on the right to change the WebView domain name and its description.

To delete a WebView domain name from the whitelist, click Delete in the Operation column on the right, and click OK in the pop-up confirmation box to delete the WebView domain name.

delete