CDN API Authentication Rules

Last Updated: Nov 09, 2017

When a subaccount requests access to resources of primary CDN account through CDN Open APIs, CDN backend sends one corresponding request to RAM to check authority granting, in order to ensure that the resource owner grants the caller access right to relevant resources.

Each different CDN API determines authority of relevant resources according to the involved resources and the semantics of the API. Authentication rules for each API are set out as following list:

API Authentication Rules
OpenCdnService acs:cdn::$accountid:
DescribeCdnService acs:cdn::$accountid:
ModifyCdnService acs:cdn::$accountid:
DescribeUserDomains acs:cdn::$accountid:domain/
DescribeCdnDomainDetail acs:cdn:*:$accountid:domain/$domainName
AddCdnDomain acs:cdn::$accountid:domain/
StartCdnDomain acs:cdn:*:$accountid:domain/$domainName
StopCdnDomain acs:cdn:*:$accountid:domain/$domainName
DeleteCdnDomain acs:cdn:*:$accountid:domain/$domainName
DescribeDomainConfigs acs:cdn:*:$accountid:domain/$domainName
SetOptimizeConfig acs:cdn:*:$accountid:domain/$domainName
SetPageCompressConfig acs:cdn:*:$accountid:domain/$domainName
SetIgnoreQueryStringConfig acs:cdn:*:$accountid:domain/$domainName
SetRangeConfig acs:cdn:*:$accountid:domain/$domainName
SetVideoSeekConfig acs:cdn:*:$accountid:domain/$domainName
SetSourceHostConfig acs:cdn:*:$accountid:domain/$domainName
SetErrorPageConfig acs:cdn:*:$accountid:domain/$domainName
SetForceRedirectConfig acs:cdn:*:$accountid:domain/$domainName
SetRefererConfig acs:cdn:*:$accountid:domain/$domainName
SetFileCacheExpiredConfig acs:cdn:*:$accountid:domain/$domainName
SetPathCacheExpiredConfig acs:cdn:*:$accountid:domain/$domainName
ModifyFileCacheExpiredConfig acs:cdn:*:$accountid:domain/$domainName
ModifyPathCacheExpiredConfig acs:cdn:*:$accountid:domain/$domainName
DeleteCacheExpiredConfig acs:cdn:*:$accountid:domain/$domainName
SetReqAuthConfig acs:cdn:*:$accountid:domain/$domainName
SetHttpHeaderConfig acs:cdn:*:$accountid:domain/$domainName
ModifyHttpHeaderConfig acs:cdn:*:$accountid:domain/$domainName
DeleteHttpHeaderConfig acs:cdn:*:$accountid:domain/$domainName
RefreshObjectCaches acs:cdn::$accountid:domain/
PushObjectCache acs:cdn::$accountid:domain/
DescribeRefreshTasks acs:cdn::$accountid:domain/
DescribeRefreshQuota acs:cdn::$accountid:domain/
DescribeLiveStreamsPublishList acs:cdn:*:$accountid:domain/$domainName
DescribeLiveStreamsOnlineList acs:cdn:*:$accountid:domain/$domainName
DescribeLiveStreamsBlockList acs:cdn:*:$accountid:domain/$domainName
DescribeLiveStreamsControlHistory acs:cdn:*:$accountid:domain/$domainName
DescribeLiveStreamOnlineUserNum acs:cdn:*:$accountid:domain/$domainName
ForbidLiveStream acs:cdn:*:$accountid:domain/$domainName
ResumeLiveStream acs:cdn:*:$accountid:domain/$domainName
SetLiveStreamsNotifyUrlConfig acs:cdn:*:$accountid:domain/$domainName
DescribeDomainBpsData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainFlowData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainSrcBpsData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainSrcFlowData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainHitRateData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainQpsData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainHttpCodeData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainsUsageByDay acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeTopDomainsByFlow acs:cdn::$accountid:domain/
DescribeDomainPvData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainUvData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainRegionData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainISPData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainTopUrlVisit acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainTopReferVisitl acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainFileSizeProportionData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainCCData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainWafData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeCdnDomainLogs acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeIpInfo acs:cdn::$accountid:domain/
Thank you! We've received your feedback.