CDN API Authentication Rules

Last Updated: Sep 21, 2017

When a sub-account requests access to main account CDN resources using CDN Open APIs, the CDN backend sends a request to RAM to check access levels, to make sure that the resource owner indeed has granted access to these resources to the caller.

Each CDN API determines the access to which resources needs to be checked according to the involved resources and the semantics of the API. The authentication rules for each API are shown in the following table.

API Authentication Rules
OpenCdnService acs:cdn::$accountid:
DescribeCdnService acs:cdn::$accountid:
ModifyCdnService acs:cdn::$accountid:
DescribeUserDomains acs:cdn::$accountid:domain/
DescribeCdnDomainDetail acs:cdn:*:$accountid:domain/$domainName
AddCdnDomain acs:cdn::$accountid:domain/
StartCdnDomain acs:cdn:*:$accountid:domain/$domainName
StopCdnDomain acs:cdn:*:$accountid:domain/$domainName
DeleteCdnDomain acs:cdn:*:$accountid:domain/$domainName
DescribeDomainConfigs acs:cdn:*:$accountid:domain/$domainName
SetOptimizeConfig acs:cdn:*:$accountid:domain/$domainName
SetPageCompressConfig acs:cdn:*:$accountid:domain/$domainName
SetIgnoreQueryStringConfig acs:cdn:*:$accountid:domain/$domainName
SetRangeConfig acs:cdn:*:$accountid:domain/$domainName
SetVideoSeekConfig acs:cdn:*:$accountid:domain/$domainName
SetSourceHostConfig acs:cdn:*:$accountid:domain/$domainName
SetErrorPageConfig acs:cdn:*:$accountid:domain/$domainName
SetForceRedirectConfig acs:cdn:*:$accountid:domain/$domainName
SetRefererConfig acs:cdn:*:$accountid:domain/$domainName
SetFileCacheExpiredConfig acs:cdn:*:$accountid:domain/$domainName
SetPathCacheExpiredConfig acs:cdn:*:$accountid:domain/$domainName
ModifyFileCacheExpiredConfig acs:cdn:*:$accountid:domain/$domainName
ModifyPathCacheExpiredConfig acs:cdn:*:$accountid:domain/$domainName
DeleteCacheExpiredConfig acs:cdn:*:$accountid:domain/$domainName
SetReqAuthConfig acs:cdn:*:$accountid:domain/$domainName
SetHttpHeaderConfig acs:cdn:*:$accountid:domain/$domainName
ModifyHttpHeaderConfig acs:cdn:*:$accountid:domain/$domainName
DeleteHttpHeaderConfig acs:cdn:*:$accountid:domain/$domainName
RefreshObjectCaches acs:cdn::$accountid:domain/
PushObjectCache acs:cdn::$accountid:domain/
DescribeRefreshTasks acs:cdn::$accountid:domain/
DescribeRefreshQuota acs:cdn::$accountid:domain/
DescribeLiveStreamsPublishList acs:cdn:*:$accountid:domain/$domainName
DescribeLiveStreamsOnlineList acs:cdn:*:$accountid:domain/$domainName
DescribeLiveStreamsBlockList acs:cdn:*:$accountid:domain/$domainName
DescribeLiveStreamsControlHistory acs:cdn:*:$accountid:domain/$domainName
DescribeLiveStreamOnlineUserNum acs:cdn:*:$accountid:domain/$domainName
ForbidLiveStream acs:cdn:*:$accountid:domain/$domainName
ResumeLiveStream acs:cdn:*:$accountid:domain/$domainName
SetLiveStreamsNotifyUrlConfig acs:cdn:*:$accountid:domain/$domainName
DescribeDomainBpsData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainFlowData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainSrcBpsData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainSrcFlowData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainHitRateData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainQpsData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainHttpCodeData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainsUsageByDay acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeTopDomainsByFlow acs:cdn::$accountid:domain/
DescribeDomainPvData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainUvData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainRegionData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainISPData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainTopUrlVisit acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainTopReferVisitl acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainFileSizeProportionData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainCCData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeDomainWafData acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeCdnDomainLogs acs:cdn::$accountid:domain/
acs:cdn:*:$accountid:domain/$domainName
DescribeIpInfo acs:cdn::$accountid:domain/
Thank you! We've received your feedback.