API Gateway:Manage authorizations

Prerequisites

Alibaba Cloud App is used as the security authentication method of the API.

1. Application

An application is an identity that is used to call an API. Each application has a key pair that consists of an AppKey and an AppSecret. When you use an application to call an API, the AppKey of the application must be specified as a header in the request and the AppSecret must be used to calculate a signature string that is attached to the request. For information about how to calculate and pass a signature, see Use digest authentication to call an API.

• Whoever obtains the AppKey and AppSecret pair of an application has all permissions on the application. You must keep AppKey and AppSecret pairs confidential. If you accidentally leak an AppKey and AppSecret pair, you can reset the pair in the API Gateway console.

• You can create multiple applications and authorize them to call different APIs based on your business requirements. Note that only applications, instead of Alibaba Cloud accounts, can be authorized to call APIs.

• In the API Gateway console, you can create, modify, or delete an application, view the details of an application, manage key pairs, and view the API that an application is authorized to call.

• You can add new AppKey and AppSecret pairs to an application and view the added key pairs on the application details page. Each of the new key pairs has all permissions on the application. If you no longer require an added key pair, you can also delete the key pair. However, you cannot delete the default key pair of an application, which is generated when you create the application.

Create an application

1. Log on to the API Gateway console. In the left-side navigation pane, choose Call APIs > Apps. On the Apps page, click Create App in the upper-right corner.

2. In the Create App dialog box, enter a name for your application and click Confirm.

2. Authorize an application to call an API

Applications must be authorized before they can be used to call an API. Only authorized applications can call the API.

• If you create your own application and API, you can authorize the application to call the API directly in the console.

• If you purchase an API from Alibaba Cloud Marketplace, you can authorize your application to call the purchased API. Alibaba Cloud Marketplace also creates an authorized application for you during the purchase. For more information, go to the Alibaba Cloud Marketplace console.

• If you want to call an API of another Alibaba Cloud account, API authorization must be performed by that account, also known as the API provider. You must create an application and provide the ID of the application to the API provider. Then, the API provider can find your application by using the application ID and authorize your application to call the API.

Procedure for API authorization

2.1 Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > APIs. On the APIs page, find the API that you want to manage and choose More > Authorize. More is displayed as three vertically arranged dots.

2.2 Select an environment and an application to allow the application to call the API in the selected environment. Select My Apps from the Choose Apps for Authorization drop-down list, enter the name of your application in the search box, and click Search. Your application is displayed.

If you want to authorize an application that belongs to another account, select App ID from the Choose Apps for Authorization drop-down list, enter the ID of the application, and click Search. The application is displayed.