All Products
Search
Document Center

API Gateway:Consumer authorization

Last Updated:Jun 17, 2026

Manage authorization for API consumers to ensure that only authenticated and authorized requests can access your service resources.

Authorize a consumer

  1. Log on to the API Gateway console.

  2. In the left-side navigation pane, click Consumers. In the top navigation bar, select a region.

  3. On the Consumers page, click the name of a consumer to open its details page. Click the Consumer authorization tab, and then click Authorization.

  4. In the authorization panel, configure the parameters and click OK.

    Parameter

    Description

    Authorization level

    API Type

    Select an API type. Valid values are REST API, HTTP API, and WebSocket API.

    Operation, Route, API

    Effective For

    Select the gateway instance to which the authorization applies.

    Operation, API

    Authorization Scope

    Select the authorization scope. You can grant access at the Operation, Routes, or API level.

    Operation, Route, API

    Effective API

    Select the API that contains the operation or route.

    Operation, Route

    Effective Version

    If versioning is enabled for the REST API, select the applicable version.

    Operation

    Select interfaces

    Select the operation to authorize.

    Operation

    Select Route

    Select the route to authorize.

    Route

    Show only APIs Published to This Instance

    Lists only the APIs published to the selected gateway instance.

    API

    Select API

    Select the API to authorize.

    API

Revoke authorization

  1. Log on to the API Gateway console.

  2. In the left-side navigation pane, click Consumers. In the top navigation bar, select a region.

  3. On the Consumers page, click the name of a consumer to open its details page, and then click the Consumer authorization tab.

  4. On the authorization list, perform the following steps based on the API type:

    • REST API

      Expand the API entry by clicking the image icon on the left. In the Actions column for an operation, click Revoke Authorization. In the confirmation dialog box, click OK. To revoke authorization for multiple operations at once, select the checkboxes for the operations, click Batch Revoke, and then click OK in the Batch Revoke dialog box.

    • WebSocket API and HTTP API

      Expand the API entry by clicking the image icon on the left. In the Actions column for a route, click Revoke Authorization. In the confirmation dialog box, click OK. To revoke authorization for multiple routes at once, select the checkboxes for the routes, click Batch Revoke, and then click OK in the Batch Revoke dialog box.

Related documentation

For more information about consumer authentication and authorization, see Consumer authentication and authorization.