All Products
Search

This Product

    Dataphin:Manage API permissions

    Document Center

    Dataphin:Manage API permissions

    Last Updated:Nov 18, 2025

    You need to request API permissions before you can call an API. This topic explains how to request and return API permissions.

    Prerequisites

    You have purchased the DataService Studio value-added service and enabled the DataService Studio module for the current tenant. For more information about how to enable the module, see Tenant management.

    Permission description

    Only application owners can return API permissions.

    Request API permissions

    1. In the top menu bar of the Dataphin home page, select Management Center > Permission Management.

    2. In the navigation pane on the left, select My Permissions > Data Service Permission. Then click API Permission in the top menu bar. On the API Permission tab, click the + Request API Permission button in the upper-right corner.

    3. On the API Permission Request page, configure the parameters.

      Parameter

      Description

      API Permission Object

      API

      Select an API based on the service project and API group. If you request API permissions for a personal account, select a service project that the current operator has joined to ensure the request is successful.

      Account Type

      Select the account type for API authorization. You can select Application or User Account. The system selects Application by default.

      • Application: You can grant permissions only to applications when the API operation type is Create, Update, or Delete.

      • User Account: If you select User Account, the API is in the development environment, and the API is in Basic mode, the API accesses the production data environment. Proceed with caution. If the API is in the development environment and is in Dev-Prod mode, the API accesses the development data environment.

      API Runtime Environment

      This configuration is required when the account type is application. Select the runtime environment for the API. You can select Development Environment and Production Environment. Multiple selections are supported.

      Note

      The API runs based on the selected runtime environment. When the API runtime environment is set to the development environment, the API runs based on the configuration submitted to the development environment. When the API runtime environment is set to the production environment, the API runs based on the configuration published to the production environment.

      Permission Project

      Displayed based on the service project selected by the API. Modification is not supported.

      Application

      This parameter is required if you set Account Type to Application. Select an application from an application group. You can select an application that the current operator has joined.

      Permission Field Table

      This configuration is required when the account type is application. Optional fields will be selected based on the API runtime environment, either production environment or development environment, for which authorization is required. If the API is associated with row-level permissions, the system will identify it as Row-level Permission Active. You can click the View Row-level Permission button to view the row-level permission information for the corresponding environment in the View Row-level Permission panel.

      Note

      • When the API selects the development environment and is in Basic mode, the data environment accessed is the production data environment. Proceed with caution.

      • When the API runtime environment is the production environment, you can select the return parameters of the current API online version. When the API runtime environment is the development environment, you can select the return parameters of the current API latest version in the development environment.

      • When an application requests proxy mode permissions to call an API, the system returns data based on the row-level permissions of the delegated user. If the application does not have proxy mode permissions, data is returned based on the application's row-level permissions.

      • When the API operation type is Create, Update, or Delete, data is accessed based on the API runtime environment, and you do not need to select fields.

      Permission Configuration

      Permission Type

      The system selects Usage Permission by default. Modification is not supported. When the account type is application, you can select Proxy Permission.

      • Usage Permission: You can request only usage permissions when the API operation type is Create, Update, or Delete.

      • Proxy Permission: This permission takes effect if the API has row-level permissions enabled and the DelegationUid parameter is not empty. You can configure the row-level permission parameter in the common parameter list on the call page of DataService Studio > Call > Authorized API Services. To call an API, you must request proxy mode permissions. This allows the application to make calls to APIs that are associated with row-level permissions on behalf of a user. For more information about the direct connection and proxy modes for API calls, see Direct connection and proxy modes for API calls and tests.

      Validity Period

      Select 30 Days, 90 Days, 180 Days, or Long-term. Alternatively, select Custom and specify an end date.

      Reason For Application

      Enter the reason for the application to facilitate the approver's review. No more than 128 characters.

    4. Click Submit to complete the API permission request.

    Return API permissions

    1. On the API Permission tab, click Actions under the target API column and select Return.

    2. In the Return Permission dialog box, click Confirm to finalize the return of the API permission.