GetGatewayAuthDetail - Microservices Engine - Alibaba Cloud Documentation Center

Retrieves the authentication details of a gateway.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

mse:GetGatewayAuthDetail

get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

None

Request parameters

Parameter	Type	Required	Description	Example
Id	integer	No	The authentication ID.	1100
GatewayId	integer	No	The ID of the gateway. You must configure this parameter or the GatewayUniqueId parameter.	2274
GatewayUniqueId	string	No	The unique ID of the gateway. You must configure this parameter or the GatewayId parameter. This parameter takes precedence over the GatewayId parameter.	gw-6f0dbd108a0249d2b675b3ef50b*****
AcceptLanguage	string	No	The language in which the returned results are displayed. Valid values: zh (default): Chinese. en: English.	zh

Response elements

Parameter	Type	Description	Example
	object	Schema of Response
RequestId	string	Request ID	9C96CDF8-9E6C-XXXX-XXXX-8F87A10117E6
HttpStatusCode	integer	HTTP status code.	200
Message	string	Message.	OK
Code	integer	The response code. The status code 200 indicates that the request was successful.	200
Success	boolean	Indicates whether the request was successful.	true
Data	object	Information about the authentication.
Id	integer	The authentication ID.	1100
Name	string	The authentication name.	test
GatewayUniqueId	string	The unique ID of the gateway for which authentication is enabled.	gw-6f0dbd108a0249d2b675b3ef50b*****
GatewayId	integer	The ID of the gateway for which authentication is enabled.	2274
Type	string	The authentication method. Valid values: JWT OIDC IDaaS ExternalAuthZ (custom authentication service)	JWT
Issuer	string	This parameter is valid if Type is set to JWT or OIDC: If Type is set to JWT, this parameter specifies the issuer of JWT claims. If Type is set to OIDC, this parameter specifies the issuer of OIDC claims.	https://example.com/auth
Jwks	string	The JWT public key in JSON format.	{\n \"keys\":[\n {\n \"kty\": \"RSA\",\n \"e\": \"AQAB\",\n \"use\": \"sig\",\n \"kid\": \"1rGufmH1YN8rqM9ZOLgo7eEST3AnL89Y-m-XGFioLoA\",\n \"alg\": \"RS256\",\n \"n\": \"rM2GIc0YTMqwNCwXnjKbW5QndkCEZgyLu3uQUnyZF7HvMTekiTvQg_39mg3dV1eaYYkYfZBogyroJBqAQXhk6VVCxlBjFVp2xstJPVWngMOOlcafwN_BKdN-EQ06O_Uu__e7gNKI3DunkNk0cNaFETE7d4meRYyTlgEzYgsrW05_ufR0BKoddL3E5JsCpUxRjH9ICbodBx0U74W6Dcci-R2EA1DBrEcboE6n90uoJs6UJNriAK_71nAsYonihU5aQFFnyPTkJHfRwHK6JlME6rn-b-rpLSpdyc6U1nOFZP2DEpz8U5FrYoLYSZIU-MQGxDhCnGc_rxl2IyP9B2qcCQ\"\n }\n ]\n}\n
IsWhite	boolean	Indicates whether a whitelist is used. Valid values: true: A whitelist is used. Only requests with the hostnames and paths that you specify in the whitelist can access the cloud-native gateway without authentication. false: A blacklist is used. Only requests with the hostnames and paths that you specify in the blacklist require authentication.	true
GmtCreate	string	The time when the authentication was created. The time was formatted as a GMT timestamp.	2024-02-19T02:41:03.000+0000
GmtModified	string	The time when the authentication was modified. The time was formatted as a GMT timestamp.	2024-02-19T02:41:03.000+0000
TokenPosition	string	The type of the JWT token: If this parameter is set to HEADER, the token is specified in the header.	HEADER
TokenName	string	The position where the JWT token is stored.	Authorization
TokenNamePrefix	string	The prefix of the JWT token.	Bearer
TokenPass	boolean	Indicates whether the token is passed through.	true
Status	boolean	Indicates whether authentication is enabled.	false
RedirectUrl	string	The URL for redirection after authentication is successful. This parameter is valid if Type is set to OIDC or IDaaS. The redirect URL must be the same as the redirect URL that you configured in OIDC or IDaaS.	https://yourdomain/path
ClientId	string	The ID of the application in the service registration information. This parameter is valid if Type is set to OIDC or IDaaS.	example-app
ClientSecret	string	The application secret in the service registration information. This parameter is valid if Type is set to OIDC or IDaaS.	xxxxx
CookieDomain	string	The domain name of the cookie. After the authentication is successful, the cookie is sent to the specified domain name to maintain the logon status. This parameter is valid if Type is set to OIDC or IDaaS.	hello.com
ScopesList	string	The OIDC scopes. The related parameter is valid if Type is set to OIDC.	["openid","email"]
LoginUrl	string	The URL that is used to log on to the IDaaS instance. This parameter is valid if Type is set to IDaaS.	https://daxxxxcn.aliyunidaas.com/
Sub	string	The subject of JWT claims. This parameter is valid if Type is set to JWT.	https://example.com/auth
ExternalAuthZ	object	The custom authentication information.
ServiceId	integer	The ID of the authentication service.	15300
PrefixPath	string	The path of the authentication API.	/auth
TokenKey	string	The header in which the token is in the request message. Common header types include Authorization and Cookie.	Authorization
AllowRequestHeaders	array	Allowed Request Headers
	string	The name of the allowed request header.	x-req
AllowUpstreamHeaders	array	Allowed Response Headers
	string	The name of the allowed response header.	x-resp
Timeout	integer	The timeout period of the authentication service. Unit: seconds.	10
IsRestrict	boolean	Indicates whether the strict authentication mode is used. Valid values: true: The strict mode is used. If the authentication service is unavailable when a connection to the authentication service fails to be established or a 5xx error code is returned, the gateway rejects requests from the client. false: The loose mode is used. If the authentication service is unavailable when a connection to the authentication service fails to be established or a 5xx error code is returned, the gateway still accepts requests from the client.	true
Service	object	Information about the authentication service.
Name	string	The name of the authentication service.	httpbin-auth-service
SourceType	string	The source of the authentication service.	K8S
GroupName	string	The group to which the authentication service belongs.	test
Namespace	string	The namespace to which the authentication service belongs.	default
WithRequestBody	boolean	Indicates whether bodies are carried in requests.	true
BodyMaxBytes	integer	The maximum number of bytes in a body.	4000000
WithRematchRoute	boolean
ResourceList	array	The authorization rules. The relationship among multiple rule conditions is OR, and the relationship among multiple match items in a rule condition is AND.
	object	The authentication rule.
Id	integer	The ID of the authentication rule.	1303
AuthId	integer	The ID of the authentication to which the rule belongs.	2274
DomainId	integer	The ID of the domain name in the rule.	1765
DomainName	string	The domain name in the rule.	example.com
Path	string	The match path in the rule.	/test
IsWhite	boolean	Specifies whether to use a whitelist. Valid values: true: A whitelist is used. Only requests with the hostnames and paths that you specify in the whitelist can access the cloud-native gateway without authentication. false: A blacklist is used. Only requests with the hostnames and paths that you specify in the blacklist require authentication.	true
GatewayId	integer	The ID of the gateway for which the authentication rule is configured.	2274
GatewayUniqueId	string	The unique ID of the gateway for which the authentication rule is configured.	gw-6f0dbd108a0249d2b675b3ef50b*****
GmtCreate	string	The time when the authentication rule was created. The time was formatted as a GMT timestamp.	2024-02-19T03:32:38.000+0000
GmtModified	string	The time when the authentication rule was modified. The time was formatted as a GMT timestamp.	2024-02-19T03:32:38.000+0000
MatchType	string	The method that is used to match requests based on paths. Valid values: EQUAL: exact match PRE: prefix match ERGULAR: regular expression match	EQUAL
IgnoreCase	boolean	Indicates whether case sensitivity is enabled for request paths. true: Case sensitivity is enabled. false: Case sensitivity is disabled.	true
AuthResourceHeaderList	array	The request headers in the rule. The related parameters are valid when Type is set to ExternalAuthZ.
	object
HeaderKey	string	Request header	x-req
HeaderMethod	string	Match condition: EQUAL NOT_EQUAL EXIST NOT_EXIST INCLUDE EXCLUDE PREFIX SUFFIX REGREX	EQUAL
HeaderValue	string	The value of the request header.	123
AuthResourceMode	integer	The authentication resource mode. Valid values: 0: simple mode 1: complex mode	0
AuthResourceConfig	string	YAML configuration in the complex mode.

Examples

Success response

JSON format

{
  "RequestId": "9C96CDF8-9E6C-XXXX-XXXX-8F87A10117E6",
  "HttpStatusCode": 200,
  "Message": "OK",
  "Code": 200,
  "Success": true,
  "Data": {
    "Id": 1100,
    "Name": "test",
    "GatewayUniqueId": "gw-6f0dbd108a0249d2b675b3ef50b*****",
    "GatewayId": 2274,
    "Type": "JWT",
    "Issuer": "https://example.com/auth",
    "Jwks": "{\\n  \\\"keys\\\":[\\n    {\\n      \\\"kty\\\": \\\"RSA\\\",\\n      \\\"e\\\": \\\"AQAB\\\",\\n      \\\"use\\\": \\\"sig\\\",\\n      \\\"kid\\\": \\\"1rGufmH1YN8rqM9ZOLgo7eEST3AnL89Y-m-XGFioLoA\\\",\\n      \\\"alg\\\": \\\"RS256\\\",\\n      \\\"n\\\": \\\"rM2GIc0YTMqwNCwXnjKbW5QndkCEZgyLu3uQUnyZF7HvMTekiTvQg_39mg3dV1eaYYkYfZBogyroJBqAQXhk6VVCxlBjFVp2xstJPVWngMOOlcafwN_BKdN-EQ06O_Uu__e7gNKI3DunkNk0cNaFETE7d4meRYyTlgEzYgsrW05_ufR0BKoddL3E5JsCpUxRjH9ICbodBx0U74W6Dcci-R2EA1DBrEcboE6n90uoJs6UJNriAK_71nAsYonihU5aQFFnyPTkJHfRwHK6JlME6rn-b-rpLSpdyc6U1nOFZP2DEpz8U5FrYoLYSZIU-MQGxDhCnGc_rxl2IyP9B2qcCQ\\\"\\n    }\\n  ]\\n}\\n",
    "IsWhite": true,
    "GmtCreate": "2024-02-19T02:41:03.000+0000",
    "GmtModified": "2024-02-19T02:41:03.000+0000",
    "TokenPosition": "HEADER",
    "TokenName": "Authorization",
    "TokenNamePrefix": "Bearer ",
    "TokenPass": true,
    "Status": false,
    "RedirectUrl": "https://yourdomain/path",
    "ClientId": "example-app",
    "ClientSecret": "xxxxx",
    "CookieDomain": "hello.com",
    "ScopesList": "[\"openid\",\"email\"]",
    "LoginUrl": "https://daxxxxcn.aliyunidaas.com/",
    "Sub": "https://example.com/auth",
    "ExternalAuthZ": {
      "ServiceId": 15300,
      "PrefixPath": "/auth",
      "TokenKey": "Authorization",
      "AllowRequestHeaders": [
        "x-req"
      ],
      "AllowUpstreamHeaders": [
        "x-resp"
      ],
      "Timeout": 10,
      "IsRestrict": true,
      "Service": {
        "Name": " httpbin-auth-service",
        "SourceType": "K8S",
        "GroupName": "test",
        "Namespace": "default"
      },
      "WithRequestBody": true,
      "BodyMaxBytes": 4000000,
      "WithRematchRoute": true
    },
    "ResourceList": [
      {
        "Id": 1303,
        "AuthId": 2274,
        "DomainId": 1765,
        "DomainName": "example.com",
        "Path": "/test",
        "IsWhite": true,
        "GatewayId": 2274,
        "GatewayUniqueId": "gw-6f0dbd108a0249d2b675b3ef50b*****",
        "GmtCreate": "2024-02-19T03:32:38.000+0000",
        "GmtModified": "2024-02-19T03:32:38.000+0000",
        "MatchType": "EQUAL",
        "IgnoreCase": true,
        "AuthResourceHeaderList": [
          {
            "HeaderKey": "x-req",
            "HeaderMethod": "EQUAL",
            "HeaderValue": "123"
          }
        ]
      }
    ],
    "AuthResourceMode": 0,
    "AuthResourceConfig": ""
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	IllegalRequest	Invalid request:%s	Invalid request: %s
400	InvalidParameter	Parameter error:%s	Request parameter error: %s
500	InternalError	Console error. Try again later:%s	Console error. Try again later: %s
403	NoPermission	You are not authorized to perform this operation:%s	You do not have the permission to use this interface:%s
404	NotFound	Not found:%s	The resource does not exist:%s

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.