Creates a custom security policy.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateSecurityPolicy

The operation that you want to perform. Set the value to CreateSecurityPolicy.

ClientToken String No 593B0448-D13E-4C56-AC0D-FDF0FDE0E9A3

The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that it is unique among different requests. The token can contain only ASCII characters and cannot exceed 64 characters in length.

Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The ID of each request is unique.
DryRun Boolean No true

Specifies whether only to precheck the request. Valid values:

  • true: only prechecks the request and does not perform the requested operation. The system checks the required parameters, request format, and service limits. If the request fails the precheck, an error code is returned based on the cause of the failure. If the request passes the precheck, the DryRunOperation error code is returned.
  • false: prechecks the request and performs the requested operation. After the request passes the precheck, an HTTP 2xx status code is returned and the system performs the operation. This is the default value.
TLSVersions Array of String Yes TLSv1.0

The supported versions of the Transport Layer Security (TLS) protocol. Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.

ResourceGroupId String No rg-atstuj3rtop****

The ID of the resource group.

SecurityPolicyName String Yes test-secrity

The name of the security policy.

The name must be 2 to 128 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-). The name must start with a letter.

Ciphers Array of String Yes ECDHE-ECDSA-AES128-SHA

The supported cipher suites, which are determined by the TLS protocol version.

The specified cipher suites must be supported by at least one TLS protocol version that you specify.

Note For example, if you set the TLSVersions parameter to TLSv1.3, you must specify cipher suites that are supported by TLS 1.3.
  • TLS 1.0 and TLS 1.1 support the following cipher suites:
    • AES128-SHA
    • AES256-SHA
    • DES-CBC3-SHA
  • TLS 1.2 supports the following cipher suites:
    • AES128-SHA
    • AES256-SHA
    • DES-CBC3-SHA
    • ECDHE-RSA-AES128-SHA256
    • ECDHE-RSA-AES256-SHA384
    • AES128-GCM-SHA256
    • AES256-GCM-SHA384
    • AES128-SHA256
    • AES256-SHA256
  • TLS 1.3 supports the following cipher suites:
    • TLS_AES_128_GCM_SHA256
    • TLS_AES_256_GCM_SHA384
    • TLS_CHACHA20_POLY1305_SHA256
    • TLS_AES_128_CCM_SHA256
    • TLS_AES_128_CCM_8_SHA256

Response parameters

Parameter Type Example Description
RequestId String 593B0448-D13E-4C56-AC0D-FDF0FDE0E9A3

The ID of the request.

SecurityPolicyId String scp-bp1bpn0kn9****

The ID of the security policy.


Sample requests

&Ciphers=[" ECDHE-ECDSA-AES128-SHA"]
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK


JSON format

HTTP/1.1 200 OK

  "RequestId" : "593B0448-D13E-4C56-AC0D-FDF0FDE0E9A3",
  "SecurityPolicyId" : "scp-bp1bpn0kn9****"

Error codes

HTTP status code Error code Error message Description
400 QuotaExceeded.SecurityPoliciesNum The quota of %s is exceeded, usage %s/%s. The error message returned because the usage %s has exceeded the quota %s.

For a list of error codes, visit the API Error Center.