百度智能云

All Product Document

          API Gateway

          Access Control

          Access control is one of the security components provided by the API gateway. You can configure a control policy based on the request source IP, user's account ID (ACCOUNT ID), or application AK (APP KEY) to decide whether calling the specified API is allowed.

          There are two types of access control, namely allow and prohibit:

          image.png

          Privilege: This type of access control only allows requests that meet the policy to pass.

          Prohibit: This type of access control will reject requests that meet the policy.

          There are two conditions for the access control policy to take effect: satisfying any one policy and satisfying all policies at the same time:

          image.png

          Meet any policy: When the access control type is allowed, the request only needs to meet any one of the policies. When all the policies are not satisfied, it will be rejected; when the access control type is forbidden, the request will meet any one of the policies. Rejected, the request will go through when none is met.

          Meet all policies at the same time: When the access control type is allowed, the request must meet all the policies at the same time to be allowed to be forwarded to the backend, and the rest will be rejected; When the access control type is forbidden, the request will be rejected and forwarded to the back-end only when all policy conditions are met, and the other conditions will be judged as allowed.

          Create Access Control

          1.Select "Access Control" and click "New Access Control" to create a new access control.

          image.png

          2.There are two types of access control, "Allow" and "Forbidden", corresponding to allow and deny requests respectively.

          image.png

          3.The access control policy effective conditions are also divided into two types: satisfying any one policy and satisfying all policies at the same time, which are defined as explained above.

          image.png

          Fill in the corresponding information, and after selecting the access control type, click "Confirm" to complete the creation.

          Policy Addition

          An access control can add up to 3 policy items, corresponding to three different dimensions: source IP, user's account ID (ACCOUNT ID) or application AK (APP KEY). According to the type of access control and the effective conditions of the policy, the API gateway will choose to allow or deny the request.

          1.In the access control details page, click "Add Policy Item" to add a policy item:

          image.png

          You can also click Manage under the "Control Policy" column on the access control list page to enter the access control details and add policy items:

          image.png

          2.After opening the policy item’s add dialog box, select the policy dimension and add the policy item of the corresponding dimension. For example, the policy item corresponding to the IP dimension is the IP of the request source, then fill in the policy item as the IP or IP segment to be effective; The policy item corresponding to the AK dimension is the app key corresponding to the request source, and fill in the app key to take effect; the policy item corresponding to the account ID dimension is the requested account ID, and the policy item to be filled in is the user's account ID. More than one policy item can be filled in (please use line breaks or ";" to separate multiple items, if any, and the number should not exceed 50):

          image.png

          Edit Policy

          In the details page of access control, you can edit the policy and change its specific policy items:

          image.png

          Policy Deletion

          In the details page of access control, click "Delete" button of the corresponding policy, and delete the policy after confirmation.

          image.png

          API Binding

          One API has test, pre-release and on-line environments, and each environment can bind only one access control. If the API which has bound the access control is bound to the new access control, the new access control can override the old access control for the API.

          1.In the access control details page, click "Binding API List" and then click "Binding API" to bind the API:
          image.png

          Or click "Manage” under the "Binding API Quantity" column on the access control list page, and then click "Binding API" to bind:

          image.png

          2.After opening the API binding dialog box, select the API to be bound:

          image.png

          Note: If one policy has been bound to the API, the policy is overwritten by the currently bound policy.

          API Unbinding

          In the details page of access control, click "Unbind" under the corresponding API "Operation" column in the "Bound API List":

          To unbind multiple APIs, tick the corresponding API, and then click "Batch Unbundling":

          Edit Access Control

          There is an entry to edit access control on the list page and detail page of access control.

          image.png

          image.png

          After clicking the edit button, you can edit the name, type, description and other information of the access control.

          image.png

          After editing, click OK to save the edited content.

          Delete Access Control

          In the access control list, click "Delete" under the "Operation" column, and delete the IP access control after confirmation:

          image.png

          Previous
          APP Management
          Next
          Traffic Control Management