Image access control APIs

CCR

  • Enterprise Edition API Reference
    • Appendix
    • Common Headers and Error Code
    • Enterprise Edition Instance APIs
    • Helm Chart Management Interface
    • Image access control APIs
    • Image Access Credential APIs
    • Image API
    • Image Migration APIs
    • Image On-demand Loading APIs
    • Image Registry APIs
    • Image Synchronization APIs
    • Namespace APIs
    • Overview
    • Service domain
    • Trigger APIs
  • Enterprise Edition Go-SDK
    • Enterprise Edition Instance
    • Initialization
    • Install the SDK Package
    • Overview
  • Enterprise Edition Operation Guide
    • Access configuration
      • Configure Access credentials
      • Configure Custom Endpoint
      • Configure IAM Access Control
      • Configure IAM Tag Permission Policy
      • Configure Robot Account
      • Network Access Control
        • Configure public network access control
        • Configure virtual private cloud access control
        • Network Access Control Overview
    • Container DevOps
      • Manage Trigger
    • Create Enterprise Edition Instance
    • Distribution Management
      • Cross-Instance Synchronization of Image
      • On-Demand Loading of Container Image
      • Using P2P Acceleration in CCE Clusters
    • Event notification
      • Configure Event Notification Alert
      • Image Push Failure Error Code and Handling Methods
    • Image Build
      • Build Based on Existing Image
    • Image Cleanup
      • Clean BOS Storage Space
      • Delete image version
      • Version Retention
    • Image Migration
      • Migrate External Image to Enterprise Edition Instance
    • Image security
      • Immutable image version
      • Security Scanning Container Image
    • Manage Namespace
    • OCI Artifact Management
      • Manage Helm Chart
      • Manage Image Registry
      • OCI Artifact Management Overview
  • Function Release Records
  • Personal Edition API Reference
    • Helm API
    • Image API
    • Image Migration APIs
    • Image Version and Image Version Scanning Interface
    • Namespace APIs
    • Overview
    • User APIs
  • Personal Edition Documentation Set
    • Account Permission Management
    • Cloud Container Engine (CCE) migration to CCR
    • Container Image Service Basic Operations
    • How to Perform Image Scanning
    • How to Upload Helm Chart
    • How to use the DockerHub image accelerator
  • Product Announcement
    • CCR Enterprise Edition Pricing Announcement
    • CCR Enterprise Edition Public Beta Announcement
    • CCR Personal Edition Announcement on Closing New Entry
    • CCR Personal Edition Announcement on Disabling Image Scanning Function
  • Product introduction
    • Core concepts
    • Enterprise Edition Different Specifications Differentiation Description
    • Key functions
    • Product advantages
    • Product Introduction
  • Product pricing
    • Billing overview
  • Quick Start
    • Enterprise Edition Quick Start
    • How to Build Docker Image
  • Service Level Agreement (SLA)
    • CCR Enterprise Edition Service Level Agreement
All documents
menu
No results found, please re-enter

CCR

  • Enterprise Edition API Reference
    • Appendix
    • Common Headers and Error Code
    • Enterprise Edition Instance APIs
    • Helm Chart Management Interface
    • Image access control APIs
    • Image Access Credential APIs
    • Image API
    • Image Migration APIs
    • Image On-demand Loading APIs
    • Image Registry APIs
    • Image Synchronization APIs
    • Namespace APIs
    • Overview
    • Service domain
    • Trigger APIs
  • Enterprise Edition Go-SDK
    • Enterprise Edition Instance
    • Initialization
    • Install the SDK Package
    • Overview
  • Enterprise Edition Operation Guide
    • Access configuration
      • Configure Access credentials
      • Configure Custom Endpoint
      • Configure IAM Access Control
      • Configure IAM Tag Permission Policy
      • Configure Robot Account
      • Network Access Control
        • Configure public network access control
        • Configure virtual private cloud access control
        • Network Access Control Overview
    • Container DevOps
      • Manage Trigger
    • Create Enterprise Edition Instance
    • Distribution Management
      • Cross-Instance Synchronization of Image
      • On-Demand Loading of Container Image
      • Using P2P Acceleration in CCE Clusters
    • Event notification
      • Configure Event Notification Alert
      • Image Push Failure Error Code and Handling Methods
    • Image Build
      • Build Based on Existing Image
    • Image Cleanup
      • Clean BOS Storage Space
      • Delete image version
      • Version Retention
    • Image Migration
      • Migrate External Image to Enterprise Edition Instance
    • Image security
      • Immutable image version
      • Security Scanning Container Image
    • Manage Namespace
    • OCI Artifact Management
      • Manage Helm Chart
      • Manage Image Registry
      • OCI Artifact Management Overview
  • Function Release Records
  • Personal Edition API Reference
    • Helm API
    • Image API
    • Image Migration APIs
    • Image Version and Image Version Scanning Interface
    • Namespace APIs
    • Overview
    • User APIs
  • Personal Edition Documentation Set
    • Account Permission Management
    • Cloud Container Engine (CCE) migration to CCR
    • Container Image Service Basic Operations
    • How to Perform Image Scanning
    • How to Upload Helm Chart
    • How to use the DockerHub image accelerator
  • Product Announcement
    • CCR Enterprise Edition Pricing Announcement
    • CCR Enterprise Edition Public Beta Announcement
    • CCR Personal Edition Announcement on Closing New Entry
    • CCR Personal Edition Announcement on Disabling Image Scanning Function
  • Product introduction
    • Core concepts
    • Enterprise Edition Different Specifications Differentiation Description
    • Key functions
    • Product advantages
    • Product Introduction
  • Product pricing
    • Billing overview
  • Quick Start
    • Enterprise Edition Quick Start
    • How to Build Docker Image
  • Service Level Agreement (SLA)
    • CCR Enterprise Edition Service Level Agreement
  • Document center
  • arrow
  • CCR
  • arrow
  • Enterprise Edition API Reference
  • arrow
  • Image access control APIs
Table of contents on this page
  • Prerequisites
  • Add Virtual Private Cloud
  • Retrieve list of Virtual Private Cloud
  • Delete Virtual Private Cloud
  • Retrieve public network
  • Update public network
  • Add public network allow list
  • Delete public network allow list

Image access control APIs

Updated at:2025-11-03

Prerequisites

  • Successfully [Create Enterprise Edition Instance](CCR/Enterprise Edition API Reference/Enterprise Edition Instance APIs.md).

Add Virtual Private Cloud

API description

Add a Virtual Private Cloud (VPC) to link it with the specified CCR instance. Once successfully added, the CCR instance can be accessed via the internal domain name within the VPC.

Request structure

Plain Text 
1POST /v1/instances/{instanceId}/privatelinks HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: authorization string
4
5{
6    "subnetID": "{subnetID}",
7    "vpcID": "{vpcID}",
8    "ipType": "{ipType}",
9    "ipAddress": "{ipAddress}",
10    "autoDnsResolve": {autoDnsResolve}
11}

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Required or not Parameter location Description
instanceId String Yes Path CCR instance ID
vpcID String Yes Body Virtual Private Cloud ID
subnetID String Yes Body Virtual Private Cloud subnet ID
ipType String Yes Body IP allocation method, options: auto, and manual which indicating automatic allocation and manual specification respectively
ipAddress String No Body It is required when ipType is manual, and is the available IP within the subnet
autoDnsResolve Boolean Yes Body Automatic DNS resolution, valid values: true and false

Response headers

There are no special headers required beyond the common headers.

Response parameters

No response parameters available.

Request example

Plain Text 
1POST /v1/instances/ccr-4k74gw7d/privatelinks HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: bce-auth-v1/123456/2022-08-01T08:26:41Z/1800/host/0a859ce949951fe15a4eb6874a9765f9e8a6f7147f206cf47e270c34c862b8c6
4
5{
6    "subnetID": "sbn-qeimde0m7wyp",
7    "vpcID": "vpc-9070rw5u03rs",
8    "ipType": "auto",
9    "ipAddress": "",
10    "autoDnsResolve": true
11}

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json; charset=utf-8
3Date: Mon, 01 Aug 2022 08:26:41 GMT
4X-Bce-Gateway-Region: BJ
5X-Bce-Request-Id: 6cee2df3-0505-4044-9f12-65db07ebbcd7

Retrieve list of Virtual Private Cloud

API description

List the Virtual Private Clouds associated with the current CCR instance.

Request structure

Plain Text 
1GET /v1/instances/{instanceId}/privatelinks HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Required or not Parameter location Description
instanceId String Yes Path CCR instance ID

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
domain String Virtual private cloud domain name
items List<[Privatelinks](CCR/Enterprise Edition API Reference/Appendix.md#Privatelinks)> List of Virtual Private Cloud results

Request example

Plain Text 
1GET /v1/instances/ccr-4k74gw7d/privatelinks HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: bce-auth-v1/123456/2022-08-01T08:26:41Z/1800/host/0a859ce949951fe15a4eb6874a9765f9e8a6f7147f206cf47e270c34c862b8c6

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json; charset=utf-8
3Date: Mon, 01 Aug 2022 08:26:41 GMT
4X-Bce-Gateway-Region: BJ
5X-Bce-Request-Id: 6cee2df3-0505-4044-9f12-65db07ebbcd7
6
7{
8    "domain": "ccr-4k74gw7d-vpc.cnc.bd.baidubce.com",
9    "items": [
10        {
11            "vpcID": "vpc-x83j8k5dh9w9",
12            "subnetID": "sbn-cc2kfp5qzmz3",
13            "serviceNetID":"",
14            "status": "failed",
15            "ipAddress": "192.168.145.2"
16        },
17        {
18            "vpcID": "vpc-9070rw5u03rs",
19            "subnetID": "sbn-qeimde0m7wyp",
20            "serviceNetID":""
21            "status": "failed",
22            "ipAddress": ""
23        }
24    ]
25}

Delete Virtual Private Cloud

API description

Remove the link between the specified Virtual Private Cloud and the current CCR instance. Once unlinked, the CCR instance will no longer be accessible within the VPC.

Request structure

Plain Text 
1DELETE /v1/instances/{instanceId}/privatelinks HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: authorization string
4
5{
6    "vpcID": "{vpcID}",
7    "subnetID": "{subnetID}"
8}

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Required or not Parameter location Description
instanceId String Yes Path CCR instance ID
vpcID String Yes Body Virtual Private Cloud ID
subnetID String Yes Body Virtual Private Cloud subnet ID

Response headers

There are no special headers required beyond the common headers.

Response parameters

No response parameters available.

Request example

Plain Text 
1DELETE /v1/instances/ccr-4k74gw7d/privatelinks HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: bce-auth-v1/123456/2022-08-01T08:26:41Z/1800/host/0a859ce949951fe15a4eb6874a9765f9e8a6f7147f206cf47e270c34c862b8c6
4{
5    "vpcID": "vpc-9070rw5u03rs",
6    "subnetID": "sbn-qeimde0m7wyp"
7}

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json; charset=utf-8
3Date: Mon, 01 Aug 2022 08:26:41 GMT
4X-Bce-Gateway-Region: BJ
5X-Bce-Request-Id: 6cee2df3-0505-4044-9f12-65db07ebbcd7

Retrieve public network

API description

Get the public network configuration details of the current CCR instance.

Request structure

Plain Text 
1GET /v1/instances/{instanceId}/publiclinks HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Required or not Parameter location Description
instanceId String Yes Path CCR instance ID

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
domain String Public network endpoint
status String Status of public network access point
whitelist List<[Whitelist](CCR/Enterprise Edition API Reference/Appendix.md#Whitelist)> Allow list

Request example

Plain Text 
1GET /v1/instances/ccr-4k74gw7d/publiclinks HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: bce-auth-v1/123456/2022-08-01T08:26:41Z/1800/host/0a859ce949951fe15a4eb6874a9765f9e8a6f7147f206cf47e270c34c862b8c6

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json; charset=utf-8
3Date: Mon, 01 Aug 2022 08:26:41 GMT
4X-Bce-Gateway-Region: BJ
5X-Bce-Request-Id: 6cee2df3-0505-4044-9f12-65db07ebbcd7
6
7{
8    "domain": "ccr-4k74gw7d-pub.cnc.bd.baidubce.com",
9    "status": "opened",
10    "whitelist": [
11        {
12            "ipAddr": "0.0.0.0/0",
13            "description": ""
14        },
15        {
16            "ipAddr": "192.168.1.1",
17            "description": ""
18        },
19        {
20            "ipAddr": "192.168.0.1/24",
21            "description": "test"
22        }
23    ]
24}

Update public network

API description

Update the public network settings for a CCR instance. Supported operations include enabling or disabling the public network.

Request structure

Plain Text 
1PUT /v1/instances/{instanceId}/publiclinks HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: authorization string
4
5{
6    "action":"{action}"
7}

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Required or not Parameter location Description
instanceId String Yes Path CCR instance ID
action String Yes Body Update public network. Valid values: open and close which indicate that public network access point is enabled or disabled respectively.

Response headers

There are no special headers required beyond the common headers.

Response parameters

No response parameters available.

Request example

Plain Text 
1GET /v1/instances/ccr-4k74gw7d/publiclinks HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: bce-auth-v1/123456/2022-08-01T08:26:41Z/1800/host/0a859ce949951fe15a4eb6874a9765f9e8a6f7147f206cf47e270c34c862b8c6
4
5{
6     "action":"open"
7}

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json; charset=utf-8
3Date: Mon, 01 Aug 2022 08:26:41 GMT
4X-Bce-Gateway-Region: BJ
5X-Bce-Request-Id: 6cee2df3-0505-4044-9f12-65db07ebbcd7

Add public network allow list

API description

Add the public network access allowlist to the current CCR instance.

Request structure

Plain Text 
1POST /v1/instances/{instanceId}/publiclinks/whitelist HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: authorization string
4
5{
6    "ipAddr": "{ipAddr}",
7    "description": "{description}"
8}

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Required or not Parameter location Description
instanceId String Yes Path CCR instance D
ipAddr String Yes Body Allow list IP address
description String Yes Body Allow list description

Response headers

There are no special headers required beyond the common headers.

Response parameters

No response parameters available.

Request example

Plain Text 
1POST /v1/instances/ccr-4k74gw7d/publiclinks/whitelist HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: bce-auth-v1/123456/2022-08-01T08:26:41Z/1800/host/0a859ce949951fe15a4eb6874a9765f9e8a6f7147f206cf47e270c34c862b8c6
4
5{
6    "ipAddr": "220.181.108.178",
7    "description": "office ip"
8}

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json; charset=utf-8
3Date: Mon, 01 Aug 2022 08:26:41 GMT
4X-Bce-Gateway-Region: BJ
5X-Bce-Request-Id: 6cee2df3-0505-4044-9f12-65db07ebbcd7

Delete public network allow list

API description

Remove the public network access allowlist from the current CCR instance.

Request structure

Plain Text 
1DELETE  /v1/instances/{instanceId}/publiclinks/whitelist HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: authorization string
4
5{
6     "items":{items}
7}

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Required or not Parameter location Description
instanceId String Yes Path CCR instance ID
items List<String> Yes Body Allow list IP array

Response headers

There are no special headers required beyond the common headers.

Response parameters

No response parameters available.

Request example

Plain Text 
1DELETE /v1/instances/ccr-4k74gw7d/publiclinks/whitelist HTTP/1.1
2Host: ccr.bd.baidubce.com
3Authorization: bce-auth-v1/123456/2022-08-01T08:26:41Z/1800/host/0a859ce949951fe15a4eb6874a9765f9e8a6f7147f206cf47e270c34c862b8c6
4    
5{
6    "items":[
7        "220.198.76.116",
8        "192.168.0.1/24"
9    ]
10}

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json; charset=utf-8
3Date: Mon, 01 Aug 2022 08:26:41 GMT
4X-Bce-Gateway-Region: BJ
5X-Bce-Request-Id: 6cee2df3-0505-4044-9f12-65db07ebbcd7

Previous
Helm Chart Management Interface
Next
Image Access Credential APIs