Authorize enterprise security group rules
Updated at:2025-10-16
Description
This API is used to authorize new security group rules within an enterprise security group.
- The number of enterprise security group rules authorized per operation must not exceed 20;
Request structure
Plain Text
1PUT /v{version}/enterprise/security/{enterpriseSecurityGroupId}?{action}&clientToken={clientToken} HTTP/1.1
2Host: bcc.bj.baidubce.com
3Authorization: authorization string
4
5{
6 "rules":{rules}
7}Request headers
There are no special headers required beyond the common headers.
Request parameters
| Parameter name | Types | Required or not | Parameter location | Description |
|---|---|---|---|---|
| version | String | Yes | URL parameter | For API version No., the current value is 1 |
| action | String | Yes | Query | Action performed on the enterprise security group, current value: authorizeRule |
| clientToken | String | No | Query | Idempotence Token, which is an ASCII string with a length not exceeding 64 bits, see details in [ClientToken Idempotence ](VPC/API Reference/General Description.md#Idempotence). |
| enterpriseSecurityGroupId | String | Yes | URL parameter | ID of the enterprise security group for which new rules are to be authorized |
| rules | List<[EnterpriseSecurityGroupRuleModel](VPC/API Reference/Appendix.md#EnterpriseSecurityGroupRuleModel)> | Yes | RequestBody | Enterprise security group rules to be authorized |
Response headers
No special headers are required beyond the standard ones.
Response parameters
No special response parameters are available.
Error code
| Error code | Error description | HTTP status code | Chinese explanation |
|---|---|---|---|
| Esg.EsgResourceNotExist | Enterprise security group resource not exist. | 404 | Target enterprise security group does not exist |
| Esg.EsgRuleActionEmpty | Enterprise security group rule action(allow or deny) is required. | 400 | Enterprise security group rule action cannot be empty |
| Esg.EsgRuleActionInvalid | Enterprise security group rule action(allow or deny) is invalid. | 400 | Enterprise security group rule action is invalid |
| Esg.EsgRuleRemarkTooLong | Enterprise security group rule remark is too long. | 400 | Enterprise security group rule remark is too long |
| Esg.EsgRuleProtocolEmpty | Enterprise security group rule protocol is required. | 400 | Enterprise security group rule protocol type cannot be empty |
| Esg.EsgRuleProtocolInvalid | Enterprise security group rule protocol is invalid. | 400 | Protocol type for enterprise security group rule is invalid |
| Esg.EsgRulePortEmpty | Enterprise security group rule portRange is required. | 400 | Enterprise security group rule port range cannot be empty |
| Esg.EsgRulePortFormatInvalid | Enterprise security group rule portRange is invalid. | 400 | Enterprise security group rule port range format is incorrect |
| Esg.EsgRulePortDuplicate | Enterprise security group rule ports in portRange is duplicate. | 400 | Enterprise security group rule port values are duplicated, e.g., 80-80 or 80,80,7000 |
| Esg.EsgRulePortOrderError | Enterprise security group rule portRange order is wrong. | 400 | Enterprise security group rule port range sequence is incorrect, e.g., 400-80 |
| Esg.EsgRuleDispersedPortSizeExceed | Enterprise security group rule dispersed ports in portRange is limited 15 . | 400 | Excessive discrete port range values for enterprise security group rule |
| Esg.EsgRulePortValueExceed | Enterprise security group rule port value is not in range 1-65535 | 400 | Enterprise security group rule port value out of range |
| Esg.EsgRulePriorityEmpty | Enterprise security group rule priority is required. | 400 | Enterprise security group rule priority cannot be empty |
| Esg.EsgRulePriorityInvalid | Enterprise security group rule priority is not in range 1-1000. | 400 | Enterprise security group rule priority value out of range |
| Esg.EsgRuleEthertypeEmpty | Enterprise security group rule ethertype is required. | 400 | Enterprise security group rule network type cannot be empty |
| Esg.EsgRuleEthertypeInvalid | Enterprise security group rule ethertype is invalid. | 400 | Network type for enterprise security group rule is invalid |
| Esg.EsgRuleIpAddressEmpty | Enterprise security group rule ip(cidr) address is required. | 400 | Enterprise security group rule source/destination IP cannot be empty |
| Esg.EsgRuleIpAddressError | Enterprise security group rule ip(cidr) address is incorrect. | 400 | Enterprise security group rule source IP/destination IP format is incorrect |
| Esg.EsgRuleDirectionEmpty | Enterprise security group rule direction is required. | 400 | Enterprise security group rule direction cannot be empty |
| Esg.EsgRuleDirectionInvalid | Enterprise security group rule direction is invalid. | 400 | Enterprise security group rule direction is invalid |
| Esg.EsgRuleDuplicated | Enterprise security group rule exist already. | 400 | Enterprise security group rule is duplicated |
| Esg.EsgRuleExceedQuota | Enterprise security group rule number over limited. | 400 | Enterprise security group rules have reached the quota |
Request example
Plain Text
1PUT /v1/enterprise/security/esg-nky7qeom?authorizeRule&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
2Host: bcc.bj.baidubce.com
3Content-Type: application/json;charset=UTF-8
4Authorization: bce-auth-v1/f81d3b34e48048fbb2634dc7882d7e21/2015-08-11T04:17:29Z/3600/host/74c506f68c65e26c633bfa104c863fffac5190fdec1ec24b7c03eb5d67d2e1de
5
6{
7 "rules": [
8 {
9 "remark": "Remarks",
10 "protocol": "tcp",
11 "portRange": "1-65535",
12 "sourcePortRange": "1-65535",
13 "direction": "ingress",
14 "sourceIp": "all",
15 "localIp": "all",
16 "priority": 1000,
17 "action": "deny",
18 "ethertype": "IPv4"
19 }
20 ]
21}Response example
Plain Text
1HTTP/1.1 200 OK
2x-bce-request-id: 1214cca7-4ad5-451d-9215-71cb844c0a50
3Date: Wed, 03 Dec 2014 06:42:19 GMT
4Content-Type: application/json;charset=UTF-8
5Server: BWS