Application Management

Last updated: 2021-06-04 18:02:14

    Overview

    An application is an identity that calls an API. It needs to be authorized by the API before it can call the API. Each application has a key pair of ApiAppKey and ApiAppSecret. ApiAppKey needs to be passed in as a parameter in the header of a request, and ApiAppSecret needs to be used to calculate the request signature. For more information on the signature calculation method, please see Application Authentication Method.

    Prerequisites

    The API authentication method is "application authentication".

    Directions

    Application creation

    1. Log in to the API Gateway console and click Application on the left sidebar to enter the application management page.
    2. On the application management page, click Create Application in the top-left corner, fill in the form, and submit it to create an application.

    API authorization

    Authorization refers to granting an application the permission to call an API. The application needs to be authorized by the API first before it can call the API. There are two ways of authorization:

    Authorization Method Applicable Scenario Description
    Direct authorization Application created by yourself -
    Partner authorization Use the APIs provided by partners (other accounts) Create your own application and provide its ID to the API provider. The API provider can search for the application ID to perform authorization

    You can click the following tabs to view the directions of the corresponding authorization method.

    1. Log in to the API Gateway console and click Service on the left sidebar.
    2. In the service list, click the name of the target service to view it.
    3. In the service information, click the Manage API tab and click Authorization behind the API list to start authorization.
    4. Select the environment and application to be authorized. Your applications are on the left. Click Search directly, and the applications under the current account will be automatically loaded.

    Notes

    • The key pair of AppKey and AppSecret has all the permissions of the application and should be kept private. If it is disclosed, you can reset it in the API Gateway console.
    • You can create multiple applications and authorize them to different APIs according to your business needs.
    • You can create, modify, and delete applications, view application details, manage keys, and view authorized APIs in the API Gateway console.