All Products
Search
Document Center

DataWorks:Grant permissions to call an API

Last Updated:Nov 15, 2024

You can grant other workspaces the permissions to call an API after you publish the API or view the APIs that your workspace is granted the permissions to call to implement data sharing. This topic describes how to grant required permissions to call an API in different scenarios.

Prerequisites

You can unpublish, authorize access to, or change the protocols of APIs only after the APIs are published. For more information, see Publish an API.

Go to the Manage APIs page

  1. Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, choose Data Development and Governance > DataService Studio. On the page that appears, select the desired workspace from the drop-down list and click Go to DataService Studio.

  2. In the top navigation bar of the DataService Studio page, click Service Management. The Published APIs tab appears.

Grant permissions to call an API

  1. On the Published APIs tab, find the desired API and click Authorize in the Actions column.

  2. In the API Authorization dialog box, configure the parameters.

    API授权

    Parameter

    Description

    API Name

    The name of the API that you want to grant a workspace the permissions to call. You cannot change the value of this parameter.

    Tenant Account ID

    The ID of the Alibaba Cloud account to which you want to grant the permissions to call the API. You can go to the Security Settings page of Account Center to view the account ID.

    Authorized Workspace

    The name of the workspace to which you want to grant the permissions to call the API. You can select a workspace that belongs to the current Alibaba Cloud account from the drop-down list.

    Validity Period

    The validity period of the permissions to call the API. Valid values: Limited and Unlimited.

    • Limited: You must select an expiration date. The workspace can call the API only before the expiration date.

    • Unlimited: The workspace can permanently call the API.

  3. Click OK.

    On the Published APIs tab, you can also perform the following operations:

    • Find the desired API and click Unpublish in the Actions column. In the Unpublish API message, click OK to unpublish the API.

      Note
      • If you unpublish or delete an API after you grant a workspace the permissions to call the API, the workspace can no longer call the API.

      • If you republish an API after you unpublish or modify the API, you must grant the related workspace the permissions to call the API again.

    • Find the desired API and click Test in the Actions column to test the API on the Test APIs page. For more information, see Test an API.

    • Find the desired API, move the pointer over More, and then select Change Protocol. In the Change Protocol dialog box, change the protocol that is used by the API and click OK.

      Note
      • If you delete a protocol, the API can no longer be called by using the protocol. Proceed with caution when you perform this operation.

      • The protocol change takes effect in real time.

View the APIs that your workspace is granted the permissions to call

On the Manage APIs page, click the Authorized to Use tab to view the APIs that your workspace is granted the permissions to call.

You can perform the following operations on the APIs that your workspace is granted the permissions to call:

  • Find the desired API and click Test in the Actions column to test the API on the Test APIs page. For more information, see Test an API.

  • Find the desired API and click Delete in the Actions column. In the Delete authorized message, click OK.

View the APIs that you grant other workspaces the permissions to call

On the Manage APIs page, click the Authorize Others to Use tab to view the APIs that you grant other workspaces the permissions to call.

You can perform the following operations on the APIs that you grant other workspaces the permissions to call:

  • Find the desired API and click Test in the Actions column to test the API on the Test APIs page. For more information, see Test an API.

  • Find the desired API and click Manage in the Actions column. In the Authorization dialog box, click Revoke or Change in the Actions column to revoke the permissions from or modify the permissions of a workspace on the API.

API authorization feature

The API authorization feature is used to grant applications the permissions to call APIs. An application is an identity that is used to call an API. To call an API, you must grant the application the permissions to call the API. By default, Alibaba Cloud APP that is supported by DataWorks DataService Studio is used for user identity authentication during API calls in a workspace. DataWorks DataService Studio grants the application that has the same name as the workspace the permissions to call an API in the workspace. In this case, the caller can use the AppCode, AppKey, and AppSecret of the application to call the API in a secure manner. For more information, see View the authentication information for calling APIs.

When you call an API, you may encounter specific issues, such as how to identify and distinguish the source of the call and how to properly allocate authentication information to authenticate a call. This section describes how to grant permissions to call DataService Studio APIs at different granularities in different scenarios based on your business requirements.

Scenario 1: Members in a DataWorks workspace use the same application to call APIs

场景1

Scenario 2: Each RAM user uses a separate application that belongs to the RAM user to call APIs

场景2

Scenario 3: RAM users in the same group use the same application to call APIs

场景3