You can grant other workspaces the permissions to call an API after you publish the API or view the APIs that your workspace is granted the permissions to call to implement data sharing. This topic describes how to grant required permissions to call an API in different scenarios.
Prerequisites
You can unpublish, authorize access to, or change the protocols of APIs only after the APIs are published. For more information, see Publish an API.
Go to the Manage APIs page
Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, choose . On the page that appears, select the desired workspace from the drop-down list and click Go to DataService Studio.
In the top navigation bar of the DataService Studio page, click Service Management. The Published APIs tab appears.
Grant permissions to call an API
On the Published APIs tab, find the desired API and click Authorize in the Actions column.
In the API Authorization dialog box, configure the parameters.
Parameter
Description
API Name
The name of the API that you want to grant a workspace the permissions to call. You cannot change the value of this parameter.
Tenant Account ID
The ID of the Alibaba Cloud account to which you want to grant the permissions to call the API. You can go to the Security Settings page of Account Center to view the account ID.
Authorized Workspace
The name of the workspace to which you want to grant the permissions to call the API. You can select a workspace that belongs to the current Alibaba Cloud account from the drop-down list.
Validity Period
The validity period of the permissions to call the API. Valid values: Limited and Unlimited.
Limited: You must select an expiration date. The workspace can call the API only before the expiration date.
Unlimited: The workspace can permanently call the API.
Click OK.
On the Published APIs tab, you can also perform the following operations:
Find the desired API and click Unpublish in the Actions column. In the Unpublish API message, click OK to unpublish the API.
NoteIf you unpublish or delete an API after you grant a workspace the permissions to call the API, the workspace can no longer call the API.
If you republish an API after you unpublish or modify the API, you must grant the related workspace the permissions to call the API again.
Find the desired API and click Test in the Actions column to test the API on the Test APIs page. For more information, see Test an API.
Find the desired API, move the pointer over More, and then select Change Protocol. In the Change Protocol dialog box, change the protocol that is used by the API and click OK.
NoteIf you delete a protocol, the API can no longer be called by using the protocol. Proceed with caution when you perform this operation.
The protocol change takes effect in real time.
View the APIs that your workspace is granted the permissions to call
On the Manage APIs page, click the Authorized to Use tab to view the APIs that your workspace is granted the permissions to call.
You can perform the following operations on the APIs that your workspace is granted the permissions to call:
Find the desired API and click Test in the Actions column to test the API on the Test APIs page. For more information, see Test an API.
Find the desired API and click Delete in the Actions column. In the Delete authorized message, click OK.
View the APIs that you grant other workspaces the permissions to call
On the Manage APIs page, click the Authorize Others to Use tab to view the APIs that you grant other workspaces the permissions to call.
You can perform the following operations on the APIs that you grant other workspaces the permissions to call:
Find the desired API and click Test in the Actions column to test the API on the Test APIs page. For more information, see Test an API.
Find the desired API and click Manage in the Actions column. In the Authorization dialog box, click Revoke or Change in the Actions column to revoke the permissions from or modify the permissions of a workspace on the API.
API authorization feature
The API authorization feature is used to grant applications the permissions to call APIs. An application is an identity that is used to call an API. To call an API, you must grant the application the permissions to call the API. By default, Alibaba Cloud APP that is supported by DataWorks DataService Studio is used for user identity authentication during API calls in a workspace. DataWorks DataService Studio grants the application that has the same name as the workspace the permissions to call an API in the workspace. In this case, the caller can use the AppCode, AppKey, and AppSecret of the application to call the API in a secure manner. For more information, see View the authentication information for calling APIs.
When you call an API, you may encounter specific issues, such as how to identify and distinguish the source of the call and how to properly allocate authentication information to authenticate a call. This section describes how to grant permissions to call DataService Studio APIs at different granularities in different scenarios based on your business requirements.