All Products
Search

This Product

    Mobile Platform as a Service:Set up JSAPI authentication

    Document Center

    Mobile Platform as a Service:Set up JSAPI authentication

    Last Updated:Jan 26, 2026

    In mPaaS, we recommend that you add access control over all JavaScript APIs (JSAPIs). You can set a provider to add access control.

    1. Set a custom access control provider.

      public class H5JSApiPermissionProviderImpl implements H5JSApiPermissionProvider {
    @Override
    public boolean hasDomainPermission(String jsapi, String url) {
        // In this method, verify all JSAPI requests for all URLs. Allow only secure URLs.
        // true means the JSAPI can be invoked. false means it cannot.
        // Note: This code is for reference only. Verify the URL and JSAPI as needed.
        // Also, check that the jsapi, url, and uri parameters are not null to prevent a NullPointerException.
        Uri uri = Uri.parse(url);
        String domain = uri.getHost();
        String scheme = uri.getScheme();
        if (!TextUtils.isEmpty(domain) && domain.equals("www.example.com") && "https".equals(scheme)) {
            return true;
        } else {
            return false;
        }
    }

    @Override
    public boolean hasThisPermission(String jsapi, String url) {
        // Simply return false by default.
        return false;
    }
}
      Important

      Match URLs precisely. Ensure that the match includes at least the URI scheme and host. Use regular expressions with caution, or avoid them. Do not use imprecise functions such as contains, startsWith, endsWith, or indexOf.

    2. Set the provider after mPaaS is initialized but before the container is invoked.

      H5Utils.setProvider(H5JSApiPermissionProvider.class.getName(), new H5JSApiPermissionProviderImpl());