All Products
Search

This Product

    Mobile Platform as a Service:Mini Program permission control

    Document Center

    Mobile Platform as a Service:Mini Program permission control

    Last Updated:Jan 26, 2026

    To control the access scope of the Mini Program in the App, you can add Server domain name whitelist, API whitelist, and Built-in WebView domain name whitelist for the Mini Program in the mPaaS console. After the Mini Program permission control switch is turned on, only the resources added to the whitelist can be accessed or used by the current Mini Program.

    • Server domain name whitelist: A whitelist for the domain names of target servers in my.request calls. The domain name is specified in the URL input parameter. This whitelist supports the HTTPS protocol. You can add up to 30 domain names.

    • API whitelist: A whitelist of APIs that the miniapp can call. If you enable access control, the miniapp cannot call APIs that are not on this whitelist.

      Note

      By default, APIs provided on the official mPaaS website are included in the permission file and do not require configuration. You only need to configure your custom APIs.

    • Built-in WebView domain name whitelist: A whitelist of URLs for the web-view component. This whitelist supports the HTTPS protocol.

    Prerequisites

    You have created a miniapp in Miniapp Package Management.

    Select a miniapp

    At the top of the page, select an existing miniapp from the drop-down list. After you make a selection, the name and AppId of the miniapp are displayed below.

    Note

    Miniapps that you create on the Miniapp Package Management tab are synchronized to this drop-down list in real time.

    Permission control switch

    Through the Mini Program permission control switch, you can choose whether to enable the Server domain name whitelist, API whitelist, and Built-in WebView domain name whitelist, so as to realize the permission control of the selected Mini Program.

    Server domain name whitelist

    In the whitelist configuration area below, you can add server domain names to the whitelist.

    Add a server domain name to the whitelist

    1. Log in to the mPaaS console and select an application. In the left navigation bar, select Mini Program > Release Mini Program.

    2. Select the Manage open platform Mini Program tab, and click Add in the Server domain name whitelist tab below.

    3. In the pop-up Add server domain name whitelist window, enter the following information:

      • Domain name: Required. Only the server domain name of HTTPS protocol is supported here. For non-HTTPS domain names, it will be intercepted when calling.

      • Remark: Optional, enter the description of this domain name, up to 200 characters.

    4. Click OK.

    Note

    You can add a maximum of 30 server domain names to the whitelist.

    Edit or delete a server domain name

    You can edit any server domain name in the whitelist. Click Edit in the Operation column to change the server domain name and its description.

    To delete a server domain name from the whitelist, click Delete in the Operation column, and then click OK in the confirmation dialog box.

    API whitelist

    In the whitelist configuration area below, you can add miniapp APIs to the whitelist.

    Add an API to the whitelist

    1. Log in to the mPaaS console and select an application. In the left navigation bar, select Mini Program > Release Mini Program.

    2. Select the Manage open platform Mini Program tab, and click Add in the API whitelist tab below.

    3. In the pop-up Add Mini Program API Whitelist window, enter the following information:

      • API: The API to be added to the whitelist.

      • Remark: Optional, enter the description information of this API, up to 200 characters.

    4. Click OK.

    Edit or delete an API

    You can edit any API in the whitelist. Click Edit in the Operation column to change the API and its description.

    To delete an API from the whitelist, click Delete in the Operation column, and then click OK in the confirmation dialog box.

    Built-in WebView domain name whitelist

    In the whitelist configuration area below, you can add embedded WebView domain names to the whitelist.

    Add a built-in WebView domain name to the whitelist

    1. Log in to the mPaaS console and select an application. In the left navigation bar, select Mini Program > Release Mini Program.

    2. Select the Manage open platform Mini Program tab, and click Add in the Built-in WebView domain name whitelist tab below.

    3. In the pop-up Add WebView domain Name whitelist window, enter the following information:

      • Domain name: Required. Only the server domain name of HTTPS protocol is supported here. For non-HTTPS domain names, it will be intercepted when calling.

      • Remark: Optional, enter the description of this domain name, up to 200 characters.

    4. Click OK.

    Edit/delete a built-in WebView domain name

    You can edit any WebView domain name in the whitelist. Click Edit in the Operation column to change the WebView domain name and its description.

    To delete a WebView domain name from the whitelist, click Delete in the Operation column, and then click OK in the confirmation dialog box.