You must apply for API permissions to call an API. This topic describes how to apply for and return API permissions.
Prerequisites
You have purchased the Data Service value-added service. For details, see Activate Dataphin.
Permissions
Only application owners can return API permissions.
Apply for an API Permission
On the Dataphin homepage, in the top navigation bar, choose Management Center > Permission Management.
In the left navigation bar, select My Permissions > Data Service Permissions, and then click the API Permissions tab. On the API Permissions tab, click the + Apply for API Permissions button in the upper-right corner.
On the API Permission Application page, configure the parameters.
Parameter
Description
Permission object
Account type
Select the account type for the API permission. You can select Application or Personal Account. Application is selected by default.
Application: If the API operation type is Create, Update, or Delete, you can authorize only applications.
Personal Account: If the account type is Personal Account and the API is in the development environment running in Basic mode, it accesses data from the production environment. Proceed with caution. If the API is in the development environment and running in Dev-Prod mode, it accesses data from the development environment.
Service project
Select the service project for the API permission. You can select multiple service projects.
API
Select APIs based on the service project and API group. You can search for APIs by using keywords in the API name, batch search and add them, or click the
icon to precisely filter by API Group.Batch Search and Add: Click Batch Search and Add. In the Batch Search dialog box, enter the names of the APIs to add. You can perform an exact search in the
service_project.API_nameformat. Separate multiple API names with a semicolon (;), a comma (,), or a newline character. You can add up to 50 APIs.NoteWhen applying for an API permission for a personal account, you must select a service project you have joined to ensure a successful application.
API environment
This parameter is required when the account type is Application. Select the API's running environment. You can select Development Environment, Production Environment, or both.
NoteThe API runs in the selected environment, using the configuration submitted to the development environment or published to the production environment, respectively.
Application
This parameter is required when the account type is Application. Select applications from an application group. You can select only applications that you have joined. You can search for applications by using keywords in the application name, batch search and add them, or click the
icon to precisely filter by Application Group.Batch Search and Add: Click Batch Search and Add. In the Batch Search dialog box, enter the names of the applications to add. You can perform an exact search in the
application_group.application_nameformat. Separate multiple application names with a semicolon (;), a comma (,), or a newline character. You can add up to 50 applications.Application scope
This parameter is required if you select Application as the account type. The available fields are determined by the API running environment and include fields that require authorization in the production environment or development environment. If an API is associated with row-level permission, the system indicates this with the Row-level permission in effect status. You can click the View Row-level Permission button. In the View Row-level Permission panel, you can switch between environments to view the corresponding row-level permission information.
NoteWhen an API is in the development environment and running in Basic mode, it accesses data from the production environment. Proceed with caution.
For the production environment, you can select response parameters from the API's current online version. For the development environment, you can select them from the latest version in that environment.
If an application calls an API in proxy mode, the system returns data based on the row-level permission of the proxied user. If the application does not have a proxy permission, the system returns data based on the row-level permission of the application itself.
When the API operation type is Create, Update, or Delete, the API accesses data based on its running environment, and you do not need to select fields.
Permission configuration
Permission type
Usage Permission is selected by default and cannot be changed. If the account type is Application, you can also select Proxy Permission.
Usage Permission: Only usage permission can be requested when the API operation type is Create, Update, or Delete.
Proxy Permission: This permission takes effect when an API has row-level permission enabled and the
DelegationUidparameter is not empty (i.e., a value is set for the row-level permission parameter on the invocation page of Data Service > Invocation > Authorized API Services). When calling an API with row-level permission, the application must have a proxy permission to make calls on behalf of a user. For more information about direct connection and proxy modes for API calls, see Direct and proxy modes for API calls and testing.
Validity
You can select 30 Days, 90 Days, 180 Days, or Long-term. You can also select Custom and specify an end date.
Reason
Enter the reason for the application, which can be up to 128 characters long. This helps approvers understand the request.
Click Submit to complete the API permission application.
Return an API Permission
On the API Permissions tab, click Return in the Actions column for the target API.
In the Return This Permission dialog box, click OK to return the API permission.