Manage API Permissions

Permissions

Only application owners can return API permissions.

Apply for an API Permission

1. On the Dataphin homepage, in the top navigation bar, choose Management Center > Permission Management.

2. In the left navigation bar, select My Permissions > Data Service Permissions, and click the API Permissions tab. On the API Permissions tab, click + Apply for API Permissions.

3. On the API Permission Application page, configure the parameters.

   Parameter		Description
   Permission object	Account type	Select the account type: Application or Personal Account. Application is selected by default. Application: Only applications can be authorized when the API operation type is Create, Update, or Delete. Personal Account: In Basic mode, a development-environment API accesses production data—proceed with caution. In Dev-Prod mode, it accesses development data.
   	Service project	Select one or more service projects.
   	API	Select APIs by service project and API group. Search by keyword, use batch search, or click the icon to filter by API Group. Batch Search and Add: Click Batch Search and Add and enter API names in the Batch Search dialog box. Use the service_project.API_name format for exact matching. Separate names with a semicolon (;), comma (,), or newline. Maximum: 50 APIs. Note For personal account permissions, select a service project you have joined.
   	API environment	Required when the account type is Application. Select the API running environment: Development Environment, Production Environment, or both. Note The API uses the configuration submitted to the development environment or published to the production environment.
   	Application	Required when the account type is Application. Select applications from an application group. Only applications you have joined are available. Search by keyword, use batch search, or click the icon to filter by Application Group. Batch Search and Add: Click Batch Search and Add and enter application names in the Batch Search dialog box. Use the application_group.application_name format for exact matching. Separate names with a semicolon (;), comma (,), or newline. Maximum: 50 applications.
   Application scope		Required when the account type is Application. Available fields depend on the API running environment and include fields requiring authorization in the production environment or development environment. APIs with row-level permission display a Row-level permission in effect status. Click View Row-level Permission to view permission details by environment in the View Row-level Permission panel. Note In Basic mode, a development-environment API accesses production data. Proceed with caution. Production environment: select response parameters from the API's current online version. Development environment: select from the latest version. In proxy mode, data is returned based on the proxied user's row-level permission. Without proxy permission, data follows the application's own row-level permission. For Create, Update, or Delete operations, the API accesses data based on its running environment. No field selection is required.
   Permission configuration	Permission type	Usage Permission is selected by default and cannot be changed. If the account type is Application, you can also select Proxy Permission. Usage Permission: For Create, Update, or Delete operations, only usage permission can be requested. Proxy Permission: Takes effect when row-level permission is enabled and the DelegationUid parameter is set (on the Data Service > Invocation > Authorized API Services page). Applications must have proxy permission to call APIs on behalf of users. Direct and proxy modes for API calls and testing.
   	Validity	Options: 30 Days, 90 Days, 180 Days, Long-term, or Custom (specify an end date).
   	Reason	Enter the reason for the application. Maximum: 128 characters.

4. Click Submit.

Return an API Permission

1. On the API Permissions tab, click Return in the Actions column for the target API.

2. In the Return This Permission dialog box, click OK to return the API permission.