doc-exports/docs/iam/api-ref/iam_02_0029.html

Modifying the ACL for API Access

Function

This API is provided for the administrator to modify the ACL for API access.

URI

PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/api-acl-policy

Table 1 URI parameters

Parameter	Mandatory	Type	Description
domain_id	Yes	String	Domain ID.

Request Parameters

Table 2 Parameters in the request header

Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Token with Security Administrator permissions.

Table 3 Parameters in the request body

Parameter	Mandatory	Type	Description
api_acl_policy	Yes	Object	ACL for API access.

Table 4 api_acl_policy

Parameter	Mandatory	Type	Description
allow_address_netmasks	No	Array of objects	IPv4 CIDR blocks from which API access is allowed. Specify either allow_address_netmasks or allow_ip_ranges.
allow_ip_ranges	No	Array of objects	IP address ranges from which API access is allowed. Specify either allow_address_netmasks or allow_ip_ranges.
allow_vpc_endpoints	No	Array of objects	VPC address from which API access is allowed.

Table 5 allow_address_netmasks

Parameter	Mandatory	Type	Description
address_netmask	Yes	String	IPv4 CIDR block, for example, 192.168.0.1/24.
description	No	String	Description about the IPv4 CIDR block.

Table 6 allow_ip_ranges

Parameter	Mandatory	Type	Description
description	No	String	Description about an IP address range.
ip_range	Yes	String	IP address range, for example, 0.0.0.0-255.255.255.255.

Table 7 allow_vpc_endpoints

Parameter	Mandatory	Type	Description
description	No	String	Description about the VPC address.
vpc_endpoint_id	Yes	String	VPC address, for example, 8di3jdu-38d7-jhfa-7df6-8adyfiadfia6d.

Response Parameters

Table 8 Parameters in the response body

Parameter	Type	Description
api_acl_policy	Object	ACL for API access.

Table 9 api_acl_policy

Parameter	Type	Description
allow_address_netmasks	Array of objects	IPv4 CIDR blocks from which API access is allowed.
allow_ip_ranges	Array of objects	IP address ranges from which API access is allowed.
allow_vpc_endpoints	Array of objects	VPC address from which access is allowed. This parameter is only returned when a VPC address from which API access is allowed is specified.

Table 10 api_acl_policy.allow_address_netmasks

Parameter	Type	Description
address_netmask	String	IPv4 CIDR block, for example, 192.168.0.1/24.
description	String	Description about the IPv4 CIDR block.

Table 11 api_acl_policy.allow_ip_ranges

Parameter	Type	Description
description	String	Description about an IP address range.
ip_range	String	IP address range, for example, 0.0.0.0-255.255.255.255.

Table 12 api_acl_policy.allow_vpc_endpoints

Parameter	Type	Description
description	String	Description about the VPC address.
vpc_endpoint_id	String	VPC address, for example, 8di3jdu-38d7-jhfa-7df6-8adyfiadfia6d.

Example Request

PUT https://sample.domain.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/api-acl-policy 
 
{ 
  "api_acl_policy" : { 
    "allow_ip_ranges" : [ { 
      "ip_range" : "0.0.0.0-255.255.255.255", 
      "description" : "1"     
    } ] 
  } 
}

Example Response

Status code: 200

The request is successful.

{ 
  "api_acl_policy" : { 
    "allow_ip_ranges" : [ { 
      "ip_range" : "0.0.0.0-255.255.255.255", 
      "description" : "1" 
    } ] 
  } 
}

Status code: 400

The request body is abnormal.

• Example 1

{ 
   "error_msg" : "'%(key)s' is a required property.", 
   "error_code" : "IAM.0072" 
 }

• Example 2

{ 
   "error_msg" : "Invalid input for field '%(key)s'. The value is '%(value)s'.", 
   "error_code" : "IAM.0073" 
 }

Status code: 500

The system is abnormal.

{ 
  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
  "error_code" : "IAM.0006" 
}

Status Codes

Status Code	Description
200	The request is successful.
400	The request body is abnormal.
401	Authentication failed.
403	Access denied.
500	The system is abnormal.

Parent topic: Security Settings