Create Access Control V3
This API is used to create access control for website acceleration or file download service.
1. Request Definition
- API URL
https://cdn-api.swiftfederation.com/v3.0/services/{serviceId}/access_controls
- Request Method
POST
- Request Header
Refer to HTTP Request Headers
- Request Body
Request Body Data Format: JSON
Field | Required | Type | Description |
---|---|---|---|
name | Mandatory | string | Policy name for access control. |
type | Mandatory | string | Access control type, could be "allow", "deny" or "token". |
matchUrlPath | Mandatory | PolicyMatchVO | URL path match rule. |
matchQueryString | Optional | PolicyMatchVO | Query string match rule. |
priority | Optional | int | Priority weight of access control policy. policy with bigger weight will have higher priority, weight value can not be zero. |
subnet | Optional | string | Comma-separated list of ips/networks.Only requests from these subnets are allowed, other requests will be rejected with 403 Forbidden response. Examples: 172.31.31.0/255.255.255.0,172.31.32.0/24 |
location | Optional | string | Comma-separated list of geographic locations to be matched. Each location should be specified as a 2-letter ISO3166 code. E.g "SG,GB". |
anonymousIP | Optional | boolean | Set true to apply for anonymous IP, set false to apply for non anonymous IP. |
enabled | Optional | boolean | Flag defining if policy is active or no. default: true. |
PolicyMatchVO Definition | |||
operator | Mandatory | string | Defines how to match the field. Supported values:prefix,regex,equals,suffix. |
patterns | Mandatory | string[] | List of patterns to match what against. If any of the patterns matches then the match succeeds. |
Field tokenSecret is only for type "token". And "allow", "deny" don't need this field.
Field | Required | Type | Description |
---|---|---|---|
tokenSecret | Mandatory | string | Comma-separated list of tokens.Each token should have 64 characters,Each character must be numeric or lowercase letter. E.g "qjzw8z2c306hwqqg7pkl0po1k1afqljf4oxcbxv511wds50j56y5qyh1f2i8wi9b, 5i70op0gqbvvfbz6r8qosn0qkxsxcxavqy7xs2heoomhtt7n3bmtwye6qme5jxwu" |
For the tokenSecret algorithm, please refer to TokenSecret Authentication
- Request Body Example
{
"name": "ac1001",
"type": "token",
"matchUrlPath": {"operator":"prefix","patterns":["/"]},
"matchQueryString": {"operator":"prefix","patterns":["name1=1","name2=2"]},
"priority": 10,
"subnet": "172.31.31.0/255.255.255.0,172.31.32.0/24",
"location": "SG,CN",
"tokenSecret":"qjzw8z2c306hwqqg7pkl0po1k1afqljf4oxcbxv511wds50j56y5qyh1f2i8wi9b, 5i70op0gqbvvfbz6r8qosn0qkxsxcxavqy7xs2heoomhtt7n3bmtwye6qme5jxwu"
}
2. Response Definition
- Response Header
Refer to HTTP Response Headers
- Response Body
Field | Type | Description |
---|---|---|
id | int | Policy ID number for access control. |
name | string | Policy name for access control. |
type | string | Access control type, could be "allow", "deny" or "token". |
matchUrlPath | PolicyMatchVO | URL path match rule. |
matchQueryString | PolicyMatchVO | Query string match rule. |
priority | int | Priority weight of access control policy. policy with bigger weight will have higher priority, weight value can not be zero. |
subnet | string | Comma-separated list of ips/networks.Only requests from these subnets are allowed, other requests will be rejected with 403 Forbidden response. Examples: 172.31.31.0/255.255.255.0,172.31.32.0/24 |
location | string | Comma-separated list of geographic locations to be matched. Each location should be specified as a 2-letter ISO3166 code. E.g "SG,GB". |
tokenSecret | string | Comma-separated list of tokens.Each token should have 64 characters, Each character must be numeric or lowercase letter. E.g "qjzw8z2c306hwqqg7pkl0po1k1afqljf4oxcbxv511wds50j56y5qyh1f2i8wi9b,5i70op0gqbvvfbz6r8qosn0qkxsxcxavqy7xs2heoomhtt7n3bmtwye6qme5jxwu" |
enabled | boolean | Flag defining if policy is active or no. |
PolicyMatchVO Definition | ||
operator | string | Defines how to match the field. Supported values:prefix,regex,equals,suffix. |
patterns | string[] | List of patterns to match what against. If any of the patterns matches then the match succeeds. |
- Response Body Example
{
"id": 1001,
"name": "ac1001",
"type": "token",
"matchUrlPath": {"operator":"prefix","patterns":["/"]},
"matchQueryString": {"operator":"prefix","patterns":["name1=1","name2=2"]},
"priority": 10,
"subnet": "172.31.31.0/255.255.255.0,172.31.32.0/24",
"location": "SG,CN",
"tokenSecret":"qjzw8z2c306hwqqg7pkl0po1k1afqljf4oxcbxv511wds50j56y5qyh1f2i8wi9b, 5i70op0gqbvvfbz6r8qosn0qkxsxcxavqy7xs2heoomhtt7n3bmtwye6qme5jxwu"
}