en:server_docs:authentication:grant

Authorization Methods

Authorization Accounts

  • OrionStar Robot OpenAPI (hereinafter referred to as API) authorization accounts are issued by OrionStar;
  • Authorization accounts include appid and secret, where appid is equivalent to the username of the account, and secret is equivalent to the password of the account;
  • The authorization described below is to grant corresponding permissions to an authorization account;

Authorization Dimensions

  • There are 3 dimensions of authorization as follows, APIs are subject to authorization restrictions from these 3 dimensions simultaneously, and you need to confirm the authorization requirements of these 3 dimensions separately according to your own situation:
    1. Data Dimension Authorization
      • Data dimension authorization types are: “Agent-level Authorization” and “Enterprise-level Authorization”, see Data Dimension Authorization for details;
    2. IP Dimension Authorization
    3. Interface Dimension Authorization
Data Dimension Authorization Accessible Data How to Choose
Agent-level Authorization
  • Can access data of all enterprises under the authorized agent (such as enterprise information, personnel information, and robot information, etc.);
  • An authorization account can grant data access permissions to multiple agents;
  • You are an agent-level customer and want to use the same authorization account to access data of all enterprises under the agent.
Enterprise-level Authorization
  • Can access all data under the authorized enterprise (such as personnel information and robot information, etc.);
  • An authorization account can grant data access permissions to multiple enterprises;
  • You are an enterprise-level customer and want to use the same authorization account to access all data under the enterprise;
  • You are an agent-level customer and want different authorization accounts to access data under different enterprises (do not want to use the same authorization account to access data of all enterprises under the agent);
  • Why IP Dimension Authorization is Needed
    • Because the API involves controlling robots, for security reasons, OrionStar needs to verify the Public Internet Egress IP address of the calling server (caller);
  • When OrionStar Conducts IP Authorization Verification
    • OrionStar will conduct IP authorization verification when you obtain the access token access_token (call Obtaining Access Token API);
    • Except for the above Obtaining Access Token API, OrionStar will not conduct IP authorization verification for other APIs;
    • When applying for an authorization account, you need to inform OrionStar of the Public Internet Egress IP address of the calling server (caller), and OrionStar needs to add this IP address to the whitelist before you can successfully call the API;
  • Method for obtaining the server's Public Internet Egress IP address
    • When you call the API that requires IP authorization mentioned above, OrionStar will obtain and verify your (caller's) Public Internet Egress IP address. Please note that OrionStar needs to whitelist your Public Internet Egress IP address (not the internal IP or entry IP);
    • Please consult your operations or IT colleagues first to assist in querying your server's Public Internet Egress IP address;
    • You can also execute the following cURL command on the server where you call the API that requires IP authorization:
    • # Execute on the server where you call the API that requires IP authorization
      curl --location 'https://global-openapi.orionstar.com/v1/myip'
       
      # The IP after IP: in the command's return content is your Public Internet Egress IP address. For example (the IP address in the example is: 11.22.33.44):
      IP: 11.22.33.44
    • Below are commonly used internal IP ranges. Please ensure that your provided Public Internet Egresss IP is not within the following IP ranges (OrionStar requires your Public Internet Egress IP):
      • 10.0.0.0 - 10.255.255.255
      • 172.16.0.0 - 172.31.255.255
      • 192.168.0.0 - 192.168.255.255
  • There are 2 types of interface dimension authorization as follows:
    • Default Authorization
      • APIs with default authorization are permissions that authorization accounts have by default, and can be called without additional application.
      • The vast majority of APIs are default authorized, and it will be described in specific APIs whether they are default authorized;
    • Special Authorization
      • APIs with special authorization need to be applied for separately before they can be called, and it will be described in specific APIs whether they are special authorized;
      • If you need to call APIs with special authorization, please contact OrionStar's pre-sales technical support for application;
  • Last modified: 2024-04-08 16:14 +0800