Authorization Methods
Authorization Accounts
- OrionStar Robot OpenAPI (hereinafter referred to as API) authorization accounts are issued by OrionStar;
- Authorization accounts include appid and secret, where appid is equivalent to the username of the account, and secret is equivalent to the password of the account;
- The authorization described below is to grant corresponding permissions to an authorization account;
Authorization Dimensions
- There are 3 dimensions of authorization as follows, APIs are subject to authorization restrictions from these 3 dimensions simultaneously, and you need to confirm the authorization requirements of these 3 dimensions separately according to your own situation:
- Data Dimension Authorization
- Data dimension authorization types are: “Agent-level Authorization” and “Enterprise-level Authorization”, see Data Dimension Authorization for details;
- IP Dimension Authorization
- IP dimension authorization is IP access restriction, see IP Dimension Authorization for details;
- Interface Dimension Authorization
- Interface dimension authorization is access restriction for specific APIs, see Interface Dimension Authorization for details;
Data Dimension Authorization
| Data Dimension Authorization | Accessible Data | How to Choose |
|---|---|---|
| Agent-level Authorization |
|
|
| Enterprise-level Authorization |
|
|
IP Dimension Authorization
- Why IP Dimension Authorization is Needed
- Because the API involves controlling robots, for security reasons, OrionStar needs to verify the Public Internet Egress IP address of the calling server (caller);
- When OrionStar Conducts IP Authorization Verification
- OrionStar will conduct IP authorization verification when you obtain the access token access_token (call Obtaining Access Token API);
- Except for the above Obtaining Access Token API, OrionStar will not conduct IP authorization verification for other APIs;
- When applying for an authorization account, you need to inform OrionStar of the Public Internet Egress IP address of the calling server (caller), and OrionStar needs to add this IP address to the whitelist before you can successfully call the API;
- Method for obtaining the server's Public Internet Egress IP address
- When you call the API that requires IP authorization mentioned above, OrionStar will obtain and verify your (caller's) Public Internet Egress IP address. Please note that OrionStar needs to whitelist your Public Internet Egress IP address (not the internal IP or entry IP);
- Please consult your operations or IT colleagues first to assist in querying your server's Public Internet Egress IP address;
- You can also execute the following cURL command on the server where you call the API that requires IP authorization:
# Execute on the server where you call the API that requires IP authorization curl --location 'https://global-openapi.orionstar.com/v1/myip' # The IP after IP: in the command's return content is your Public Internet Egress IP address. For example (the IP address in the example is: 11.22.33.44): IP: 11.22.33.44
- Below are commonly used internal IP ranges. Please ensure that your provided Public Internet Egresss IP is not within the following IP ranges (OrionStar requires your Public Internet Egress IP):
- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
Interface Dimension Authorization
- There are 2 types of interface dimension authorization as follows:
- Default Authorization
- APIs with default authorization are permissions that authorization accounts have by default, and can be called without additional application;
- The vast majority of APIs are default authorized, and it will be described in specific APIs whether they are default authorized;
- Special Authorization
- APIs with special authorization need to be applied for separately before they can be called, and it will be described in specific APIs whether they are special authorized;
- If you need to call APIs with special authorization, please contact OrionStar's pre-sales technical support for application;