• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Verifying API Access Permissions
2
3## When to Use
4
5To protect sensitive data and eliminate security threats on core abilities, you can use the permissions in the [Application Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission.
6
7## Available APIs
8
9The following table lists only the API used in this guide. For more information, see [Application Access Control](../reference/apis/js-apis-abilityAccessCtrl.md).
10
11checkAccessToken(tokenID: number, permissionName: Permissions): Promise<GrantStatus>
12
13| Name  | Type                | Mandatory| Description                                      |
14| -------- | -------------------  | ---- | ------------------------------------------ |
15| tokenID   |  number   | Yes  | Token ID of the application. You can obtain the value from the [ApplicationInfo](../reference/apis/js-apis-bundleManager-applicationInfo.md) of the application.            |
16| permissionName | Permissions | Yes  | Name of the permission to verify. Valid permission names are defined in the [Application Permission List](permission-list.md).|
17
18
19## Example
20
21The procedure is as follows:
22
231. Obtain the caller's identity (**tokenId**).
24   > **NOTE**<br>
25   > You can use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md).
262. Determine the permission to verify, which is **ohos.permission.PERMISSION** in this example.
273. Call **checkAccessToken()** to perform a permission verification of the caller.
284. Proceed based on the permission verification result.
29
30```js
31  import abilityAccessCtrl from '@ohos.abilityAccessCtrl'
32  import rpc from '@ohos.rpc'
33
34  class Stub extends rpc.RemoteObject {
35      onRemoteRequest(code, data, reply, option) {
36          let callerTokenId = rpc.IPCSkeleton.getCallingTokenId();
37          console.log("RpcServer: getCallingTokenId result: " + callerTokenId);
38          var atManager = abilityAccessCtrl.createAtManager();
39          try {
40              atManager.checkAccessToken(callerTokenId, "ohos.permission.ACCELEROMETER").then((data) => {
41                  console.log(`checkAccessToken success, data->${JSON.stringify(data)}`);
42              }).catch((err) => {
43                  console.log(`checkAccessToken fail, err->${JSON.stringify(err)}`);
44              });
45          } catch(err) {
46              console.log(`catch err->${JSON.stringify(err)}`);
47          }
48          return true;
49      }
50  }
51
52```
53