生成跨站点授权 meta¶

POST /api/v1/workspace_data/cross_site_grant/meta/create

概述¶

Body 请求参数¶

参数名	类型	必选	说明
targetWorkspaceUUID	string		被授权方工作空间 UUID；优先使用该字段，兼容旧字段 workspaceUUID 允许为空: False 允许为空字符串: False
workspaceUUID	string		被授权方工作空间 UUID 兼容字段，建议调用方改用 targetWorkspaceUUID 允许为空: False 允许为空字符串: False
type	array		数据类型, ["*"] 表示全部例子: ['logging', 'metric', 'object', 'custom_object', 'keyevent', 'tracing', 'rum', 'security', 'network', 'profiling'] 允许为空: True
indexes	array		索引名, [""] 表示全部例子: [''] 允许为空: False
conditions	json		授权范围过滤条件允许为空: False

参数补充说明¶

授权方生成跨站点授权 meta 文件。前端或调用方需要先在授权方站点完成 CrossSiteGrantCfg 公私钥初始化。

使用场景：用户选择“跨站点授权”后，在授权方工作空间调用本接口生成 meta，再把完整 meta 交给被授权方导入。
本接口只创建授权方 pending 记录并返回 meta，不会主动访问被授权方站点。
生成后的业务授权记录仍通过 /wksp_share/list 查看，通过 /wksp_share/<uuid>/modify 修改授权范围，通过 /wksp_share/delete 删除或撤销。

请求例子¶

curl 'https://openapi.guance.com/api/v1/workspace_data/cross_site_grant/meta/create' \
-H 'Content-Type: application/json' \
-H 'DF-API-KEY: <DF-API-KEY>' \
--data-raw '{"targetWorkspaceUUID":"wksp_target","type":["logging"],"indexes":["*"],"conditions":{}}' \
--compressed

响应¶

{
    "code": 200,
    "content": {
        "grantUUID": "grant_pending_1",
        "status": "pending",
        "expireAt": 1770000000,
        "fileName": "cross-site-grant-wksp_target-1770000000.json",
        "meta": {
            "version": "2026-05-27",
            "metaUUID": "meta_1",
            "createdAt": 1769998200,
            "expireAt": 1770000000,
            "sourceWorkspace": {
                "workspaceUUID": "wksp_source",
                "workspaceName": "授权方工作空间"
            },
            "targetWorkspaceUUID": "wksp_target",
            "sourceSite": {
                "siteCode": "testing",
                "regionCode": "testing",
                "issuer": "https://testing.example.com",
                "baseUrl": "https://testing.example.com",
                "jwksUri": "https://testing.example.com/api/v1/workspace_data/.well-known/cross-site-jwks.json",
                "kid": "kid_1",
                "publicKeys": [
                    {
                        "kid": "kid_1",
                        "publicKey": "-----BEGIN PUBLIC KEY-----..."
                    }
                ]
            },
            "grantScope": {
                "type": [
                    "logging"
                ],
                "indexes": [
                    "*"
                ],
                "conditions": {}
            },
            "auth": {
                "tempAuthCode": "temp_code_xxx",
                "tempAuthCodeExpireAt": 1770000000
            },
            "security": {
                "signAlg": "RS256",
                "kid": "kid_1"
            },
            "signature": "<JWS>"
        }
    },
    "errorCode": "",
    "message": "",
    "success": true,
    "traceId": "TRACE-EXAMPLE"
}