Sensitive API Management
Last updated: 2025-10-28 10:01:55
Feature description
Super App as a Service (SAS) defines certain mini program or mini game APIs as sensitive, which may access personal information like location or biometric data. To ensure user privacy, the superapp can set these sensitive APIs to Restricted. In this state, mini programs or mini games must request permissions from the superapp to use these APIs. Once approved by the superapp, the mini program or mini game can access them. The list of default sensitive APIs can be customized as needed.
Roles and permissions
Capability | Role | Super admin | Platform admin | Superapp administrator | Superapp senior developer | Review staff |
Sensitive API list | ✓ | ✓ | ✓ | ✓ | ✓ |
Sensitive API management | Read-only | Read-only | ✓ | ✓ | - |
Approve sensitive API requests | Read-only | Read-only | ✓ | - | ✓ |
Sensitive API call approvals-Mini program/mini game list | Read-only | Read-only | ✓ | ✓ | ✓ |
Revoke sensitive API authorization | - | - | ✓ | ✓ | - |
Super admin/Platform admin: Has read-only access to Sensitive API management module, has permission to view the list of mini-programs/games that have been authorized for sensitive APIs, but cannot manage APIs, or approve/revoke sensitive API authorizations.
Superapp administrator: Has all permissions to Sensitive API management module, with permissions to manage APIs, approve, and revoke sensitive API authorizations, and can view the list of mini-programs/games that have been authorized for sensitive APIs.
Superapp senior developer: Has access to Sensitive API management module, can manage APIs and revoke sensitive API authorizations, can view the list of mini-programs/games that have been authorized for sensitive APIs, but cannot approve sensitive API requests.
Review staff: Has access to Sensitive API management module, has the permission to reprove sensitive API requests, can view the list of mini-programs/games that have been authorized for sensitive APIs, but cannot manage APIs or revoke sensitive API authorizations.
How to operate
Entry point
The superapp team admin can manage sensitive APIs and handle mini program requests by navigating to Superapp management > Sensitive API management in the console.
Sensitive API status
Public: APIs in the public status can be used without requesting permission from the superapp. Click Restrict to change the API status to Restricted.
Restricted: APIs in the restricted status require the mini program to request permission from the superapp. Once approved, the mini program can use the restricted API. Click Allow to change the API status to Public.
Add sensitive APIs
If the existing sensitive APIs do not meet the superapp's security needs, you can click Add sensitive API, and select more APIs to add to the sensitive API list.
Provide the custom API name and function, and set the applicable scope for the custom sensitive API. You can choose to make it applicable to both mini programs and mini games, or restrict it to either mini programs or mini games only.
Note:
Refer to the Custom APIs documentation for using the custom API feature. The “api_name” field should be applied to the custom API name.
Sensitive API permission requests and approval
Mini program or mini game requests for sensitive APIs
Mini program or mini game developers need to go to Mini program management/Mini game management > Development management in the left menu of the mini program team, and click API permissions to view the sensitive APIs set by the current mini program or mini game's bound superapp.
Click Request permission, fill in the request information, and request permission to call the sensitive API from the superapp.
After the mini program or mini game developer requests sensitive API permissions, the superapp team admin or approvers will receive approval information under Superapp management - Sensitive API management - Sensitive API call approvals.
Click Approve to open the approval window. Click Approve to agree to the mini program or mini game calling the sensitive API, or click Reject to deny the request.
After approval, the approval record will be displayed under the Approved section.
Revoke sensitive API permissions used by mini programs or mini games
Click Details next to the corresponding sensitive API to enter the Sensitive API details page.
The mini programs and mini games with the sensitive API permission are listed in the Authorized mini programs and mini games section. Click Revoke authorization to remove the permission. After revocation, the mini program or mini game must request permission again.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback