To protect sensitive data and eliminate security threads on core abilities, you can use the permissions in the [Application Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission.
To protect sensitive data and eliminate security threats on core abilities, you can use the permissions in the [Application Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission.
## Available APIs
The table below lists only the API used for access permission verification. For more information, see [AbilityContext](../reference/apis/js-apis-ability-context.md).
The following describes only the API used for permission verification. For more information about the APIs, see [Application Access Control](../reference/apis/js-apis-abilityAccessCtrl.md).
| verifyAccessToken(tokenID: number, permissionName: string): Promise<GrantStatus> | Checks whether an application process has the specified permission.|
| tokenID | number | Yes | Token ID of the application. You can obtain the value from the [ApplicationInfo](../reference/apis/js-apis-bundleManager-applicationInfo.md) of the application. |
| permissionName | Permissions | Yes | Name of the permission to verify. Valid permission names are defined in the [Application Permission List](permission-list.md). |
## Example
...
...
@@ -19,10 +22,9 @@ The procedure is as follows:
1. Obtain the caller's identity (**tokenId**).
> **NOTE**
>
> You can use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md#getcallingtokenid8).
2. Determine the permission to verify, which is **ohos.permission.PERMISSION** in this example.
3. Call **verifyAccessToken()** to perform a permission verification for the caller.
> You can use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md).
2. Determine the permission to verify, which is **ohos.permission.ACCELEROMETER** in this example.
3. Call **checkAccessToken()** to perform a permission verification for the caller.
4. Proceed based on the permission verification result.