# AuthorizeSecurityGroupRule
## 1. API Description
This API (AuthorizeSecurityGroupRule) is used to add a security group rule.
{% hint style="info" %} **Note**
* Status of security group should be `Available`.
* Rules cannot be duplicated in one rule direction.
* The upper limit of quantity of security group rules is 40, including 20 inbound rules and 20 outbound rules.
* Editing is not supported for default security group.
{% endhint %}
## 2. Input Parameters
The following request parameter list only provides API request parameters.
| Parameter Name | Required | Type | Description |
| --------------- | -------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| securityGroupId | Yes | String | Security group ID. |
| direction | Yes | String | Traffic directions.
ingress: inbound rules.
egress: outbound rules.
|
| ipProtocol | Yes | String | Transport protocol. The value is case sensitive.
Available value:tcp: TCP protocol.udp: UDP protocol.icmp: ICMP protocol.all: all protocols supported.
|
| portRange | Yes | String | Destination port range.
Available values:For TCP and UDP protocols: The value ranges from 1 to 65535. Use a slash (/) to separate the start port number and the end port number. Examples: 1/200; incorrect example: 200/1.For ICMP protocol: -1/-1.For all protocols: -1/-1.
|
| cidrIp | Yes | String | Source IP address range.
Default value: 0.0.XX.XX/0.
|
| policy | No | String | Access strategy.
Available values:
accept: allows access by default.
Only accept strategy is supported for now.
Default value: accept
|
| priority | No | Integer | Priority of rules.
Available values:
\[1,100].
Default value: 1.
Default value: 1
|
| description | No | String | Rule description. |
## 3. Output Parameters
| Parameter Name | Type | Description |
| -------------- | ------ | --------------------------------------------------------------------------------------------------------------------- |
| requestId | String | The unique request ID, which is returned for each request.
RequestId is required for locating a problem.
|
## 4. Code Example
{% tabs %}
{% tab title="Example" %}
**Add a security group rule.**
```json
POST /api/v2/vm HTTP/1.1
Host: console.zenlayer.com
Content-Type: application/json
X-ZC-Action: AuthorizeSecurityGroupRule
Request:
{
"securityGroupId": "your-security-group-id",
"direction": "egress",
"policy": "accept",
"priority": 6,
"ipProtocol": "tcp",
"portRange": "22/22",
"cidrIp": "0.0.0.0/0"
}
Response:
{
"requestId": "T79B0A6A1-2921-4702-8F48-46C0541744FC",
"response": {
"requestId": "T79B0A6A1-2921-4702-8F48-46C0541744FC"
}
}
```
{% endtab %}
{% endtabs %}
## 5. Developer Resources
Zenlayer Cloud API 2.0 integrates [SDKs](/api-reference/api-introduction/toolkit/api-sdk.md),to make it easier for you to call APIs. More programming languages will be supported.
## 6. Error Codes
The following only lists the error codes related to the API business logic. For other error codes, see [Common Error Codes](/api-reference/api-introduction/instruction/commonerrorcode.md).
| HTTP Status Code | Error Code | Description |
| ---------------- | ---------------------------------------------------------- | ------------------------------------------------------------ |
| 400 | INVALID\_PARAMETER\_SECURITY\_GROUP\_RULE\_ID\_NOT\_ALLOW | Security group rule ID is not allowed to be passed in. |
| 400 | INVALID\_PARAMETER\_SECURITY\_GROUP\_POLICY | Invalid value of `policy`. |
| 400 | INVALID\_PARAMETER\_SECURITY\_GROUP\_PORT\_RANGE | Invalid value of `portRange`. |
| 400 | INVALID\_PARAMETER\_SECURITY\_GROUP\_PRIORITY | Invalid value of `priority`. |
| 400 | INVALID\_PARAMETER\_SECURITY\_GROUP\_SOURCE\_CIDR\_IP | Invalid value of source `cidrIp`. |
| 403 | OPERATION\_DENIED\_SECURITY\_GROUP\_EXIST\_REPEAT\_RULE | Duplicated security group rules. |
| 404 | INVALID\_SECURITY\_GROUP\_NOT\_FOUND | Security group does not exist. |
| 403 | OPERATION\_DENIED\_SECURITY\_GROUP\_STATUS\_NOT\_AVAILABLE | Status of security group should be `Available`. |
| 403 | OPERATION\_DENIED\_SECURITY\_GROUP\_RULE\_EXCEED\_LIMIT | Rule quantity exceeds limit. |
| 403 | OPERATION\_DENIED\_DEFAULT\_SECURITY\_GROUP\_NOT\_SUPPORT | Operations on the default security groups are not supported. |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.console.zenlayer.com/api-reference/compute/vm/security-group/authorizesecuritygrouprule.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.