Skip to main content

Prepare API usage

To use KakaoCloud APIs (Application Programming Interfaces), you must complete the following prerequisites.

Get IAM access key

An IAM access key, which consists of an IAM access key ID and secret access key, is required to Get API authentication token.
Permissions for the IAM access key are granted based on the IAM role assigned in the selected project.
You can issue an IAM access key from the profile menu at the top-right corner of the console. For details, refer to Issue IAM access key.

Get API authentication token

info
  • To issue an API authentication token, you must first Issue IAM access key.
  • By default, API authentication tokens expire after 12 hours. However, expiration or changes may occur earlier depending on the situation.

An API authentication token is a credential that replaces the account ID and password for accessing KakaoCloud services via CLI or API.
There are two methods to issue an API authentication token, depending on the parameters used.

MethodRequired parameters
Method 1: Get API authentication tokenIAM access key ID, secret access key
Method 2: Get API authentication tokenIAM access key name, secret access key, user UUID

Method 1: Get API authentication token

This method uses IAM access key ID and secret access key.

  1. After issuing an IAM access key using this guide, use the following POST URL:

    API authentication token request URL
    https://iam.kakaocloud.com/identity/v3/auth/tokens
  2. Add the following JSON body and input the required parameters:

    Method 1: Get API authentication token
    {
    "auth": {
    "identity": {
    "methods": [
    "application_credential"
    ],
    "application_credential": {
    "id": "${IAM access key ID}",
    "secret": "${Secret access key}"
    }
    }
    }
    }
    환경변수설명
    IAM access key ID🖌Can be viewed when created or from the access key list
    Secret access key🖌Only available at creation time
  3. Check the X-Subject-Token field in the response header for the issued API authentication token.

Method 2: Get API authentication token

This method uses IAM access key name, secret access key, and user UUID.

  1. After issuing an IAM access key using this guide, use the following POST URL:

    API authentication token request URL
    https://iam.kakaocloud.com/identity/v3/auth/tokens
  2. Add the following JSON body and input the required parameters:

    Method 2: Get API authentication token
    {
    "auth": {
    "identity": {
    "methods": [
    "application_credential"
    ],
    "application_credential": {
    "name": "${IAM access key name}",
    "secret": "${Secret access key}",
    "user": {
    "id": "${User UUID}"
    }
    }
    }
    }
    }
    환경변수설명
    IAM access key name🖌Console > Top-right profile > Certification
    Secret access key🖌Only available at creation time
    User UUID🖌Console > Profile > Account info
  3. Check the X-Subject-Token field in the response header for the issued API authentication token.

Token permission changes or expiration

info

By default, API authentication tokens expire after 12 hours, but they may change or expire earlier. In such cases, you must reissue a new token.

To maintain security and proper access control, the permissions of an API authentication token may be refreshed or updated periodically.
Always check the token's validity before performing operations and reissue if necessary.

CaseDescription
Permission changeIf your project role has changed, only matching permissions at the time of token issuance will be retained.
- Example: If your role changes from project admin to member, only member permissions apply.
Permission expirationCase 1. If your project role is deleted (e.g., removed from the project)
Case 2. If the IAM access key is manually deleted from Console > Top-right profile > Certification

Appendix: View project list

KakaoCloud manages resources by project. To view the list of projects associated with your user account:

Request

Sample request
GET https://iam.kakaocloud.com/identity/v3/users/{userId}/projects
X-Auth-token: {tokenId}
TypeParameterFormatRequiredDescription
Header{tokenId}   String   Required   API authentication token
URL{userId}StringRequiredUser UUID
- Available in KakaoCloud console > Top-right profile > Account info

Response

Response Example
{
"projects": [
{
"id": "ca7f6c731a004091a32d4eb97ec17271",
"name": "kakaocloud-project",
"domain_id": "327373ec52974577a79a5e26b26c27e9",
"description": "kakaocloud-project",
"enabled": true,
"parent_id": "327373ec52974577a79a5e26b26c27e9",
"is_domain": false,
"tags": [],
"options": {},
"links": {
"self": "http://iam.kakaocloud.com/v3/projects/ca7f6c731a004091a32d4eb97ec17271"
}
}
],
"links": {
"next": null,
"self": "http://iam.kakaocloud.com/v3/users/f61e7df2a1d349e7b35d62ef9c615853/projects",
"previous": null
}
}

Appendix. Delete IAM access key

Follow the steps below to delete an IAM access key.

caution

When an IAM access key is deleted, its associated API authentication token is automatically invalidated and can no longer be used.

  1. In the top-right corner of the KakaoCloud console, click the profile icon and select Certification.

    Image. KakaoCloud console
    KakaoCloud console

  2. Re-enter your password and click the [Verify password] button.

  3. In the Certification menu, select the IAM access key to delete, then click the [Delete] button at the top, or click the [More options] icon and select Delete.

    Image. Delete IAM access key
    Delete IAM access key

  4. In the popup window, click the [Delete] button.

  5. Confirm that the IAM access key has been removed from the list.