API Preparations
This document describes the necessary information required to utilize APIs provided by KakaoCloud.
Get access key
An access key, which is required to get an API authentication token, is comprised of an access key ID and a secret access key. The permissions of an access key is decided by IAM roles assigned within a selected project. For details, please refer to Get access key.
Get API authentication token
An API authentication token replaces your KakaoCloud account ID and password, allowing you to use CLI or APIs to access KakaoCloud services. You can get the API authentication token as follows.
Type | Required parameters |
---|---|
Method 1. Get API authentication token | Access key ID, Secret access key |
Method 2. Get API authentication token | Access key name, Secret access key, Unique user ID |
- Prior to obtaining the API authentication token, you need to create an access key beforehand.
- By default, API authentication tokens expire 12 hours after issuance, and they may change or expire within 12 hours depending on the situation.
Method 1. Get API authentication token
You can obtain an API authentication token by using Access key ID and Secret access key as follows.
-
After getting an access key, enter the following
POST
URL.Getting API authentication tokenhttps://iam.kakaocloud.com/identity/v3/auth/tokens
-
Insert the code below into the JSON body of your request and fill in the required information.
method 1 for issuing api authentication token{
"auth": {
"identity": {
"methods": [
"application_credential"
],
"application_credential": {
"id": "${Access key id}",
"secret": "${secret access key}"
}
}
}
}환경변수 설명 Access key id🖌︎ can be viewed when the Access key is created or by clicking on the specific Access key item in the Access key list secret access key🖌︎ viewable only at the time of Access key creation -
Check the API authentication token in the
X-Subject-Token
field within the response header.
Method 2. Get API authentication token
You can also get an API authentication token as an alternative by using Access key name, Secret access key, Unique user ID.
-
After getting an access key, enter the following
POST
URL.Getting API authentication tokenhttps://iam.kakaocloud.com/identity/v3/auth/tokens
-
Insert the code below into the JSON body of your request and fill in the required information.
method 2 for issuing api authentication token{
"auth": {
"identity": {
"methods": [
"application_credential"
],
"application_credential": {
"name": "${Access key name}",
"secret": "${secret access key}",
"user": {
"id": "${user unique id}"
}
}
}
}
}환경변수 설명 Access key name🖌︎ viewable in kakaocloud console > user profile > Access key secret access key🖌︎ viewable only at the time of Access key creation user unique id🖌︎ viewable in kakaocloud console > user profile > account information -
Check the API authentication token in the
X-Subject-Token
field within the response header.
Changes or expiration of API authentication token permissions
By default, API authentication tokens expire 12 hours after issuance, and they may change or expire within 12 hours depending on the situation. In such cases, a new token must be issued.
The permissions of API authentication tokens can be periodically renewed or changed for security purposes. Therefore, users must verify the validity of the token before performing necessary tasks and obtain a new token. The permissions of API authentication tokens may change or expire under the following circumstances.
Case | Description |
---|---|
Changes in permissions | If the role within the involved project changes, the token will inherit only the roles or permissions that match those at the time of token issuance and current roles - e.g. If a user changes from Project Admin to Project Member, the user's API authentication token will inherit the permissions of a Project Member. |
Expired permissions | Case 1. If the project role is removed (deleted from the project) Case 2. If the user deletes his/her Access key in KakaoCloud Console > Profile(Top right) > Access key menu. |
Appendix. View project list
In KakaoCloud, resources are organized and managed on a per-project basis. You can check all projects with which you are associated as follows.
Request
GET https://iam.kakaocloud.com/identity/v3/users/{userId}/projects
X-Auth-token: {tokenId}
Type | Parameter | Format | Required | Description |
---|---|---|---|---|
Header | {tokenId} | String | Yes | Token ID |
URL | {userId} | String | Yes | Unique user ID - Can be found in Web Console > Right Profile > Account Info |
Response
{
"projects": [
{
"id": "ca7f6c731a004091a32d4eb97ec17271",
"name": "kakaocloud-project",
"domain_id": "327373ec52974577a79a5e26b26c27e9",
"description": "kakaocloud-project",
"enabled": true,
"parent_id": "327373ec52974577a79a5e26b26c27e9",
"is_domain": false,
"tags": [],
"options": {},
"links": {
"self": "http://iam.kakaocloud.com/v3/projects/ca7f6c731a004091a32d4eb97ec17271"
}
}
],
"links": {
"next": null,
"self": "http://iam.kakaocloud.com/v3/users/f61e7df2a1d349e7b35d62ef9c615853/projects",
"previous": null
}
}
Appendix. Delete Access key
You can delete Access keys that are no longer needed.
When a Access key is deleted, the API authentication token automatically expires and can no longer be used.
- Sign in to the KakaoCloud Console and go to Profile (top right) > Access key.
- Re-enter your password and click the [Confirm password] button.
- In the Access key tab, click the [Delete] button for the Access key you want to remove.
-
In the popup window, click the [Delete] button.
-
Verify that the Access key has been removed.