API preparation
The following preliminary steps must be performed to use the Application Programming Interface (API) provided by KakaoCloud.
Get IAM access key
An IAM access key, which serves as a user credential, consists of an IAM access key ID and a secret access key. This information is required to get an API authentication token.
The permissions of the IAM access key are determined by the IAM role of the selected project.
IAM access keys can be getd from the profile section at the top right of the console. For detailed issuance procedures, please refer to Credentials > Get IAM access key.
Get API authentication token
- You must Get an IAM access key before you can get an API authentication token.
- By default, API authentication tokens expire after 12 hours. Depending on the situation, they may change or expire even within 12 hours.
- Starting from April 2, 2026, at 22:00, you must set the 'Content-Type' value in the Request Header to
application/jsonwhen issuing API authentication tokens. - After the application date, requests that do not include 'Content-Type: application/json' in the Request Header will fail to get authentication tokens. Please take proactive measures to ensure there are no disruptions to your service.
An API authentication token is an access token that replaces your KakaoCloud account ID and password. You can use this token to authenticate via CLI or API and utilize KakaoCloud services. There are two methods for issuing an API authentication token depending on the parameter configuration.
| Category | Required Parameters |
|---|---|
| Method 1: Get API authentication token | IAM access key ID, Secret access key |
| Method 2: Get API authentication token | IAM access key name, Secret access key, User UUID |
Method 1: Get API authentication token
The first method for issuing an API authentication token uses the IAM access key ID and Secret access key.
-
Refer to Get IAM access key to obtain your keys, then enter the following path in the POST URL.
API authentication token issuance URL[https://iam.kakaocloud.com/identity/v3/auth/tokens](https://iam.kakaocloud.com/identity/v3/auth/tokens) -
When requesting a token, you must include 'Content-Type' in the Request Header as follows:
Key Value Requirement Description Content-Type application/json Mandatory Specifies the format of the data in the request body as JSON -
Add the following code to the JSON Body and enter the required parameters.
Method 1: Get API authentication token{
"auth": {
"identity": {
"methods": [
"application_credential"
],
"application_credential": {
"id": "${IAM access key ID}",
"secret": "${Secret access key}"
}
}
}
}환경변수 설명 IAM access key ID🖌︎ Viewable at the time of creation or by clicking the specific key in the IAM access key list Secret access key🖌︎ Viewable only at the time of IAM access key creation -
Check the getd API authentication token in the
X-Subject-Tokenfield of the Response Header.
Method 2: Get API authentication token
The second method for issuing an API authentication token uses the IAM access key name, Secret access key, and User UUID.
-
Refer to Get IAM access key to obtain your keys, then enter the following path in the POST URL.
API authentication token issuance URL[https://iam.kakaocloud.com/identity/v3/auth/tokens](https://iam.kakaocloud.com/identity/v3/auth/tokens) -
When requesting a token, you must include 'Content-Type' in the Request Header as follows:
Key Value Requirement Description Content-Type application/json Mandatory Specifies the format of the data in the request body as JSON -
Add the following code to the JSON Body and enter the required parameters.
Method 2: Get API authentication token{
"auth": {
"identity": {
"methods": [
"application_credential"
],
"application_credential": {
"name": "${IAM access key name} > Credentials</strong>)",
"secret": "${Secret access key}",
"user": {
"id": "${User UUID}"
}
}
}
}
}환경변수 설명 IAM access key name🖌︎ Viewable at Console > Profile (top right Secret access key🖌︎ Viewable only at the time of IAM access key creation User UUID🖌︎ Viewable at Console > User Profile > Account Information -
Check the getd API authentication token in the
X-Subject-Tokenfield of the Response Header.
Notification of token permission changes or expiration
By default, API authentication tokens expire 12 hours after issuance. They may change or expire within 12 hours depending on the situation. In such cases, a new token must be getd.
Permissions for API authentication tokens are periodically renewed or changed for security and access management. Therefore, users should verify token validity before performing tasks and get new tokens if necessary. Token permissions may change or expire in the following cases:
| Case | Description |
|---|---|
| Permission Change | If the role in the assigned project changes, only the roles or permissions that match the current role are inherited. - Example: Changing from Project Admin to Project Member inherits Project Member permissions. |
| Permission Expiration | Case 1: When the project role is deleted (removed from project). Case 2: When the user manually deletes the IAM access key from Profile > Credentials > IAM Access Key. |
Appendix: View project list
KakaoCloud manages resources at the project level. The following explains how to view the list of projects you belong to.
Request
GET https://iam.kakaocloud.com/identity/v3/users/{userId}/projects
X-Auth-token: {tokenId}
| Type | Parameter | Format | Required | Description |
|---|---|---|---|---|
| Header | {tokenId} | String | Required | API authentication token |
| URL | {userId} | String | Required | User UUID - Available in KakaoCloud console > Top-right profile > Account info |
Response
{
"projects": [
{
"id": "ca7f6c731a004091a32d4eb97ec17271",
"name": "kakaocloud-project",
"domain_id": "327373ec52974577a79a5e26b26c27e9",
"description": "kakaocloud-project",
"enabled": true,
"parent_id": "327373ec52974577a79a5e26b26c27e9",
"is_domain": false,
"tags": [],
"options": {},
"links": {
"self": "http://iam.kakaocloud.com/v3/projects/ca7f6c731a004091a32d4eb97ec17271"
}
}
],
"links": {
"next": null,
"self": "http://iam.kakaocloud.com/v3/users/f61e7df2a1d349e7b35d62ef9c615853/projects",
"previous": null
}
}
Appendix. Delete IAM access key
Follow the steps below to delete an IAM access key.
When an IAM access key is deleted, its associated API authentication token is automatically invalidated and can no longer be used.
-
In the top-right corner of the KakaoCloud console, select the profile icon and select Certification.
KakaoCloud console -
Re-enter your password and select the [Verify password] button.
-
In the Certification menu, select the IAM access key to delete, then select the [Delete] button at the top, or select the [More options] icon and select Delete.
Delete IAM access key -
In the popup window, select the [Delete] button.
-
Confirm that the IAM access key has been removed from the list.