Prepare API usage
To use KakaoCloud APIs (Application Programming Interfaces), you must complete the following prerequisites.
Get IAM access key
An IAM access key, which consists of an IAM access key ID and secret access key, is required to Get API authentication token.
Permissions for the IAM access key are granted based on the IAM role assigned in the selected project.
You can issue an IAM access key from the profile menu at the top-right corner of the console. For details, refer to Issue IAM access key.
Get API authentication token
- To issue an API authentication token, you must first Issue IAM access key.
- By default, API authentication tokens expire after 12 hours. However, expiration or changes may occur earlier depending on the situation.
An API authentication token is a credential that replaces the account ID and password for accessing KakaoCloud services via CLI or API.
There are two methods to issue an API authentication token, depending on the parameters used.
Method | Required parameters |
---|---|
Method 1: Get API authentication token | IAM access key ID, secret access key |
Method 2: Get API authentication token | IAM access key name, secret access key, user UUID |
Method 1: Get API authentication token
This method uses IAM access key ID and secret access key.
-
After issuing an IAM access key using this guide, use the following POST URL:
API authentication token request URLhttps://iam.kakaocloud.com/identity/v3/auth/tokens
-
Add the following JSON body and input the required parameters:
Method 1: Get API authentication token{
"auth": {
"identity": {
"methods": [
"application_credential"
],
"application_credential": {
"id": "${IAM access key ID}",
"secret": "${Secret access key}"
}
}
}
}환경변수 설명 IAM access key ID🖌︎ Can be viewed when created or from the access key list Secret access key🖌︎ Only available at creation time -
Check the
X-Subject-Token
field in the response header for the issued API authentication token.
Method 2: Get API authentication token
This method uses IAM access key name, secret access key, and user UUID.
-
After issuing an IAM access key using this guide, use the following POST URL:
API authentication token request URLhttps://iam.kakaocloud.com/identity/v3/auth/tokens
-
Add the following JSON body and input the required parameters:
Method 2: Get API authentication token{
"auth": {
"identity": {
"methods": [
"application_credential"
],
"application_credential": {
"name": "${IAM access key name}",
"secret": "${Secret access key}",
"user": {
"id": "${User UUID}"
}
}
}
}
}환경변수 설명 IAM access key name🖌︎ Console > Top-right profile > Certification Secret access key🖌︎ Only available at creation time User UUID🖌︎ Console > Profile > Account info -
Check the
X-Subject-Token
field in the response header for the issued API authentication token.
Token permission changes or expiration
By default, API authentication tokens expire after 12 hours, but they may change or expire earlier. In such cases, you must reissue a new token.
To maintain security and proper access control, the permissions of an API authentication token may be refreshed or updated periodically.
Always check the token's validity before performing operations and reissue if necessary.
Case | Description |
---|---|
Permission change | If your project role has changed, only matching permissions at the time of token issuance will be retained. - Example: If your role changes from project admin to member, only member permissions apply. |
Permission expiration | Case 1. If your project role is deleted (e.g., removed from the project) Case 2. If the IAM access key is manually deleted from Console > Top-right profile > Certification |
Appendix: View project list
KakaoCloud manages resources by project. To view the list of projects associated with your user account:
Request
GET https://iam.kakaocloud.com/identity/v3/users/{userId}/projects
X-Auth-token: {tokenId}
Type | Parameter | Format | Required | Description |
---|---|---|---|---|
Header | {tokenId} | String | Required | API authentication token |
URL | {userId} | String | Required | User UUID - Available in KakaoCloud console > Top-right profile > Account info |
Response
{
"projects": [
{
"id": "ca7f6c731a004091a32d4eb97ec17271",
"name": "kakaocloud-project",
"domain_id": "327373ec52974577a79a5e26b26c27e9",
"description": "kakaocloud-project",
"enabled": true,
"parent_id": "327373ec52974577a79a5e26b26c27e9",
"is_domain": false,
"tags": [],
"options": {},
"links": {
"self": "http://iam.kakaocloud.com/v3/projects/ca7f6c731a004091a32d4eb97ec17271"
}
}
],
"links": {
"next": null,
"self": "http://iam.kakaocloud.com/v3/users/f61e7df2a1d349e7b35d62ef9c615853/projects",
"previous": null
}
}
Appendix. Delete IAM access key
Follow the steps below to delete an IAM access key.
When an IAM access key is deleted, its associated API authentication token is automatically invalidated and can no longer be used.
-
In the top-right corner of the KakaoCloud console, click the profile icon and select Certification.
KakaoCloud console -
Re-enter your password and click the [Verify password] button.
-
In the Certification menu, select the IAM access key to delete, then click the [Delete] button at the top, or click the [More options] icon and select Delete.
Delete IAM access key -
In the popup window, click the [Delete] button.
-
Confirm that the IAM access key has been removed from the list.