Skip to main content

API Preparations

This document describes the necessary information required to utilize APIs provided by KakaoCloud.

Get access key

An access key, which is required to get an API authentication token, is comprised of an access key ID and a secret access key. The permissions of an access key is decided by IAM roles assigned within a selected project. For details, please refer to Get access key.

Get API authentication token

An API authentication token replaces your KakaoCloud account ID and password, allowing you to use CLI or APIs to access KakaoCloud services. You can get the API authentication token as follows.

TypeRequired parameters
Method 1. Get API authentication token   Access key ID, Secret access key
Method 2. Get API authentication tokenAccess key name, Secret access key, Unique user ID
info
  • Prior to obtaining the API authentication token, you need to create an access key beforehand.
  • By default, API authentication tokens expire 12 hours after issuance, and they may change or expire within 12 hours depending on the situation.

Method 1. Get API authentication token

You can obtain an API authentication token by using Access key ID and Secret access key as follows.

  1. After getting an access key, enter the following POST URL.

    Getting API authentication token
    https://iam.kakaocloud.com/identity/v3/auth/tokens
  2. Insert the code below into the JSON body of your request and fill in the required information.

    method 1 for issuing api authentication token
    {
    "auth": {
    "identity": {
    "methods": [
    "application_credential"
    ],
    "application_credential": {
    "id": "${Access key id}",
    "secret": "${secret access key}"
    }
    }
    }
    }
    환경변수설명
    Access key id🖌can be viewed when the Access key is created or by clicking on the specific Access key item in the Access key list
    secret access key🖌viewable only at the time of Access key creation
  3. Check the API authentication token in the X-Subject-Token field within the response header.

Method 2. Get API authentication token

You can also get an API authentication token as an alternative by using Access key name, Secret access key, Unique user ID.

  1. After getting an access key, enter the following POST URL.

    Getting API authentication token
    https://iam.kakaocloud.com/identity/v3/auth/tokens
  2. Insert the code below into the JSON body of your request and fill in the required information.

    method 2 for issuing api authentication token
    {
    "auth": {
    "identity": {
    "methods": [
    "application_credential"
    ],
    "application_credential": {
    "name": "${Access key name}",
    "secret": "${secret access key}",
    "user": {
    "id": "${user unique id}"
    }
    }
    }
    }
    }
    환경변수설명
    Access key name🖌viewable in kakaocloud console > user profile > Access key
    secret access key🖌viewable only at the time of Access key creation
    user unique id🖌viewable in kakaocloud console > user profile > account information
  3. Check the API authentication token in the X-Subject-Token field within the response header.

Changes or expiration of API authentication token permissions

info

By default, API authentication tokens expire 12 hours after issuance, and they may change or expire within 12 hours depending on the situation. In such cases, a new token must be issued.

The permissions of API authentication tokens can be periodically renewed or changed for security purposes. Therefore, users must verify the validity of the token before performing necessary tasks and obtain a new token. The permissions of API authentication tokens may change or expire under the following circumstances.

CaseDescription
Changes in permissions      If the role within the involved project changes, the token will inherit only the roles or permissions that match those at the time of token issuance and current roles
- e.g. If a user changes from Project Admin to Project Member, the user's API authentication token will inherit the permissions of a Project Member.
Expired permissionsCase 1. If the project role is removed (deleted from the project)
Case 2. If the user deletes his/her Access key in KakaoCloud Console > Profile(Top right) > Access key menu.

Appendix. View project list

In KakaoCloud, resources are organized and managed on a per-project basis. You can check all projects with which you are associated as follows.

Request

Request
GET https://iam.kakaocloud.com/identity/v3/users/{userId}/projects
X-Auth-token: {tokenId}
TypeParameterFormatRequiredDescription
Header{tokenId}   String  Yes  Token ID
URL{userId}StringYesUnique user ID
- Can be found in Web Console > Right Profile > Account Info

Response

Response Example
{
"projects": [
{
"id": "ca7f6c731a004091a32d4eb97ec17271",
"name": "kakaocloud-project",
"domain_id": "327373ec52974577a79a5e26b26c27e9",
"description": "kakaocloud-project",
"enabled": true,
"parent_id": "327373ec52974577a79a5e26b26c27e9",
"is_domain": false,
"tags": [],
"options": {},
"links": {
"self": "http://iam.kakaocloud.com/v3/projects/ca7f6c731a004091a32d4eb97ec17271"
}
}
],
"links": {
"next": null,
"self": "http://iam.kakaocloud.com/v3/users/f61e7df2a1d349e7b35d62ef9c615853/projects",
"previous": null
}
}

Appendix. Delete Access key

You can delete Access keys that are no longer needed.

caution

When a Access key is deleted, the API authentication token automatically expires and can no longer be used.

  1. Sign in to the KakaoCloud Console and go to Profile (top right) > Access key.
  1. Re-enter your password and click the [Confirm password] button.
  2. In the Access key tab, click the [Delete] button for the Access key you want to remove.
  1. In the popup window, click the [Delete] button.

  2. Verify that the Access key has been removed.