API Preparation

Complete the following prerequisite tasks before using the APIs provided by KakaoCloud.

Get IAM access key

An IAM access key is an IAM user credential that consists of an IAM access key ID and a secret access key. This information is required to issue an API authentication token. The permissions of an IAM access key are determined by the IAM role assigned in the selected project.
You can get IAM access keys from the profile menu in the upper-right corner of the console. For detailed steps, see Credentials > Get IAM access key.

Get API authentication token

Note

You must complete Get IAM access key before issuing an API authentication token.
By default, API authentication tokens expire after 12 hours. Depending on the situation, they may be changed or expire within 12 hours.

Caution

Starting April 2, 2026 at 22:00, the Content-Type value in the request header must be set to application/json when issuing an API authentication token.
After this change takes effect, requests that do not include Content-Type: application/json in the request header will not receive authentication tokens. Take the required action in advance to avoid service disruptions.

An API authentication token is an access token used instead of your KakaoCloud account ID and password. You can authenticate with this token in the CLI or API and use KakaoCloud services. There are two ways to issue an API authentication token, depending on the parameter configuration.

Category	Required Parameters
Method 1: Get API authentication token	IAM access key ID, secret access key
Method 2: Get API authentication token	IAM access key name, secret access key, user UUID

Method 1: Get API authentication token

The first method for issuing an API authentication token uses the IAM access key ID and secret access key.

Refer to Get IAM access key to get an IAM access key, then enter the following path as the POST URL.
API authentication token issuance URL
```
https://iam.kakaocloud.com/identity/v3/auth/tokens
```
When requesting an authentication token, you must include Content-Type in the request header as follows:

Key Value Requirement Description
Content-Type application/json Required Specifies that the data in the request body is in JSON format

Key	Value	Requirement	Description
Content-Type	application/json	Required	Specifies that the data in the request body is in JSON format

Add the following code to the JSON body and enter the required parameters.

Method 1: Get API authentication token
{
    "auth": {
        "identity": {
            "methods": [
                "application_credential"
            ],
            "application_credential": {
                "id": "${IAM access key ID}",
                "secret": "${Secret access key}"
            }
        }
    }
}

환경변수	설명
IAM access key ID🖌︎	Can be found when the IAM access key is created or by selecting the IAM access key from the IAM access key list
Secret access key🖌︎	Can be found only when the IAM access key is created

Check the issued API authentication token in the X-Subject-Token field of the response header.

Method 2: Get API authentication token

The second method for issuing an API authentication token uses the IAM access key name, secret access key, and user UUID.

Refer to Get IAM access key to get an IAM access key, then enter the following path as the POST URL.
API authentication token issuance URL
```
https://iam.kakaocloud.com/identity/v3/auth/tokens
```
When requesting an authentication token, you must include Content-Type in the request header as follows:

Key Value Requirement Description
Content-Type application/json Required Specifies that the data in the request body is in JSON format

Key	Value	Requirement	Description
Content-Type	application/json	Required	Specifies that the data in the request body is in JSON format

Add the following code to the JSON body and enter the required parameters.

Method 2: Get API authentication token
{
    "auth": {
        "identity": {
            "methods": [
                "application_credential"
            ],
            "application_credential": {
                "name": "${IAM access key name}",
                "secret": "${Secret access key}",
                "user": {
                    "id": "${User UUID}"
                }
            }
        }
    }
}

환경변수	설명
IAM access key name🖌︎	Can be found in KakaoCloud Console > upper-right profile > Credentials
Secret access key🖌︎	Can be found only when the IAM access key is created
User UUID🖌︎	Can be found in KakaoCloud Console > User profile > Account information

Check the issued API authentication token in the X-Subject-Token field of the response header.

Notification of token permission changes or expiration

Note

By default, API authentication tokens expire 12 hours after issuance. Depending on the situation, they may be changed or expire within 12 hours. In this case, you must issue a new token.

The permissions of an API authentication token may be periodically renewed or changed for security and permission management. Therefore, verify that the token is valid before performing required tasks, and issue a new token if necessary. API authentication token permissions may change or expire in the following cases:

Case	Description
Permission change	If the role in the project changes, the token inherits only the role or permissions that match the current role when compared with the role at the time the token was issued. - Example: If the role changes from Project Admin to Project Member, the token inherits Project Member permissions.
Permission expiration	Case 1: The project role is deleted, meaning the user is removed from the project. Case 2: The user manually deletes the IAM access key from KakaoCloud Console > Profile (upper right) > Credentials > IAM access key.

Appendix. View project list

KakaoCloud manages resources by project. The following explains how to view the list of projects that the user belongs to.

Request

Request example
GET https://iam.kakaocloud.com/identity/v3/users/{userId}/projects
X-Auth-Token: {tokenId}

Type	Parameter	Format	Required	Description
Header	`{tokenId}`	String	Required	API authentication token
URL	`{userId}`	String	Required	User UUID - Can be found in KakaoCloud Console > Profile (upper right) > Account information

Response

Response example
{
    "projects": [
        {
            "id": "ca7f6c731a004091a32d4eb97ec17271",
            "name": "kakaocloud-project",
            "domain_id": "327373ec52974577a79a5e26b26c27e9",
            "description": "kakaocloud-project",
            "enabled": true,
            "parent_id": "327373ec52974577a79a5e26b26c27e9",
            "is_domain": false,
            "tags": [],
            "options": {},
            "links": {
                "self": "http://iam.kakaocloud.com/v3/projects/ca7f6c731a004091a32d4eb97ec17271"
            }
        }
    ],
    "links": {
        "next": null,
        "self": "http://iam.kakaocloud.com/v3/users/f61e7df2a1d349e7b35d62ef9c615853/projects",
        "previous": null
    }
}

Appendix. Delete IAM access key

Follow these steps to delete an IAM access key.

Caution

When an IAM access key is deleted, the API authentication token automatically expires and can no longer be used.

From the user profile in the upper-right corner of the KakaoCloud console, select Credentials.

KakaoCloud console
Re-enter your password, and then click [Verify password].
In the Credentials menu, select the IAM access key to delete and click [Delete] at the top, or click [More options] and then click Delete.

Delete IAM access key
In the popup window, click [Delete].
Confirm that the IAM access key has been deleted from the IAM access key list.

Get IAM access key​

Get API authentication token​

Method 1: Get API authentication token​

Method 2: Get API authentication token​

Notification of token permission changes or expiration​

Appendix. View project list​

Request​

Response​

Appendix. Delete IAM access key​