Authorization
Selectel products APIs are used to work with them:
-
IAM tokens:
- X-Auth-Token (scope: account) — to manage the resources tied to the account;
- X-Auth-Token (scope: project)� — to manage resources tied to the project.
-
static tokens:
- X-Token — to manage the resources tied to the account.
The token used depends on product.
The URL for addressing in requests can be found in URL list.
You can restrict access to the API at addresses that include https://api.selectel.ru.
X-Auth-Token (scope: account)
X-Auth-Token (scope: account) can be issued only service user.
X-Auth-Token (scope: account) — an IAM token that gives you access to manage most Selectel products and OpenStack API objects in the same way as a login and password in the control panel my.selectel.ru. Allows you to manage account resources.
The token is passed in the header X-Auth-Token in each request.
Token lifetime is 24 hours.
The token allows you to control:
- users and roles (IAM) и federations;
- balance и consumption statistics;
- dedicated servers;
- OpenStack API objects (cloud servers, network disks, and others) using APIs cloud platform projects and resources, project quotas and limits, read more in OpenStack documentation;
- CDN;
- DNS hosting (legacy);
- mobile farm.
Get X-Auth-Token (scope: account)
The X-Auth-Token (scope: account) can be issued to service users with a roles:
- Account Administrator;
- Billing Administrator;
- User Administrator;
- Account Supervisor.
If you are using Windows, in queries, replace single quotes ('') to double (""). We also recommend using PowerShell for queries and not using CMD.
- Execute the request:
curl -i -XPOST \
-H 'Content-Type: application/json' \
-d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"<username>","domain":{"name":"<account_id>"},"password":"<password>"}}},"scope":{"domain":{"name":"<account_id>"}}}}' \
'https://cloud.api.selcloud.ru/identity/v3/auth/tokens'
Specify:
<username>— name of the service user. You can view the name in control panels: from the top menu, press Account and go to the section Users → tab Service users (the section is available only to the Account Owner and User Administrator);<account_id>— control panel account number. You can look in control panels in the upper right-hand corner;<password>— service user password, can be viewed when creating a user or change to new.
If the authorization is successful, a response with a code will be returned 201 Created in the format:
HTTP/2 201
X-Subject-Token: token
- In the header.
X-Subject-Tokenlook at the token.
X-Auth-Token (scope: project)
The X-Auth-Token (scope: project) can only be written out service user.
X-Auth-Token (scope: project) — an IAM token that gives access to the management of most Selectel products and OpenStack API objects on par with a login and password in the control panel my.selectel.ru. Allows you to manage project resources.
The token is passed in the header X-Auth-Token in each request.
Token lifetime is 24 hours.
The token allows you to control:
- dedicated servers;
- OpenStack API objects (cloud servers, network disks, and others) using APIs cloud platform projects and resources, cloud platform resources in the project, project quotas and limits, read more in OpenStack documentation;
- cloud platform cloud databases, Managed Kubernetes, Container Registry secret manager (secrets, certificates, Let's Encrypt® certificates);
- object storage (Swift API и Selectel Storage API);
- DNS hosting;
- Selectel mail service;
- mobile farm.
Get X-Auth-Token (scope: project)
The X-Auth-Token (scope: project) can be issued to service users with a roles:
- Account Administrator;
- Billing Administrator;
- User Administrator;
- Account Supervisor;
- Project Administrator;
- Object Storage Administrator;
- Project Observer.
If you are using Windows, in queries, replace single quotes ('') to double (""). We also recommend using PowerShell for queries and not using CMD.
- Execute the request:
curl -i -XPOST \
-H 'Content-Type: application/json' \
-d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"<username>","domain":{"name":"<account_id>"},"password":"<password>"}}},"scope":{"project":{"name":"<project_name>","domain":{"name":"<account_id>"}}}}}' \
'https://cloud.api.selcloud.ru/identity/v3/auth/tokens'
Specify:
<username>— name of the service user. You can view the name in control panels: from the top menu, press Account and go to the section Users → tab Service users (the section is available only to the Account Owner and User Administrator);<account_id>— control panel account number. You can look in control panels in the upper right-hand corner;<password>— service user password, can be viewed when creating a user or change to new;<project_name>— project name.
If the authorization is successful, a response with a code will be returned 201 Created in the format:
HTTP/2 201
X-Subject-Token: token
- In the header.
X-Subject-Tokenlook at the token.
X-Token
The X-Token can only be issued control panel user.
X-Token is a static token that gives full access to the management of all Selectel products, except for OpenStack API objects, as well as login and password in the OpenStack API my.selectel.ru control panel.
The token is passed in the request in the header X-Token.
The lifetime of the token is unlimited.
For APIs that do not support X-Auth-Token (scope: account) и X-Auth-Token (scope: project) the X-Token is the only one:
Get an X-Token
- В control panels from the top menu, press Account.
- Go to the section API Keys.
- Click Add key.
- Enter the name of the key.
- Click Add.