Skip to main content

Request Authentication

Depending on the product or its resource, login and password are used instead of login and password to work with the Selectel Products API and authenticate requests:

  • IAM tokens — issued to service users. Token lifetime is 24 hours. IAM-tokens are transmitted in the X-Auth-Token header and have different validity range:

  • static tokens ( static_token) — issued to control panel users.. Token lifetime is not limited. They are used to manage resources bound to the account. Passed in the header X-Token.

The address (URL) to refer to in requests can be viewed in the URL list.

You can restrict API access to addresses that include https://api.selectel.ru.

IAM token for account (X-Auth-Token)

For your information

An IAM token for an account can only be issued to a service user.

The token is passed in the X-Auth-Token header.

IAM account token (iam_token_account_scoped) gives access to the management of most Selectel products and OpenStack API objects on par with login and password in the my.selectel.ru control panel .Allows to manage account resources.

The lifetime of the token is 24 hours.

The token allows you to control:

Get an IAM token for the account

It is possible to issue an IAM token for an account to service users with roles:

  • Account Administrator;
  • Billing Administrator;
  • User Admin;
  • Account Supervisor.
For your information

If you are using Windows, replace single quotes ('') with double quotes ("") in queries. We also recommend that you use PowerShell for queries and do not use CMD.

  1. Execute the request:
 curl -i -XPOST \
-H 'Content-Type: application/json' \
-d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"<username>","domain":{"name":"<account_id>"},"password":"<password>"}}},"scope":{"domain":{"name":"<account_id>"}}}}' \
'https://cloud.api.selcloud.ru/identity/v3/auth/tokens'

Specify:

  • <username> — the name of the service user. You can view the name in the control panel: in the top menu, click Account and go to Users → tab Service Users (the section is available only to the Account Owner and User Administrator);
  • <account_id> — control panel account number. Can be viewed in control panel in the upper right corner;
  • <password> — service user password, can be viewed when creating a user or changed to a new one. change it to a new one.

A successful authorization will return a response with a 201 Created code in the format:

HTTP/2 201
X-Subject-Token: token
  1. In the X-Subject-Token header, look for the token.

IAM token for the project (X-Auth-Token)

For your information

The IAM token for a project can only be issued to a service user.

The token is passed in the X-Auth-Token header.

IAM token for the project (iam_token_project_scoped) gives access to the management of most Selectel products and OpenStack API objects on the same level as login and password in the my.selectel.ru control panel .Allows to manage project resources.

The lifetime of the token is 24 hours.

The token allows you to control:

Obtain an IAM token for the project

The IAM token for a project can be issued to service users with roles:

  • Account Administrator;
  • Billing Administrator;
  • User Administrator;
  • Account Supervisor;
  • Project Administrator;
  • Object Storage Administrator;
  • Project Observer.
For your information

If you are using Windows, replace single quotes ('') with double quotes ("") in queries. We also recommend that you use PowerShell for queries and do not use CMD.

  1. Execute the request:
 curl -i -XPOST \
-H 'Content-Type: application/json' \
-d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"<username>","domain":{"name":"<account_id>"},"password":"<password>"}}},"scope":{"project":{"name":"<project_name>","domain":{"name":"<account_id>"}}}}}' \
'https://cloud.api.selcloud.ru/identity/v3/auth/tokens'

Specify:

  • <username> — the name of the service user. You can view the name in the control panel: in the top menu, click Account and go to Users → tab Service Users (the section is available only to the Account Owner and User Administrator);
  • <account_id> — control panel account number. Can be viewed in control panel in the upper right corner;
  • <password> — service user password, can be viewed when creating a user or change it to a new one;
  • <project_name> — project name.

A successful authorization will return a response with a 201 Created code in the format:

HTTP/2 201
X-Subject-Token: token
  1. In the X-Subject-Token header, look for the token.

Static token (X-Token)

For your information

An X-Token can only be issued to a control panel user.

The token is passed in the request in the X-Token header.

static token (static_token) gives full access to the management of all Selectel products, except for OpenStack API objects, as well as login and password in the my.selectel.ru control panel.

The lifetime of the token is unlimited.

For APIs that do not support IAM token for account and IAM token for project, X-Token is the only one:

Get a static token

  1. In the control panel, on the top menu, click Account.
  2. Go to API Keys.
  3. Click Add Key.
  4. Enter the name of the key.
  5. Click Add.

Support of tokens in API

APIIAM token for the accountIAM token for the projectStatic token
IAM
Federations
Balance
Statistics
Dedicated servers
Cloud platform projects and resources
Cloud platform resources in the project
Project quotas and limits
Cloud databases
Managed Kubernetes
Container Registry
Secrets
Certificates
Let's Encrypt® Certificates
Swift
Selectel Storage
CDN
DNS hosting (actual)
DNS hosting (legacy)
Selectel postal service
IP address accounting service
Logging Platform
Ready cloud 1C
Mobile farm
Tickets
Attachments