Authorization

Selectel Token

Selectel Token (API key) provides full access to the management of all Selectel services along with the login and password from the my.selectel.ru Control panel account.

The Selectel token is used as the main token for working through the API with Selectel services that do not have an additional authorization system, for example, for Dedicated servers or DNS hosting, as well as for working with tickets.

An additional short-lived token is required to manage objects (virtual machines, containers, and so on) of individual services that have their own authorization system.

For example, a separate OpenStack Keystone Identity token is required to create any resources (virtual machines, volumes, and so on) in the Selectel Cloud platform. The following authorization scheme is used:

  1. The Selectel token is used to work with projects and users.
  2. A separate token of the authorization system of this service is used to work directly with the resources of this service. To obtain this separate token, you need a Selectel token.

Obtaining a Selectel Token

Creating a Token

To create a Selectel token (API key) in the Control panel:

  1. Click Add key.
  2. Enter the key name in the block that opens.
  3. Click Create key.

Deleting a Token

To delete a Selectel token (API key), open the (⋮) menu and select Delete.

If the Selectel token (API key) may be useful in the future, but is not needed now, you can temporarily disable it by clicking the toggle switch instead of deleting it. To disable the key, click the toggle switch.

Renaming a Token

To rename a Selectel token, open the (⋮) menu and select Rename.

An Example of Using a Selectel Token

In the Selectel Cloud platform, run the following query using the Selectel token:

curl -H "X-token: <token_value>" -H "Content-Type: application/json" https://api.selectel.ru/vpc/resell/v2

The Selectel token is passed in each request in the X-Token header.

An example of creating a project named Test and setting quotas for vCPU=8 in the ru-1 region of the ru-1b zone:

curl -H "X-Token: <token_value>"  'https://api.selectel.ru/vpc/resell/v2/projects' -X POST -H "Content-Type: application/json" -d '{"project" :{"name":"Test", "quotas": {"compute_cores": [{"region": "ru-1", "zone": "ru-1b", "value": 8}]}}}'

Token for Selectel Cloud Platform

It allows you to work directly with the Cloud platform resources themselves and OpenStack objects, for example, create cloud servers (virtual machines), volumes, and so on.

OpenStack Keystone tokens are used for authorization and working with the OpenStack API. OpenStack Keystone tokens are passed in the X-Auth-Token header.

Before obtaining the X-Auth-Token for the OpenStack API, create a project user and add it to the project using the Cloud Management API.

To obtain the X-Auth-Token, run a query like the following:

curl -i  -H "Content-Type: application/json" "https://api.selvpc.ru/identity/v3/auth/tokens" -d ' { "auth": { "identity": { "methods": ["password"], "password": { "user": { "name": "<name>",  "domain": { "name": "<id_selectel>" }, "password": "<password>" } } }, "scope": { "project": { "name": "<name>", "domain": { "name": "<id_selectel>"}}}}}'

Where:

  • password
    • user
      • name — the name of the user created in the project;
      • domain — login id (contract number) in the my.selectel.ru Control panel;
  • project: name — the name of the project;
  • https://api.selvpc.ru/identity/v3/auth/tokens — authorization URL.

If authorization is successful, the authorization service will receive a 201 Created response with the x-subject-token header, which will contain the token value for authorization in the OpenStack API, for example:

HTTP/2 201 
x-subject-token: gAABfAzrlSvxr8xoOJ89Q0k98WrZWLcQ

Further, you can work with the OpenStack API using the methods described in docs.openstack.org.

The type of api.selvpc.ru endpoints is different for each region — in the api.<region_name>.selvpc.ru format. To work with the OpenStack API in the ru-1 region, the endpoint should look like api.ru-1.selvpc.ru.

Example

To get a list of available server configurations (flavors) for the ru-3 region (api.ru-3.selvpc.ru endpoint), run:

curl -i -H "X-Auth-Token: <token_value>" -H "Content-Type: application/json" "https://api.ru-3.selvpc.ru/compute/v2.1/flavors" 

The response will contain objects of the available configurations of the following form:

{"availability_zones": ["ru-3a"], "name": "BL1.1-512", "links": [{"href": "https://api.ru-3.selvpc.ru/compute/v2.1/flavors/1000", "rel": "self"}, {"href": "https://api.ru-3.selvpc.ru/compute/flavors/1000", "rel": "bookmark"}], "ram": 512, "OS-FLV-DISABLED:disabled": false, "vcpus": 1, "extra_specs": {"hw:cpu_max_sockets": "2"}, "swap": "", "os-flavor-access:is_public": true, "rxtx_factor": 1.0, "OS-FLV-EXT-DATA:ephemeral": 0, "disk": 0, "id": "1000"}