Authorization
A Keystone token or a Selectel token (API key) are used to work with the Selectel products API.
If you are using Windows, replace single quotes (’’
) with double quotes (""
) in your queries.
You can restrict API access to addresses that include https://api.selectel.ru.
Keystone token
A Keystone token can only be issued to a service user.
The Keystone token provides access to manage most Selectel products and OpenStack API objects in the same way as a login and password in my.selectel.ru Control panel.
The Keystone token allows you to manage:
- balance and consumption;
- users (IAM);
- dedicated servers;
- OpenStack API objects (cloud servers, network volumes, and others), learn more in the OpenStack documentation;
- Cloud platform (Managed Databases, Managed Kubernetes, Container Registry, Serverless, Secrets manager);
- Object storage (Swift API and Selectel Storage API);
- CDN;
- DNS hosting.
You can issue a token:
- for the account to manage all account resources except for project resources;
- for the project to manage its resources.
The token is passed in the X-Auth-Token
header in each query. The token is valid for 24 hours.
Obtain Keystone token
URL: cloud.api.selcloud.ru
Account token
Tokens can be issued to service users with the following roles:
- Account administrator;
- Billing administrator;
- User administrator;
- Account viewer.
Learn more in User types and roles.
-
Run the following query:
curl -i -XPOST \ -H 'Content-Type: application/json' \ -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"<username>","domain":{"name":"<account_id>"},"password":"<password>"}}},"scope":{"domain":{"name":"<account_id>"}}}}' \ 'https://cloud.api.selcloud.ru/identity/v3/auth/tokens'
Specify:
<username>
— the name of the service user. You can view the name in the Control panel: open the menu in the upper right corner and go to → Profile and settings → User management → Service users tab (this section is available only to the Account owner and User administrator);<account_id>
— account number in the Control panel;<password>
— service user password. You can view it when creating a user or change it to a new one.
A successful authorization will return a response with the code
201 Created
in the following format:HTTP/2 201 X-Subject-Token: token
-
You will see the token for authorization in the OpenStack API in the
X-Subject-Token
header.
Project token
Tokens can be issued to service users with the following roles:
- Account administrator;
- Billing administrator;
- User administrator;
- Account viewer;
- Project administrator;
- Project viewer.
Learn more in User types and roles.
-
Run the following query:
curl -i -XPOST \ -H 'Content-Type: application/json' \ -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"<username>","domain":{"name":"<account_id>"},"password":"<password>"}}},"scope":{"project":{"name":"<project_name>","domain":{"name":"<account_id>"}}}}}' \ 'https://cloud.api.selcloud.ru/identity/v3/auth/tokens'
Specify:
<username>
— the name of the service user. You can view the name in the Control panel: open the menu in the upper right corner and go to → Profile and settings → User management → Service users tab (this section is available only to the Account owner and User administrator);<account_id>
— account number in the Control panel;<password>
— service user password. You can view it when creating a user or change it to a new one;<project_name>
— project name.
A successful authorization will return a response with the code
201 Created
in the following format:HTTP/2 201 X-Subject-Token: token
-
You will see the Keystone token in the
X-Subject-Token
header.
Selectel token (API key)
The Selectel token (API key) can only be issued to a Control panel user.
The Selectel token provides access to manage all Selectel products, except for OpenStack API objects, along with a login and password in my.selectel.ru Control panel.
For products that do not support the Keystone token, the Selectel token is the only token:
The Selectel token is passed in the query in the X-Token
header. The lifetime of the token is unlimited.
Obtain Selectel token
- Open the menu in the upper right corner in the Control panel and select Profile and settings.
- Go to API keys.
- Click Add key.
- Enter the key name and click Create.