Authorization

A Keystone token or a Selectel token (API key) are used to work with the Selectel products API.

If you are using Windows, replace single quotes (’’) with double quotes ("") in your queries.

You can restrict API access to addresses that include https://api.selectel.ru.

Keystone token

A Keystone token can only be issued to a service user.

The Keystone token provides access to manage most Selectel products and OpenStack API objects in the same way as a login and password in my.selectel.ru Control panel.

The Keystone token allows you to manage:

You can issue a token:

The token is passed in the X-Auth-Token header in each query. The token is valid for 24 hours.

Obtain Keystone token

URL: cloud.api.selcloud.ru

Account token

Tokens can be issued to service users with the following roles:

  • Account administrator;
  • Billing administrator;
  • User administrator;
  • Account viewer.

Learn more in User types and roles.

  1. Run the following query:

    curl -i -XPOST \
-H 'Content-Type: application/json' \
-d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"<username>","domain":{"name":"<account_id>"},"password":"<password>"}}},"scope":{"domain":{"name":"<account_id>"}}}}' \
https://cloud.api.selcloud.ru/identity/v3/auth/tokens

    Specify:

    • <username> — the name of the service user. You can view the name in the Control panel: open the menu in the upper right corner and go to → Profile and settingsUser managementService users tab (this section is available only to the Account owner and User administrator);
    • <account_id> — account number in the Control panel;
    • <password> — service user password. You can view it when creating a user or change it to a new one.

    A successful authorization will return a response with the code 201 Created in the following format:

    HTTP/2 201 
X-Subject-Token: token

  2. You will see the token for authorization in the OpenStack API in the X-Subject-Token header.

Project token

Tokens can be issued to service users with the following roles:

  • Account administrator;
  • Billing administrator;
  • User administrator;
  • Account viewer;
  • Project administrator;
  • Project viewer.

Learn more in User types and roles.

  1. Run the following query:

    curl -i -XPOST \
-H 'Content-Type: application/json' \
-d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"<username>","domain":{"name":"<account_id>"},"password":"<password>"}}},"scope":{"project":{"name":"<project_name>","domain":{"name":"<account_id>"}}}}}' \
https://cloud.api.selcloud.ru/identity/v3/auth/tokens

    Specify:

    • <username> — the name of the service user. You can view the name in the Control panel: open the menu in the upper right corner and go to → Profile and settingsUser managementService users tab (this section is available only to the Account owner and User administrator);
    • <account_id> — account number in the Control panel;
    • <password> — service user password. You can view it when creating a user or change it to a new one;
    • <project_name> — project name.

    A successful authorization will return a response with the code 201 Created in the following format:

    HTTP/2 201 
X-Subject-Token: token

  2. You will see the Keystone token in the X-Subject-Token header.

Selectel token (API key)

The Selectel token (API key) can only be issued to a Control panel user.

The Selectel token provides access to manage all Selectel products, except for OpenStack API objects, along with a login and password in my.selectel.ru Control panel.

For products that do not support the Keystone token, the Selectel token is the only token:

The Selectel token is passed in the query in the X-Token header. The lifetime of the token is unlimited.

Obtain Selectel token

  1. Open the menu in the upper right corner in the Control panel and select Profile and settings.
  2. Go to API keys.
  3. Click Add key.
  4. Enter the key name and click Create.