Creating an API Access Rule

You can create a rule to allow access to the API from your account.

Creating an API Access Rule Using Cockpit v2

In the top right corner, click the icon.
A drop-down menu appears.
Click API Access Rules.
The list of your API access rules appears.
Click Create API Access Rule.
The CREATE API ACCESS RULE dialog box appears.
(optional) In the Description field, type a description for the API access rule.
In the IP range field, type the range of IPs for the API access rule, in CIDR notation.

If the button My IP does not work, check if a browser extension is blocking scripts on the page.
Click Create.
The API access rule is created.

Creating an API Access Rule Using OSC CLI

The CreateApiAccessRule command creates a rule to allow access to the API from your account.
You need to specify at least the CaIds or the IpRanges parameter.

By default, your account has a set of rules allowing global access, that you can delete.

For more information, see About API Access Rules.

Request sample: Creating an API access rule based on IPs

$ osc-cli api CreateApiAccessRule --profile "default" \
    --IpRanges '["192.0.2.0", "198.51.100.0/24"]' \
    --Description "Basic API Access Rule with IPs"

Request sample: Creating an API access rule based on IPs and Certificate Authority (CA)

$ osc-cli api CreateApiAccessRule --profile "default" \
    --IpRanges '["192.0.2.0", "198.51.100.0/24"]' \
    --CaIds '["ca-fedcba0987654321fedcba0987654321"]' \
    --Description "API Access Rule with IPs and CA"

Request sample: Example with login/password authentication

$ osc-cli api CreateApiAccessRule --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD" \
    --IpRanges '["192.0.2.0", "198.51.100.0/24"]' \
    --CaIds '["ca-fedcba0987654321fedcba0987654321"]' \
    --Description "API Access Rule with IPs and CA"

This command contains the following attributes that you need to specify:

CaIds: (optional) One or more IDs of Client Certificate Authorities (CAs).
Cns: (optional) One or more Client Certificate Common Names (CNs). If this parameter is specified, you must also specify the CaIds parameter.
Description: (optional) A description for the API access rule.
DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
IpRanges: (optional) One or more IPs or CIDR blocks (for example, 192.0.2.0/16).

The CreateApiAccessRule command returns the following elements:

ApiAccessRule: Information about the API access rule.
- ApiAccessRuleId: The ID of the API access rule.
- CaIds: One or more IDs of Client Certificate Authorities (CAs) used for the API access rule.
- Cns: One or more Client Certificate Common Names (CNs).
- Description: The description of the API access rule.
- IpRanges: One or more IP ranges used for the API access rule, in CIDR notation (for example, 192.0.2.0/16).
ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.

Result sample: Creating an API access rule based on IPs

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "ApiAccessRule": {
    "IpRanges": [
      "192.0.2.0",
      "198.51.100.0/24"
    ],
    "ApiAccessRuleId": "aar-fedcba0987654321fedcba0987654321",
    "CaIds": [],
    "Cns": [],
    "Description": "Basic API Access Rule with IPs"
  }
}

Result sample: Creating an API access rule based on IPs and Certificate Authority (CA)

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "ApiAccessRule": {
    "IpRanges": [
      "192.0.2.0",
      "198.51.100.0/24"
    ],
    "ApiAccessRuleId": "aar-fedcba0987654321fedcba0987654321",
    "CaIds": [
      "ca-fedcba0987654321fedcba0987654321"
    ],
    "Cns": [],
    "Description": "API Access Rule with IPs and CA"
  }
}

Creating an API Access Rule Using oapi-cli