Creating an API Access Rule
You can create a rule to allow access to the API from your account.
Creating an API Access Rule Using Cockpit v2
-
In the top right corner, click the icon.
A drop-down menu appears. -
Click API Access Rules.
The list of your API access rules appears. -
Click Create API Access Rule.
The CREATE API ACCESS RULE dialog box appears. -
(optional) In the Description field, type a description for the API access rule.
-
In the IP range field, type the range of IPs for the API access rule, in CIDR notation.
If the button My IP does not work, check if a browser extension is blocking scripts on the page.
-
Click Create.
The API access rule is created.
Creating an API Access Rule Using OSC CLI
The CreateApiAccessRule command creates a rule to allow access to the API from your account.
You need to specify at least the CaIds
or the IpRanges
parameter.
By default, your account has a set of rules allowing global access, that you can delete. For more information, see About API Access Rules. |
$ osc-cli api CreateApiAccessRule --profile "default" \
--IpRanges '["192.0.2.0", "198.51.100.0/24"]' \
--Description "Basic API Access Rule with IPs"
$ osc-cli api CreateApiAccessRule --profile "default" \
--IpRanges '["192.0.2.0", "198.51.100.0/24"]' \
--CaIds '["ca-fedcba0987654321fedcba0987654321"]' \
--Description "API Access Rule with IPs and CA"
$ osc-cli api CreateApiAccessRule --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD" \
--IpRanges '["192.0.2.0", "198.51.100.0/24"]' \
--CaIds '["ca-fedcba0987654321fedcba0987654321"]' \
--Description "API Access Rule with IPs and CA"
This command contains the following attributes that you need to specify:
-
CaIds
: (optional) One or more IDs of Client Certificate Authorities (CAs). -
Cns
: (optional) One or more Client Certificate Common Names (CNs). If this parameter is specified, you must also specify theCaIds
parameter. -
Description
: (optional) A description for the API access rule. -
DryRun
: (optional) If true, checks whether you have the required permissions to perform the action. -
IpRanges
: (optional) One or more IPs or CIDR blocks (for example,192.0.2.0/16
).
The CreateApiAccessRule command returns the following elements:
-
ApiAccessRule
: Information about the API access rule.-
ApiAccessRuleId
: The ID of the API access rule. -
CaIds
: One or more IDs of Client Certificate Authorities (CAs) used for the API access rule. -
Cns
: One or more Client Certificate Common Names (CNs). -
Description
: The description of the API access rule. -
IpRanges
: One or more IP ranges used for the API access rule, in CIDR notation (for example,192.0.2.0/16
).
-
-
ResponseContext
: Information about the context of the response.-
RequestId
: The ID of the request.
-
{
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
},
"ApiAccessRule": {
"IpRanges": [
"192.0.2.0",
"198.51.100.0/24"
],
"ApiAccessRuleId": "aar-fedcba0987654321fedcba0987654321",
"CaIds": [],
"Cns": [],
"Description": "Basic API Access Rule with IPs"
}
}
{
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
},
"ApiAccessRule": {
"IpRanges": [
"192.0.2.0",
"198.51.100.0/24"
],
"ApiAccessRuleId": "aar-fedcba0987654321fedcba0987654321",
"CaIds": [
"ca-fedcba0987654321fedcba0987654321"
],
"Cns": [],
"Description": "API Access Rule with IPs and CA"
}
}
Related Pages
Corresponding API Method