Managing Your API Access Policy
You can manage the API access policy of your account to define a maximum possible lifetime that will apply to all your access keys. In that case, each of your access keys must imperatively have an expiration date, and none of the lifetimes can exceed the value of the maximum possible lifetime.
The limit allowed for the maximum possible lifetime is 3153600000 seconds (100 years). |
Managing Your API Access Policy Using OSC CLI
Getting Information About Your API Access Policy
The ReadApiAccessPolicy command gets information about the API access policy of your account.
For more information, see About Your API Access Policy.
$ osc-cli api ReadApiAccessPolicy --profile "default"
$ osc-cli api ReadApiAccessPolicy --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD"
This command contains the following attributes that you need to specify:
-
DryRun
: (optional) If true, checks whether you have the required permissions to perform the action.
The ReadApiAccessPolicy command returns the following elements:
-
ApiAccessPolicy
: Information about the API access policy.-
MaxAccessKeyExpirationSeconds
: The maximum possible lifetime for your access keys, in seconds. If0
, your access keys can have unlimited lifetimes. -
RequireTrustedEnv
: If true, a trusted session is activated, allowing you to bypass Certificate Authorities (CAs) enforcement. For more information, see About Your API Access Policy.
If this is enabled, it is required that you and all your users log in to Cockpit v2 using the WebAuthn method for multi-factor authentication. For more information, see About Authentication > Multi-Factor Authentication.
-
-
ResponseContext
: Information about the context of the response.-
RequestId
: The ID of the request.
-
{
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
},
"ApiAccessPolicy": {
"RequireTrustedEnv": false,
"MaxAccessKeyExpirationSeconds": 0
}
}
Modifying Your API Access Policy
The UpdateApiAccessPolicy command updates the API access policy of your account.
Only one API access policy can be associated with your account. |
$ osc-cli api UpdateApiAccessPolicy --profile "default" \
--MaxAccessKeyExpirationSeconds 31536000 \
--RequireTrustedEnv False
$ osc-cli api UpdateApiAccessPolicy --profile "default" \
--MaxAccessKeyExpirationSeconds 3153600000 \
--RequireTrustedEnv True
$ osc-cli api UpdateApiAccessPolicy --profile "default" \
--MaxAccessKeyExpirationSeconds 0 \
--RequireTrustedEnv False
$ osc-cli api UpdateApiAccessPolicy --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD" \
--MaxAccessKeyExpirationSeconds 0 \
--RequireTrustedEnv False
This command contains the following attributes that you need to specify:
-
DryRun
: (optional) If true, checks whether you have the required permissions to perform the action. -
MaxAccessKeyExpirationSeconds
: The maximum possible lifetime for your access keys, in seconds (between0
and3153600000
, both included). If set toO
, your access keys can have unlimited lifetimes, but a trusted session cannot be activated. Otherwise, all your access keys must have an expiration date. This value must be greater than the remaining lifetime of each access key of your account. -
RequireTrustedEnv
: If true, a trusted session is activated, provided that you specify theMaxAccessKeyExpirationSeconds
parameter with a value greater than0
.
Enabling this will require you and all your users to log in to Cockpit v2 using the WebAuthn method for multi-factor authentication. For more information, see About Authentication > Multi-Factor Authentication.
The UpdateApiAccessPolicy command returns the following elements:
-
ApiAccessPolicy
: Information about the API access policy.-
MaxAccessKeyExpirationSeconds
: The maximum possible lifetime for your access keys, in seconds. If0
, your access keys can have unlimited lifetimes. -
RequireTrustedEnv
: If true, a trusted session is activated, allowing you to bypass Certificate Authorities (CAs) enforcement. For more information, see About Your API Access Policy.
If this is enabled, it is required that you and all your users log in to Cockpit v2 using the WebAuthn method for multi-factor authentication. For more information, see About Authentication > Multi-Factor Authentication.
-
-
ResponseContext
: Information about the context of the response.-
RequestId
: The ID of the request.
-
{
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
},
"ApiAccessPolicy": {
"RequireTrustedEnv": false,
"MaxAccessKeyExpirationSeconds": 31536000
}
}
{
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
},
"ApiAccessPolicy": {
"RequireTrustedEnv": true,
"MaxAccessKeyExpirationSeconds": 3153600000
}
}
{
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
},
"ApiAccessPolicy": {
"RequireTrustedEnv": false,
"MaxAccessKeyExpirationSeconds": 0
}
}
Related Page
Corresponding API Methods