API Overview
You can use all functions of DEW by using the APIs provided by DEW and the performance parameters corresponding to the APIs.
Performance parameter types include shared traffic control and basic traffic control.
- Shared traffic control: APIs share the traffic.
- Basic traffic control: Only the current APIs can use the traffic.
Generally, APIs share the traffic unless labeled as basic traffic control. For example, secret version creation APIs share the traffic.
|
Type |
Description |
|---|---|
|
Key Management APIs |
Create, query, modify, and delete keys. |
|
Secret management APIs |
Create, query, modify, and delete secrets. |
|
Key Pair Management APIs |
(Latest API version) Create, query, modify, and delete key pairs. |
|
Historical Global |
(V2.1 and V2 API versions) Create, query, modify, and delete key pairs. |
Key Management APIs
|
Type |
Name |
Description |
Performance |
|---|---|---|---|
|
Global API version query |
Obtain the API version list. |
- |
|
|
Query a specified API version. |
|||
|
Lifecycle management |
Create a CMK, which can be symmetric or asymmetric. |
20 times per second for a single user 100 times per second globally |
|
|
Enable a key, which can only be used after being enabled. |
|||
|
Disable a CMK. A disabled CMK cannot be used. |
|||
|
Schedule a deletion task for a specified key. The deletion can be scheduled 7 to 1,096 days in advance. After a key is deleted, the data encrypted using the key cannot be decrypted. |
|||
|
Cancel a scheduled deletion of a key. Once the deletion is cancelled, the key can be used. |
|||
|
Change the alias of a CMK. |
|||
|
Change the description of a CMK. |
|||
|
Data encryption key (DEK) management |
Generate a random number that is 8 bits to 8,192 bits long. |
800 times per second for a single user 10,00 times per second globally |
|
|
Create a DEK. The returned result includes the plaintext and the ciphertext of a DEK. |
|||
|
Create a plaintext-free DEK. The returned result includes only the plaintext of a DEK. |
|||
|
Use a specified CMK to encrypt a DEK. |
|||
|
Use a specified CMK to decrypt a DEK. |
|||
|
Key import management |
Obtain necessary parameters to import a key, including an import token and a public key. |
20 times per second for a single user 100 times per second globally |
|
|
Import the material of a key. |
|||
|
Delete the material of a key. |
|||
|
Authorization management |
Grant a user with key operation permissions. |
20 times per second for a single user 100 times per second globally |
|
|
Revoke the key operation permissions granted to a user. |
|||
|
Retire the granted key operation permissions. |
|||
|
Query grants on a CMK. |
|||
|
Query grants that can be retired. |
|||
|
Small-size data encryption and decryption |
Use a specified CMK to encrypt data. |
20 times per second for a single user 100 times per second globally |
|
|
Decrypt data. |
|||
|
Signature and verification |
Digitally sign a message or message digest using the private key of an asymmetric key. |
300 times per second for a single user 500 times per second globally |
|
|
Verify the signature of a message or message digest using the public key of an asymmetric key. |
|||
|
Rotation management |
Enable the rotation of a CMK. Default master keys and imported keys cannot be rotated. |
20 times per second for a single user 100 times per second globally |
|
|
Disable the rotation of a CMK. |
|||
|
Change the rotation interval for a CMK. |
|||
|
Query the rotation status of a CMK. |
|||
|
Tag management |
Use tag filtering to query the detailed information of a CMK. |
20 times per second for a single user 100 times per second globally |
|
|
Query tags of a CMK. |
|||
|
Query all tag sets of a project. |
|||
|
Add or delete CMK tags in batches. |
|||
|
Add a tag to a CMK. |
|||
|
Delete a tag from a CMK. |
|||
|
Query |
Obtain the list of all CMKs. |
160 times per second for a single user 200 times per second globally |
|
|
Query details of a specified key. |
|||
|
Obtain the number of created CMKs, excluding the default master keys. |
80 times per second for a single user 200 times per second globally |
||
|
Query the total quota of CMKs available and the usage information, excluding the default master keys. |
CSMS APIs
|
Type |
Name |
Description |
Quota |
|---|---|---|---|
|
Lifecycle management |
Create a secret and stores the secret value in the initial secret version. |
300 times per minute for a single user 4,800 times per minute globally |
|
|
Query all the secrets created by the current user in the current project. |
100 times per second for a single user 200 times per second globally |
||
|
Query a specified secret. |
1,200 times per minute for a single user 4,800 times per minute globally |
||
|
Update the metadata of a specified secret. |
300 times per minute for a single user 4,800 times per minute globally |
||
|
Delete a specified secret. The deleted secret cannot be restored. |
|||
|
Restore a secret by uploading the secret backup file. |
|||
|
Download the backup file of a specified secret. |
|||
|
Create a scheduled task to delete a secret after 7 to 30 days. |
|||
|
Cancel the scheduled deletion task of a secret. The secret will be changed to the available state. |
|||
|
Execute rotation for a secret immediately. Create a new version of a secret to encrypt to encrypt and keep the generated random secret value. The created secret version is in SYSCURRENT state. |
|||
|
Secret version management |
Create a new version of a secret to encrypt and keep the new value of the secret. By default, the created secret version in SYSCURRENT state. The previous version is in SYSPREVIOUS state. You can configure VersionStage to overwrite the default settings. |
Basic traffic control: 80 times per second for a single user 200 times per second globally 80 times per second for applications 80 times per second for IP addresses |
|
|
Query the version list of a specific secret. |
300 times per minute for a single user 4,800 times per minute globally |
||
|
Currently, only the version validity period of a secret whose status is ENABLED can be updated. If the associated subscription events include version expired events, only one notification is triggered each time the version validity period is updated. |
|||
|
Query the information about a specified secret version and the plaintext secret value in the version. Only secrets in Enabled state can be queried. The value of the latest secret version can be obtained via /v1/{project_id}/secrets/{secret_name}/versions/latest. (Set the {version_id} in the URL of the current API to latest). |
Basic traffic control: 160 times per second for a single user 200 times per second globally 160 times per second for applications 160 times per second for IP addresses |
||
|
Secret version status management |
Update the version status of a secret. |
300 times per minute for a single user 4,800 times per minute globally |
|
|
Query the version of a specified secret version status tag. |
|||
|
Delete the status of a specified secret version. |
|||
|
Secret tag management |
Query a secret instance. Filter user secrets by tag and returns the secret list. |
300 times per minute for a single user 4,800 times per minute globally |
|
|
Add or delete secret tags in batches. |
|||
|
Query secret tags. |
|||
|
Add a secret tag. |
|||
|
Delete a secret tag. |
|||
|
Query all secret tags of a user in a specified project. |
|||
|
Incidents |
Create an event that can be configured on one or more secrets. When an event is enabled and the basic event type contained in the event is triggered on the secret, the cloud service sends the corresponding event notification to the notification topic specified by the event. |
300 times per minute for a single user 4,800 times per minute globally |
|
|
Query information about a specified event. |
|||
|
Query all events created by the current user in the project. |
|||
|
Update the metadata of a specified event. The following metadata can be updated: event enabling status, basic type list, and notification topic. |
|||
|
Delete a specified event. The deleted event cannot be restored. An event cannot be deleted if it is referenced by a secret. Disassociate the event from the secret. |
|||
|
Query all event notification records triggered in the last three months. |
SSH Key Pair Management APIs
|
Type |
Name |
Description |
Quota |
|---|---|---|---|
|
Key pair management |
Create and import an SSH key pair. |
300 times per minute for a single user 4,800 times per minute globally |
|
|
Delete the private key of an SSH key pair. |
|||
|
Query the list of SSH key pairs. |
Basic traffic control: 160 times per second for a single user 200 times per second globally 160 times per second for applications 160 times per second for IP addresses |
||
|
Query details about an SSH key pair. |
|||
|
Delete an SSH key pair. |
300 times per minute for a single user 4,800 times per minute globally |
||
|
Update the description about an SSH key pair. |
|||
|
Import a private key to a specified key pair. |
|||
|
Export the private key of a specified key pair. |
|||
|
Key pair task management |
Bind an SSH key pair to a specified VM. The private key of the SSH key pair for the VM is required if you want to replace the key pair, but not required if you want to reset the key pair. |
300 times per minute for a single user 4,800 times per minute globally |
|
|
Unbind an SSH key pair from a specified VM and restores SSH password login. |
|||
|
Bind SSH key pairs in batches to a specified VM. |
Basic traffic control: 10 times per minute for a single user 20 times per minute globally 10 times per minute for applications 10 times per minute for IP addresses |
||
|
Query the execution status of the current task based on the task ID returned by the SSH key pair API. |
300 times per minute for a single user 4,800 times per minute globally |
||
|
Query running tasks. |
|||
|
Query information about failed tasks, such as binding and unbinding tasks. |
|||
|
Delete information about failed tasks. |
|||
|
Delete failed tasks. |
Global History
|
Global Type |
Description |
|---|---|
|
Key pair management APIs (V2.1) |
Query the list of key pairs. |
|
Query details of a key pair. |
|
|
Create and import a key pair. You can manage the private keys on the cloud. |
|
|
Delete an SSH key pair based on the key pair name. |
|
|
Modify description of a key pair of a specified name. |
|
|
Key pair management APIs (V2.0) |
Query the list of key pairs. |
|
Query a key pair by its name. |
|
|
Create a key pair or import a public key to the cloud to generate a key pair. After an SSH key pair is created, you need to download the private key to a local directory. Then, you can use the private key to log in to an ECS. For ECS security purposes, the private key can be downloaded only once. Keep it secure. |
|
|
Delete an SSH key pair based on the key pair name. |
|
|
A tenant may contain multiple users. This API is used to copy the key pair from the target user to the current user under the same tenant account. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
