API Overview
You can use all functions of DEW by using the APIs provided by DEW and the performance parameters corresponding to the APIs.
Performance parameter types include shared traffic control and basic traffic control.
- Shared traffic control: APIs share the traffic.
- Basic traffic control: Only the current APIs can use the traffic.
Generally, APIs share the traffic unless labeled as basic traffic control. For example, secret version creation APIs share the traffic.
|
Type |
Description |
|---|---|
|
Key Management APIs |
Create, query, modify, and delete keys. |
|
Secret management APIs |
Create, query, modify, and delete secrets. |
|
Key Pair Management APIs |
(Latest API version) Create, query, modify, and delete key pairs. |
|
Historical Global |
(V2.1 and V2 API versions) Create, query, modify, and delete key pairs. |
Key Management APIs
|
Type |
Name |
Description |
Performance |
|---|---|---|---|
|
Global API version query |
Querying all API versions |
Obtain the API version list. |
- |
|
Querying a specified API version |
Query a specified API version. |
||
|
Lifecycle management |
Creating a key |
Create a CMK, which can be symmetric or asymmetric. |
20 times per second for a single user 100 times per second globally |
|
Enabling a key |
Enable a key, which can only be used after being enabled. |
||
|
Disabling a key |
Disable a CMK. A disabled CMK cannot be used. |
||
|
Scheduling the deletion of a key |
Schedule a deletion task for a specified key. The deletion can be scheduled 7 to 1,096 days in advance. After a key is deleted, the data encrypted using the key cannot be decrypted. |
||
|
Canceling the scheduled deletion of a key |
Cancel a scheduled deletion of a key. Once the deletion is cancelled, the key can be used. |
||
|
Modifying the key alias |
Change the alias of a CMK. |
||
|
Modifying the key description |
Change the description of a CMK. |
||
|
Data encryption key (DEK) management |
Generating a random number |
Generate a random number that is 8 bits to 8,192 bits long. |
800 times per second for a single user 10,00 times per second globally |
|
Creating a DEK |
Create a DEK. The returned result includes the plaintext and the ciphertext of a DEK. |
||
|
Creating a plaintext-free DEK |
Create a plaintext-free DEK. The returned result includes only the plaintext of a DEK. |
||
|
Encrypting a DEK |
Use a specified CMK to encrypt a DEK. |
||
|
Decrypting a DEK |
Use a specified CMK to decrypt a DEK. |
||
|
Key import management |
Obtaining parameters for importing a key |
Obtain necessary parameters to import a key, including an import token and a public key. |
20 times per second for a single user 100 times per second globally |
|
Importing key materials |
Import the material of a key. |
||
|
Deleting key materials |
Delete the material of a key. |
||
|
Authorization management |
Creating a grant |
Grant a user with key operation permissions. |
20 times per second for a single user 100 times per second globally |
|
Revoking a grant |
Revoke the key operation permissions granted to a user. |
||
|
Retiring a grant |
Retire the granted key operation permissions. |
||
|
Obtaining the grants |
Obtain the grants on a key. |
||
|
Obtaining the grants that can be retired |
Obtain the grants that can be retired. |
||
|
Small-volume data encryption and decryption |
Data encryption |
Use a specified CMK to encrypt data. |
20 times per second for a single user 100 times per second globally |
|
Data decryption |
Decrypt data. |
||
|
Signature and verification |
Signing data |
Digitally sign a message or message digest using the private key of an asymmetric key. |
300 times per second for a single user 500 times per second globally |
|
Signature verification |
Verify the signature of a message or message digest using the public key of an asymmetric key. |
||
|
Rotation management |
Enabling key rotation |
Enable the rotation of a CMK. Default master keys and imported keys cannot be rotated. |
20 times per second for a single user 100 times per second globally |
|
Disabling key rotation |
Disable the rotation of a CMK. |
||
|
Modifying the rotation interval |
Change the rotation interval for a CMK. |
||
|
Querying the key rotation status |
Query the rotation status of a CMK. |
||
|
Tag management |
Querying key instances |
Use tag filtering to query the detailed information of a CMK. |
20 times per second for a single user 100 times per second globally |
|
Querying key tags |
Query tags of a specified key. |
||
|
Querying project tags |
Query all tag sets of a project. |
||
|
Adding or deleting key tags in batches |
Add or delete key tags in batches. |
||
|
Adding key tags |
Add tags to a key. |
||
|
Deleting key tags |
Delete tags from a key. |
||
|
Query |
Obtaining the key list |
Obtain the list of all keys. |
160 times per second for a single user 200 times per second globally |
|
Obtaining key details |
Obtain details of a specified key. |
||
|
Obtaining the number of instances |
Obtain the number of created CMKs, excluding the default master keys. |
80 times per second for a single user 200 times per second globally |
|
|
Querying quotas |
Query the total quota of CMKs available and the usage information, excluding the default master keys. |
CSMS APIs
|
Type |
Name |
Description |
Quota |
|---|---|---|---|
|
Lifecycle management |
Creating a secret |
Create a secret and stores the secret value in the initial secret version. |
300 times per minute for a single user 4,800 times per minute globally |
|
Obtaining the secret list |
Obtain all the secrets created by the current user in the current project. |
100 times per second for a single user 200 times per second globally |
|
|
Querying a secret |
Query a specified secret. |
1,200 times per minute for a single user 4,800 times per minute globally |
|
|
Updating a secret |
Update the metadata of a specified secret. |
300 times per minute for a single user 4,800 times per minute globally |
|
|
Deleting a secret immediately |
Delete a specified secret. The deleted secret cannot be restored. |
||
|
Restoring a secret |
Restore a secret by uploading the secret backup file. |
||
|
Downloading a secret backup |
Download the backup file of a specified secret. |
||
|
Creating a scheduled secret deletion task |
Create a scheduled task to delete a secret after 7 to 30 days. |
||
|
Canceling a scheduled secret deletion task |
Cancel the scheduled deletion task of a secret. The secret will be changed to the available state. |
||
|
Secret rotation |
Execute rotation for a secret immediately. Create a new version for the specified secret to encrypt and store the generated random secret values. The created secret version is in SYSCURRENT state. |
||
|
Secret version management |
Creating a secret version |
Create a new version for the specified secret to encrypt and store the new value of the secret. By default, the created secret version in SYSCURRENT state. The previous version is in SYSPREVIOUS state. You can configure VersionStage to overwrite the default settings. |
Basic traffic control: 80 times per second for a single user 200 times per second globally 80 times per second for applications 80 times per second for IP addresses |
|
Obtaining the secret version list |
Obtain the version list of a specific secret. |
300 times per minute for a single user 4,800 times per minute globally |
|
|
Updating the secret version |
Currently, only the version validity period of a secret whose status is ENABLED can be updated. If the associated subscription events include version expired events, only one notification is triggered each time the version validity period is updated. |
||
|
Querying the secret version and value |
Query the information about a specified secret version and the plaintext secret value in the version. Only secrets in Enabled state can be queried. The value of the latest secret version can be obtained via /v1/{project_id}/secrets/{secret_name}/versions/latest. (Set the {version_id} in the URL of the current API to latest). |
Basic traffic control: 160 times per second for a single user 200 times per second globally 160 times per second for applications 160 times per second for IP addresses |
|
|
Secret version status management |
Updating the version status of a secret |
Update the version status of a secret. |
300 times per minute for a single user 4,800 times per minute globally |
|
Querying the version status of a secret |
Query the version of a specified secret version status tag. |
||
|
Deleting the version status of of a secret |
Delete the status of a specified secret version. |
||
|
Secret tag management |
Querying a secret instance |
Query a secret instance. Filter user secrets by tag and returns the secret list. |
300 times per minute for a single user 4,800 times per minute globally |
|
Adding or deleting secret tags in batches |
Add or delete secret tags in batches. |
||
|
Querying secret tags |
Query secret tags. |
||
|
Adding a secret tag |
Add a secret tag. |
||
|
Deleting a secret tag |
Delete a secret tag. |
||
|
Querying project tags |
Query all secret tags of a user in a specified project. |
||
|
Event management |
Creating an event |
Create an event that can be configured on one or more secrets. When an event is enabled and the basic event type contained in the event is triggered on the secret, the cloud service sends the corresponding event notification to the notification topic specified by the event. |
300 times per minute for a single user 4,800 times per minute globally |
|
Querying an event |
Query information about a specified event. |
||
|
Obtaining the event list |
Obtain all events created by the current user in the project. |
||
|
Updating an event |
Update the metadata of a specified event. The following metadata can be updated: event enabling status, basic type list, and notification topic. |
||
|
Deleting an event immediately |
Delete a specified event. The deleted event cannot be restored. An event cannot be deleted if it is referenced by a secret. Disassociate the event from the secret. |
||
|
Querying the record of triggered event notifications |
Query all event notification records triggered in the last three months. |
SSH Key Pair Management APIs
|
Type |
Name |
Description |
Quota |
|---|---|---|---|
|
Key pair management |
Creating and importing an SSH key pair |
Create and import an SSH key pair. |
300 times per minute for a single user 4,800 times per minute globally |
|
Clearing a private key |
Delete the private key of an SSH key pair. |
||
|
Obtaining SSH key pairs |
Obtain the list of SSH key pairs. |
Basic traffic control: 160 times per second for a single user 200 times per second globally 160 times per second for applications 160 times per second for IP addresses |
|
|
Obtaining details about an SSH key pair |
Obtain details about an SSH key pair. |
||
|
Deleting an SSH key pair |
Delete an SSH key pair. |
300 times per minute for a single user 4,800 times per minute globally |
|
|
Updating the description about an SSH key pair |
Update the description about an SSH key pair. |
||
|
Importing a private key |
Import a private key to a specified key pair. |
||
|
Exporting a private key |
Export the private key of a specified key pair. |
||
|
Key pair task management |
Binding an SSH key pair |
Bind an SSH key pair to a specified VM. The private key of the SSH key pair for the VM is required if you want to replace the key pair, but not required if you want to reset the key pair. |
300 times per minute for a single user 4,800 times per minute globally |
|
Unbinding an SSH key pair |
Unbind an SSH key pair from a specified VM and restores SSH password login. |
||
|
Binding SSH key pairs in batches |
Bind SSH key pairs in batches to a specified VM. |
Basic traffic control: 10 times per minute for a single user 20 times per minute globally 10 times per minute for applications 10 times per minute for IP addresses |
|
|
Obtaining task information |
Obtain the execution status of the current task based on the task ID returned by the SSH key pair API. |
300 times per minute for a single user 4,800 times per minute globally |
|
|
Querying running tasks |
Query running tasks. |
||
|
Querying failed tasks |
Query information about failed tasks, such as binding and unbinding tasks. |
||
|
Deleting all failed tasks |
Delete information about failed tasks. |
||
|
Deleting failed tasks |
Delete failed tasks. |
Global History
|
Global Type |
Description |
|---|---|
|
Key pair management APIs (V2.1) |
Query the list of key pairs. |
|
Query details of a key pair. |
|
|
Create and import a key pair. You can manage the private keys on the cloud. |
|
|
Delete an SSH key pair based on the key pair name. |
|
|
Modify description of a key pair of a specified name. |
|
|
Key pair management APIs (V2.0) |
Query the list of key pairs. |
|
Query a key pair by its name. |
|
|
Create a key pair or import a public key to the cloud to generate a key pair. After an SSH key pair is created, you need to download the private key to a local directory. Then, you can use the private key to log in to an ECS. For ECS security purposes, the private key can be downloaded only once. Keep it secure. |
|
|
Delete an SSH key pair based on the key pair name. |
|
|
A tenant may contain multiple users. This API is used to copy the key pair from the target user to the current user under the same tenant account. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
