API Usage Guidelines

Cloud APIs comply with the RESTful API design principles. REST-based web services are organized into resources. Each resource is identified by one or more Uniform Resource Identifiers (URIs). An application accesses a resource based on the resource's Unified Resource Locator (URL). A URL is usually in the following format: https://Endpoint/uri. In the URL, uri indicates the resource path, that is, the API access path.

Cloud APIs use HTTPS as the transmission protocol. Requests/Responses are transmitted by using JSON messages, with media type represented by Application/json.

  • The URL of APIs described in Cluster Management is in the format of https://Endpoint/uri. In the URL, uri indicates the resource path, that is, the API access path. Use X-Auth-Token as a header.

  • The URL of Kubernetes-native APIs described in Add-on Management and Kubernetes APIs is in the format of https://{clusterid}.Endpoint/uri. In the URL, {clusterid} indicates a cluster ID, and uri indicates the resource path, that is, the API access path. Use X-Auth-Token as a header.

  • The URL of Kubernetes-native APIs is in the format of https://{publicip}:5443/uri. In the URL, {publicip} indicates EIP of the cluster, and uri indicates the resource path, that is, the API access path. Use X-Remote-User or Authorization as a header.

    Before using X-Remote-User as a header, obtain the required certificate in advance. Two types of certificates are supported:

    • Self-owned certificate uploaded during cluster creation.

      image1

    • Cluster certificate generated and downloaded after cluster creation.

      image2

CCE provides two methods to authenticate requests for calling an API: token and AK/SK. Select an authentication method based on actual requirements. If token-based authentication is used, you can call service APIs by using either of the following methods after obtaining a token:

  • Method 1: Add X-Auth-Token to the request header and set X-Auth-Token: ${token} with the obtained IAM token.

  • Method 2: Add Authorization to the request header and set Authorization: Bearer ${token} with the obtained IAM token or token from Kubernetes service account.

  • Method 3: Add X-Remote-User to the request header and set X-Remote-User: user with a valid certificate.

Note

Method 3 requires that the CA root certificate must has been uploaded before you create a cluster on the CCE console.