Service User Management API

Operations related to service user management.
Service Users are API-only users. Service Users are created in, and have access to, a single account. This account is the account associated with the API key that was used to create the Service User via the API. Owner and Cluster Admin level users in an account can create Service Users. The user who creates a Service User automatically becomes an Administrator of that Service User. Administrators of a Service User may invite additional Cluster Admin users to be Controllers of that user. Owner users in an account automatically have Administrator-level access to all Service Users in that account.
A Service User may not have multiple API keys of the same type, however an account can create multiple Service Users.

Get service users

SecurityBasic Authentication
Responses
200

Successfully retrieved service users' information

get/v1/service-users
Request samples
Response samples
application/json
[
  • {
    },
  • {
    }
]

Create a service user

This endpoint can be used to create a service user. The created service user will be under the account that the API key used is associated with. The requester user will be the administrator of the created service user.

SecurityBasic Authentication
Request
Request Body schema: application/json
username
required
string

Username of the service user. must be unique.

email
required
string

Email of the service user. must be unique (including aliases)

profile
required
string

Profile of the service user OWNER can manage clusters and users (excluding other service users) CLUSTER_ADMIN can manage clusters READ_ONLY can view clusters and access monitoring

displayName
string

Display name of the service user

object
Responses
201

Successfully created a service user

400

Request data is invalid

post/v1/service-users
Request samples
application/json
{
  • "username": "test_service_user",
  • "email": "test_service_user@test.com",
  • "profile": "READ_ONLY",
  • "displayName": "service user",
  • "validationMessages": {
    }
}
Response samples
application/json
{
  • "administrators": [
    ],
  • "apiKeys": {
    },
  • "displayName": "testservice",
  • "email": "testservice@test.com",
  • "role": "CLUSTER_ADMIN",
  • "username": "testservice"
}

Get a service user

SecurityBasic Authentication
Request
path Parameters
username
required
string

Username of the service user

Responses
200

Successfully retrieved a service user's information

get/v1/service-users/{username}
Request samples
Response samples
application/json
{
  • "administrators": [
    ],
  • "apiKeys": {
    },
  • "displayName": "testservice",
  • "email": "testservice@test.com",
  • "role": "CLUSTER_ADMIN",
  • "username": "testservice"
}

Update a service user

This endpoint can be used to update a service user's data. The updatable data are display name, role, and the administrators.

SecurityBasic Authentication
Request
path Parameters
username
required
string

Username of the service user

Request Body schema: application/json
displayName
string

Display name of the service user

profile
required
string

Profile of the service user OWNER can manage clusters and users (excluding other service users) CLUSTER_ADMIN can manage clusters READ_ONLY can view clusters and access monitoring

administrators
Array of strings

Administrators of the service user. Administrators are standard users that administer the service user. The administrators can perform operations such as update, manage API keys, and delete on service users they administer.

object
Responses
200

Successfully updated a service user

400

Request data is invalid

put/v1/service-users/{username}
Request samples
application/json
{
  • "displayName": "service user",
  • "profile": "READ_ONLY",
  • "administrators": [
    ],
  • "validationMessages": {
    }
}
Response samples
application/json
{
  • "administrators": [
    ],
  • "apiKeys": {
    },
  • "displayName": "testservice",
  • "email": "testservice@test.com",
  • "role": "CLUSTER_ADMIN",
  • "username": "testservice"
}

Deactivate a service user

SecurityBasic Authentication
Request
path Parameters
username
required
string

Username of the service user

Responses
204

Successfully deactivated a service user

delete/v1/service-users/{username}
Request samples

Generate a service user's API key

SecurityBasic Authentication
Request
path Parameters
username
required
string

Username of the service user

Request Body schema: application/json
apiKeyType
string

API resource of the service user to revoke / generate

object
Responses
200

Successfully generated an API key

400

Request data is invalid

post/v1/service-users/{username}/apikey
Request samples
application/json
{
  • "apiKeyType": "MONITORING",
  • "validationMessages": {
    }
}
Response samples
application/json
{
  • "account": "175dc592-26c2-4563-ac29-5d54e16aa344",
  • "apiKeyType": "MONITORING",
  • "cidrAllowList": [
    ],
  • "key": "1f396892fdfv65c0f57e95123b8cf9f7",
  • "username": "testapikeyserviceuser"
}

Revoke a service user's API key

SecurityBasic Authentication
Request
path Parameters
username
required
string

Username of the service user

Request Body schema: application/json
apiKeyType
string

API resource of the service user to revoke / generate

object
Responses
204

Successfully revoked an API key

400

Request data is invalid

delete/v1/service-users/{username}/apikey
Request samples
application/json
{
  • "apiKeyType": "MONITORING",
  • "validationMessages": {
    }
}
Response samples
application/json
{
  • "resource": "resource cannot be null."
}

Update API key's IP restrictions for the service user

SecurityBasic Authentication
Request
path Parameters
username
required
string

Username of the service user

apiKeyType
required
string

API resource of the service user to revoke / generate

Example: PROVISIONING
Request Body schema: application/json
cidrAllowList
Array of strings

List of IP restrictions for the API key

Responses
200

Successfully updated IP restrictions for an API key

400

Request data is invalid

put/v1/service-users/{username}/apikey/{apiKeyType}
Request samples
application/json
{
  • "cidrAllowList": [
    ]
}
Response samples
application/json
{
  • "apiKeyType": "apiKeyType cannot be null.",
  • "username": "username cannot be null."
}

Rotate service user's API key

SecurityBasic Authentication
Request
path Parameters
username
required
string

Username of the service user

apiKeyType
required
string

API resource of the service user to revoke / generate

Example: PROVISIONING
Responses
200

Successfully rotated an API key

400

Request data is invalid

post/v1/service-users/{username}/apikey/{apiKeyType}
Request samples
Response samples
application/json
{
  • "account": "175dc592-26c2-4563-ac29-5d54e16aa344",
  • "apiKeyType": "MONITORING",
  • "cidrAllowList": [
    ],
  • "key": "1f396892fdfv65c0f57e95123b8cf9f7",
  • "username": "testapikeyserviceuser"
}