Sub Account overview
- Print
- PDF
Sub Account overview
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Available in Classic and VPC
Sub Account is a NAVER Cloud Platform service that provides sub accounts to enable multiple users to use and manage the same resources. The Sub Account service provides APIs for sub accounts, groups, policies, roles, and external access in the form of RESTful.
Common Sub Account settings
The following describes commonly used request and response formats in Sub Account APIs.
Request
The following describes the common request format.
API URL
The request API URL is as follows.
Sub accounts, groups, policies, roles: https://subaccount.apigw.ntruss.com
External access permissions: https://externalaccess.apigw.ntruss.com
Request headers
The following describes the headers.
| Field | Required | Description |
|---|---|---|
x-ncp-apigw-timestamp | Required | This is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC
|
x-ncp-iam-access-key | Required | Access key issued on NAVER Cloud Platform
|
x-ncp-apigw-signature-v2 | Required | Base64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256)
|
Accept | Optional | Response data format
|
Content-type | Optional | Request data format
|
Response
The following describes the common response format.
Response data type
The following describes the common response date types.
ProcessResult
ProcessResult defines the API processing result. The following describes ProcessResult.
| Field | Type | Required | Description |
|---|---|---|---|
success | Boolean | Required | API processing result
|
id | String | Optional | Creation/modification result ID
|
message | String | Optional | API processing result message |
The following is a sample syntax and response of ProcessResult.
- Syntax
ProcessResult { Boolean success; String id; String message; } - Examples
{ "id": "", "success": true }
ErrorResponse
ErrorResponse defines the details of a failure when an API call fails. The following describes ErrorResponse.
| Field | Type | Required | Description |
|---|---|---|---|
| errorCode | Integer | Required | Required |
| message | String | Required | String |
The following is a sample syntax and response of ErrorResponse.
- Syntax
ErrorResponse { int errorCode; String message; } - Examples
{ "errorCode": 9011, "message": "The role name already exists." }
Response status codes
The following describes the response status codes.
| HTTP status code | Code | Message | Description |
|---|---|---|---|
| 200 | - | Maximum limit exceeded. | Maximum allowable value exceeded |
| 400 | 120 | Duplicate ID. Please enter a different ID. | Duplicate ID entered |
| 400 | 30 | Invalid subAccountId. | Non-existent sub account ID entered |
| 400 | 30 | The groupNo is invalid. | Non-existent group ID entered |
| 400 | 400 | Request format is not json | Input value format error |
| 400 | 400 | sessionExpirationDays is required, Request format is not json | Parameter input error |
| 400 | 400 | A maximum of 100 IP bands can be access restricted. | Maximum number of IP bands available exceeded
|
| 400 | 400 | Enter the role name: [roleName]. | Role name missing
|
| 400 | 400 | Enter a role name between 3 and 100 characters. : [roleName] | Role name character count error |
| 400 | 400 | Specify the role type: [roleType]. | Role type input error
|
| 400 | 400 | Invalid role type. | Role type input error
|
| 400 | 400 | isMyAccount is missing. : [isMyAccount] | isMyAccount parameter missing |
| 400 | 9001 | Enter the account name. | Account name missing or error |
| 400 | 9001 | Enter the login ID. | Login ID input required |
| 400 | 9002 | When the role type is Server, the session expiration time is not allowed. | Parameter input error
|
| 400 | 9002 | The session expiration time can only be set to [600, 1800, 3600, 10800] seconds. | Session expiration time input error |
| 400 | 9010 | Letters, numbers, and special characters ".", "_", and "-" are allowed, and you must enter a string that starts with a letter and is between 3 and 100 characters long. | Input value error
|
| 400 | 9010 | English lowercase letters and numbers are allowed. Enter between 3 and 20 characters. | URL format error
|
| 400 | 9011 | The role name already exists. | Role name already in use entered |
| 400 | 9015 | Unsafe password. | Unavailable password entered |
| 400 | 904 | Invalid API key. | Non-existent access key entered |
| 401 | 30 | Invalid subAccountId. | Non-existent sub account ID entered |
| 404 | 30 | Invalid idNo. | Non-existent sub account ID entered |
| 404 | 30 | Invalid roleNo. | Non-existent role ID entered |
| 404 | 404 | This policy isn't registered. | Non-existent policy ID entered |
| 404 | 910 | There is an entity that does not match the role. | Application subject not matching role type |
| 409 | 9012 | The number of entities that can be registered in the target role has been exceeded. | Role application target exceeds the allowed number |
| 409 | 9012 | Maximum limit exceeded. | Maximum allowable value exceeded |
| 500 | 500 | Internal Server Error | Internal server error |
Note
For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.
Sub Account API
The following describes the APIs provided by the Sub Account service.
Sub account
The following describes the sub account-related APIs.
| API | Description |
|---|---|
| Get sub account list | Get sub account list |
| Get sub account | Get single sub account details |
| Create Sub Accounts | Create Sub Accounts |
| Edit sub account | Edit sub account information |
| Delete sub account | Delete sub account |
| Get access key | Get sub account access key |
| Create access key | Create sub account access key |
| Delete access key | Delete sub account access key |
| Set access key status | Enable or disable sub account access key |
| Get login access key | Get login access key used for sub account login address |
| Set login access key | Set login access key used for sub account login address |
| Check login ID | Check sub account login ID validity and duplication |
| Check login password | Check sub account login password validity and complexity |
| Get idle session expiration time | Get sub account idle session expiration time |
| Set idle session expiration time | Set sub account idle session expiration time |
| Get login password expiration date | Get sub account login password expiration date (change cycle) |
| Set login password expiration date | Set sub account login password expiration date (change cycle) |
| Reset login password | Edit sub account login password |
| Assign policy | Assign policy to sub account |
| Delete policy | Delete policy assigned to sub account |
| Add group | Add sub account to group |
| Delete group | Delete sub account from group |
| Get console access rule | Get sub account console access rule |
| Edit console access rule | Edit sub account console access rule |
| Get API access rule | Get sub account API access rule |
| Edit API access rule | Edit sub account API access rule |
| Get two-factor authentication information | Get sub account two-factor authentication information |
| Get tag | Get tag added to sub account |
| Add tag | Add tag to sub account |
| Delete tag | Delete tag added to sub account |
| Get user information | Get information of authorized sub account users |
| Get user ID | Get sub account ID |
Group
The following describes the group-related APIs.
| API | Description |
|---|---|
| Get group list | Get group list |
| Get group | Get single group details |
| Create group | Create group |
| Edit group | Edit group information |
| Delete group | Delete group |
| Add sub account | Add sub account to group |
| Delete sub account | Delete sub account from group |
| Assign policy | Assign policy to group |
| Delete policy | Delete policy assigned to group |
| Get tag | Get tag added to group |
| Add tag | Add tag to group |
| Delete tag | Delete tag added to group |
Policy
The following describes the policy-related APIs.
| API | Description |
|---|---|
| Get policy list | Get policy list |
| Get policy | Get single policy details |
| Check policy validity | Check validity of User Created policy |
| Create policy | Create User Created policy |
| Modify policy | Edit User Created policy information |
| Delete policy list | Bulk delete 2 or more User Created policies |
| Delete policy | Delete User Created policy |
| Get policy-assigned resource | Get resources assigned with policies (sub accounts, groups, roles) |
| Get tag | Get tag added to User Created policy |
| Add tag | Add tag to User Created policy |
| Delete tag | Delete tag added to User Created policy |
Role
The following describes the role-related APIs.
| API | Description |
|---|---|
| Get role list | Get role list |
| Get role | Get single role details |
| Create role | Create role |
| Edit role | Edit role information |
| Delete role | Delete role |
| Assign policy | Assign policy to role |
| Delete policy | Delete policy assigned to role |
| Get role (Account) application target | Get account role application target |
| Add role (Account) application target | Add account role application target |
| Delete role (Account) application target | Delete account role application target |
| Add role (Server, Service) application target | Add server and service role application target |
| Delete role (Server, Service) application target | Delete server and service role application target |
| Set role list status | Bulk enable or disable two or more roles |
| Set role status | Enable or disable role |
| Get tag | Get tag added to role |
| Add tag | Add tag to role |
| Delete tag | Delete tag added to role |
| Get switchable role | Get role that can be switched from a sub account |
| Register switchable role | Register role that can be switched from a sub account |
| Edit switchable role | Edit information of role that can be switched from a sub account |
| Delete switchable role | Delete role that can be switched from a sub account |
External Access
The following describes the external access-related APIs.
| API | Description |
|---|---|
| Get trust anchor list | Get trust anchor list |
| Get trust anchor | Get single trust anchor details |
| Create trust anchor | Create trust anchor |
| Edit trust anchor | Edit trust anchor information |
| Enable trust anchor | Enable trust anchor status |
| Disable trust anchor | Disable trust anchor status |
| Delete trust anchor | Delete trust anchor |
| Get profile list | Get profile list |
| Get profile | Get single profile details |
| Create profile | Create profile |
| Edit profile | Edit profile information |
| Enable profile | Enable profile status |
| Disable profile | Disable profile status |
| Delete profile | Delete profile |
| Get subject list | Get subject list |
| Get subject | Get single subject details |
| Get subject activity list | Get subject activity list (detailed usage history of certificates with the same subject) |
| Get CRL list | Get certificate revocation list (CRL) list |
| Get CRL | Get single certificate revocation list (CRL) details |
| Create CRL | Create certificate revocation list (CRL) |
| Edit CRL | Edit certificate revocation list (CRL) information |
| Enable CRL | Enable certificate revocation list (CRL) |
| Disable CRL | Disable certificate revocation list (CRL) |
| Delete CRL | Delete certificate revocation list (CRL) |
Sub Account related resources
NAVER Cloud Platform provides a variety of related resources to help users better understand Sub Account APIs.
- Sub Account API guides
- Create signature: how to create a signature to add to the request header
- API Gateway User Guide: how to issue the API key to be added to the request header
- Common Ncloud response status codes: information on common response status codes of NAVER Cloud Platform used by the Sub Account service
- How to use the Sub Account service
- Sub Account User Guide: how to use Sub Account in the NAVER Cloud Platform console
- Ncloud use environment guide: guide for VPC and Classic environments and support availability
- Introduction to pricing, characteristics, and detailed features: the summary of pricing system, characteristics, and detailed features of Sub Account
- Latest service news: the latest news on the Sub Account service
- FAQ: frequently asked questions from the Sub Account service users
- Contact us: Send direct inquiries for unresolved questions that aren't answered by the API guide.
Was this article helpful?