MENU
      Sub Account overview

        Sub Account overview


        Article summary

        Available in Classic and VPC

        Sub Account is a NAVER Cloud Platform service that provides sub accounts to enable multiple users to use and manage the same resources. The Sub Account service provides APIs for sub accounts, groups, policies, roles, and external access in the form of RESTful.

        Common Sub Account settings

        The following describes commonly used request and response formats in Sub Account APIs.

        Request

        The following describes the common request format.

        API URL

        The request API URL is as follows.

        Sub accounts, groups, policies, roles: https://subaccount.apigw.ntruss.com
        External access permissions: https://externalaccess.apigw.ntruss.com
        HTTP

        Request headers

        The following describes the headers.

        FieldRequiredDescription
        x-ncp-apigw-timestampRequiredThis is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC
        • Request is considered invalid if the timestamp differs from the current time by more than 5 minutes
        • Unix timestamp format
        x-ncp-iam-access-keyRequiredAccess key issued on NAVER Cloud Platform
        x-ncp-apigw-signature-v2RequiredBase64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256)
        AcceptOptionalResponse data format
        • application/json
        Content-typeOptionalRequest data format
        • application/json

        Response

        The following describes the common response format.

        Response data type

        The following describes the common response date types.

        ProcessResult
        ProcessResult defines the API processing result. The following describes ProcessResult.

        FieldTypeRequiredDescription
        successBooleanRequiredAPI processing result
        • true | false
          • true: succeeded
          • false: failed
        idStringOptionalCreation/modification result ID
        • Use in creation, multiple addition/deletion APIs
        messageStringOptionalAPI processing result message

        The following is a sample syntax and response of ProcessResult.

        • Syntax
          ProcessResult {
            Boolean success;
            String id;
            String message;
          }
          Plain text
        • Examples
          {
            "id": "",
            "success": true
          }
          JSON

        ErrorResponse
        ErrorResponse defines the details of a failure when an API call fails. The following describes ErrorResponse.

        FieldTypeRequiredDescription
        errorCodeIntegerRequiredRequired
        messageStringRequiredString

        The following is a sample syntax and response of ErrorResponse.

        • Syntax
          ErrorResponse {
            int errorCode;
            String message;
          }
          Plain text
        • Examples
          {
            "errorCode": 9011,
            "message": "The role name already exists."
          }
          JSON

        Response status codes

        The following describes the response status codes.

        HTTP status codeCodeMessageDescription
        200-Maximum limit exceeded.Maximum allowable value exceeded
        400120Duplicate ID. Please enter a different ID.Duplicate ID entered
        40030Invalid subAccountId.Non-existent sub account ID entered
        40030The groupNo is invalid.Non-existent group ID entered
        400400Request format is not jsonInput value format error
        400400sessionExpirationDays is required, Request format is not jsonParameter input error
        400400A maximum of 100 IP bands can be access restricted.Maximum number of IP bands available exceeded
        • Maximum number of IP bands for console access restriction is 100
        400400Enter the role name: [roleName].Role name missing
        • Enter 3-100 characters
        400400Enter a role name between 3 and 100 characters. : [roleName]Role name character count error
        400400Specify the role type: [roleType].Role type input error
        • Specify role type
        400400Invalid role type.Role type input error
        • Specify allowed role type
        400400isMyAccount is missing. : [isMyAccount]isMyAccount parameter missing
        4009001Enter the account name.Account name missing or error
        4009001Enter the login ID.Login ID input required
        4009002When the role type is Server, the session expiration time is not allowed.Parameter input error
        • Role type for which the session expiration time cannot be specified
        4009002The session expiration time can only be set to [600, 1800, 3600, 10800] seconds.Session expiration time input error
        4009010Letters, numbers, and special characters ".", "_", and "-" are allowed, and you must enter a string that starts with a letter and is between 3 and 100 characters long.Input value error
        • 3-100 characters, including English letters, numbers, and special characters
        4009010English lowercase letters and numbers are allowed. Enter between 3 and 20 characters.URL format error
        • 3-20 characters, English lowercase letters and numbers allowed
        4009011The role name already exists.Role name already in use entered
        4009015Unsafe password.Unavailable password entered
        400904Invalid API key.Non-existent access key entered
        40130Invalid subAccountId.Non-existent sub account ID entered
        40430Invalid idNo.Non-existent sub account ID entered
        40430Invalid roleNo.Non-existent role ID entered
        404404This policy isn't registered.Non-existent policy ID entered
        404910There is an entity that does not match the role.Application subject not matching role type
        4099012The number of entities that can be registered in the target role has been exceeded.Role application target exceeds the allowed number
        4099012Maximum limit exceeded.Maximum allowable value exceeded
        500500Internal Server ErrorInternal server error
        Note

        For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.

        Sub Account API

        The following describes the APIs provided by the Sub Account service.

        Sub account

        The following describes the sub account-related APIs.

        APIDescription
        Get sub account listGet sub account list
        Get sub accountGet single sub account details
        Create Sub AccountsCreate Sub Accounts
        Edit sub accountEdit sub account information
        Delete sub accountDelete sub account
        Get access keyGet sub account access key
        Create access keyCreate sub account access key
        Delete access keyDelete sub account access key
        Set access key statusEnable or disable sub account access key
        Get login access keyGet login access key used for sub account login address
        Set login access keySet login access key used for sub account login address
        Check login IDCheck sub account login ID validity and duplication
        Check login passwordCheck sub account login password validity and complexity
        Get idle session expiration timeGet sub account idle session expiration time
        Set idle session expiration timeSet sub account idle session expiration time
        Get login password expiration dateGet sub account login password expiration date (change cycle)
        Set login password expiration dateSet sub account login password expiration date (change cycle)
        Reset login passwordEdit sub account login password
        Assign policyAssign policy to sub account
        Delete policyDelete policy assigned to sub account
        Add groupAdd sub account to group
        Delete groupDelete sub account from group
        Get console access ruleGet sub account console access rule
        Edit console access ruleEdit sub account console access rule
        Get API access ruleGet sub account API access rule
        Edit API access ruleEdit sub account API access rule
        Get two-factor authentication informationGet sub account two-factor authentication information
        Get tagGet tag added to sub account
        Add tagAdd tag to sub account
        Delete tagDelete tag added to sub account
        Get user informationGet information of authorized sub account users
        Get user IDGet sub account ID

        Group

        The following describes the group-related APIs.

        APIDescription
        Get group listGet group list
        Get groupGet single group details
        Create groupCreate group
        Edit groupEdit group information
        Delete groupDelete group
        Add sub accountAdd sub account to group
        Delete sub accountDelete sub account from group
        Assign policyAssign policy to group
        Delete policyDelete policy assigned to group
        Get tagGet tag added to group
        Add tagAdd tag to group
        Delete tagDelete tag added to group

        Policy

        The following describes the policy-related APIs.

        APIDescription
        Get policy listGet policy list
        Get policyGet single policy details
        Check policy validityCheck validity of User Created policy
        Create policyCreate User Created policy
        Modify policyEdit User Created policy information
        Delete policy listBulk delete 2 or more User Created policies
        Delete policyDelete User Created policy
        Get policy-assigned resourceGet resources assigned with policies (sub accounts, groups, roles)
        Get tagGet tag added to User Created policy
        Add tagAdd tag to User Created policy
        Delete tagDelete tag added to User Created policy

        Role

        The following describes the role-related APIs.

        APIDescription
        Get role listGet role list
        Get roleGet single role details
        Create roleCreate role
        Edit roleEdit role information
        Delete roleDelete role
        Assign policyAssign policy to role
        Delete policyDelete policy assigned to role
        Get role (Account) application targetGet account role application target
        Add role (Account) application targetAdd account role application target
        Delete role (Account) application targetDelete account role application target
        Add role (Server, Service) application targetAdd server and service role application target
        Delete role (Server, Service) application targetDelete server and service role application target
        Set role list statusBulk enable or disable two or more roles
        Set role statusEnable or disable role
        Get tagGet tag added to role
        Add tagAdd tag to role
        Delete tagDelete tag added to role
        Get switchable roleGet role that can be switched from a sub account
        Register switchable roleRegister role that can be switched from a sub account
        Edit switchable roleEdit information of role that can be switched from a sub account
        Delete switchable roleDelete role that can be switched from a sub account

        External Access

        The following describes the external access-related APIs.

        APIDescription
        Get trust anchor listGet trust anchor list
        Get trust anchorGet single trust anchor details
        Create trust anchorCreate trust anchor
        Edit trust anchorEdit trust anchor information
        Enable trust anchorEnable trust anchor status
        Disable trust anchorDisable trust anchor status
        Delete trust anchorDelete trust anchor
        Get profile listGet profile list
        Get profileGet single profile details
        Create profileCreate profile
        Edit profileEdit profile information
        Enable profileEnable profile status
        Disable profileDisable profile status
        Delete profileDelete profile
        Get subject listGet subject list
        Get subjectGet single subject details
        Get subject activity listGet subject activity list (detailed usage history of certificates with the same subject)
        Get CRL listGet certificate revocation list (CRL) list
        Get CRLGet single certificate revocation list (CRL) details
        Create CRLCreate certificate revocation list (CRL)
        Edit CRLEdit certificate revocation list (CRL) information
        Enable CRLEnable certificate revocation list (CRL)
        Disable CRLDisable certificate revocation list (CRL)
        Delete CRLDelete certificate revocation list (CRL)

        NAVER Cloud Platform provides a variety of related resources to help users better understand Sub Account APIs.


        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.