MENU
      Create sub account

        Create sub account


        Article summary

        Available in Classic and VPC

        Create a sub account. Creating a sub account allows you to set permissions for each account, enabling you to operate the service safely and reliably.

        Note

        Up to 500 sub accounts can be created.

        Request

        This section describes the request format. The method and URI are as follows:

        MethodURI
        POST/api/v1/sub-accounts

        Request headers

        For information about the headers common to all Sub Account APIs, see Sub Account request headers.

        Request body

        You can include the following data in the body of your request:

        FieldTypeRequiredDescription
        activeBooleanRequiredSub account status
        • true | false
          • true: enabled
          • false: disabled
        apiAllowSourcesArrayOptionalList of sources accessible by sub account via API
        canAPIGatewayAccessBooleanRequiredAPI Gateway accessibility of the sub account
        • Whether to use APIs registered in API Gateway by creating an access key
        • true | false
          • true: available
          • false: unavailable
        canConsoleAccessBooleanRequiredWhether the sub account can access the console
        • true | false
          • true: available
          • false: unavailable
        consolePermitIpsArrayOptionalList of IP ranges accessible to the console from the sub account
        emailStringOptionalSub account user email address
        • 6-100 characters
        isMfaMandatoryBooleanOptionalWhether two-factor authentication is required for the sub account
        • true | false (default)
          • true: required
          • false: optional
        loginIdStringRequiredSub account login ID
        • 3-60 characters using a combination of English uppercase and lowercase letters, numbers, and special characters . @ - _
        • First letter must be an uppercase English letter
        • Check ID duplication through Check sub account login ID duplication
        memoStringOptionalDescription of the sub account (byte)
        • 0-300
        nameStringRequiredSub account username
        • 2-30 characters
        needPasswordGenerateBooleanOptionalSub account login password creation method
        • true | false (default)
          • true: automatic creation
          • false: manual input
        needPasswordResetBooleanRequiredSub account login password reset notification
        • Whether to notify to change password when logging in for the first time with a sub account
        • true | false
          • true: notify
          • false: do not notify
        passwordStringConditionalSub account login password
        • Must be entered if needPasswordGenerate is false
        • 8-16 characters using a combination of uppercase and lowercase English letters, numbers, and special characters
        • Check password validity through Check login password
        useApiAllowSourceBooleanOptionalWhether the accessible source for the API by the sub account is restricted
        • true | false
          • true: Accessible only from specified sources
          • false: Accessible from all sources
        useConsolePermitIpBooleanOptionalWhether the sub account's console access is restricted to a specific IP range
        • true | false
          • true: accessible only from the specified IP range
          • false: accessible from everywhere

        apiAllowSources

        The following describes apiAllowSources.

        FieldTypeRequiredDescription
        typeStringConditionalAccess source type
        • IP | VPC | VPC_SERVER
          • IP: Single server IP or IP range including subnet
          • VPC: VPC in use
          • VPC_SERVER: Server in the VPC environment in use
        sourceStringConditionalAccess source information
        • Enter an IP address or an instance number

        Request example

        The request example is as follows:

        curl --location --request POST 'https://subaccount.apigw.ntruss.com/api/v1/sub-accounts' \
        --header 'x-ncp-apigw-timestamp: {Timestamp}' \
        --header 'x-ncp-iam-access-key: {Access Key}' \
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
        --header 'Accept: application/json' \
        --header 'Content-Type: application/json' \
        --data '{
            "active": true,
            "apiAllowSources": [
                {
                    "type": "IP",
                    "source": "***.***.***.***"
                }
            ],
            "canAPIGatewayAccess": true,
            "canConsoleAccess": true,
            "consolePermitIps": [
                "***.***.***.***"
            ],
            "email": "email@ncloud.com",
            "isMfaMandatory": false,
            "loginId": "testuser33",
            "memo": "testuser account",
            "name": "userts3",
            "needPasswordGenerate": true,
            "needPasswordReset": true,
            "useApiAllowSource": true,
            "useConsolePermitIp": true
        }'
        Shell

        Response

        This section describes the response format.

        Response body

        The response body includes the following data:

        FieldTypeRequiredDescription
        idString-Sub account ID
        successBoolean-API call success status
        • true | false
          • true: succeeded
          • false: failed
        generatedPasswordString-Sub account password
        • Display if needPasswordGenerate is true

        Response status codes

        For information about the HTTP status codes common to all Sub Account APIs, see Sub Account status codes.

        Response example

        The response example is as follows:

        {
          "id": "e60b75d0-****-****-****-***********",
          "success": true,
          "generatedPassword": "*****************"
        }
        JSON

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.