Create sub account

Prev Next

Available in Classic and VPC

Create a sub account. Creating a sub account allows you to set permissions for each account, enabling you to operate the service safely and reliably.

Note

Up to 500 sub accounts can be created.

Request

This section describes the request format. The method and URI are as follows:

Method URI
POST /api/v1/sub-accounts

Request headers

For information about the headers common to all Sub Account APIs, see Sub Account request headers.

Request body

You can include the following data in the body of your request:

Field Type Required Description
apiAllowSources Array Optional List of sources accessible by sub account via API
canAPIGatewayAccess Boolean Required API Gateway accessibility of the sub account
  • Whether to use APIs registered in API Gateway by creating an access key
  • true | false
    • true: Available
    • false: Unavailable
canConsoleAccess Boolean Required Whether the sub account can access the console
  • true | false
    • true: Available
    • false: Unavailable
consolePermitIps Array Optional List of IP ranges accessible to the console from the sub account
email String Optional Sub account user email address
  • 6-100 characters
isMfaMandatory Boolean Optional Whether two-factor authentication is required for the sub account
  • true | false (default)
    • true: Required
    • false: Optional
loginId String Required Sub account login ID
  • 3-60 characters using a combination of English uppercase and lowercase letters, numbers, and special characters . @ - _
  • First letter must be an uppercase English letter.
  • Check ID duplication through Check sub account login ID duplication.
memo String Optional Description of the sub account (byte)
  • 0-300
name String Required Sub account username
  • 2-30 characters
needPasswordGenerate Boolean Optional Sub account login password creation method
  • true | false (default)
    • true: Automatic creation
    • false: Manual input
needPasswordReset Boolean Required Sub account login password reset notification
  • Whether to notify to change password when logging in for the first time with a sub account
  • true | false
    • true: Notify
    • false: Do not notify
password String Conditional Sub account login password
  • Must be entered if needPasswordGenerate is false.
  • 8-16 characters using a combination of uppercase and lowercase English letters, numbers, and special characters.
  • Check password validity through Check login password.
useApiAllowSource Boolean Optional Whether the accessible source for the API by the sub account is restricted
  • true | false
    • true: Accessible only from specified sources
    • false: Accessible from all sources
useConsolePermitIp Boolean Optional Whether the sub account's console access is restricted to a specific IP range
  • true | false
    • true: Accessible only from the specified IP range
    • false: Accessible from everywhere
tags Map Optional Sub account's tag
  • Up to 20 per resource.
  • Key, value: Enter up to 128 characters by combining English letters, numbers, and special characters "(", "-", "_", and ")".

apiAllowSources

The following describes apiAllowSources.

Field Type Required Description
type String Conditional Access source type
  • IP | VPC | VPC_SERVER
    • IP: Single server IP or IP range including subnet
    • VPC: VPC in use
    • VPC_SERVER: Server in the VPC environment in use
source String Conditional Access source information
  • Enter an IP address or an instance number.

Request example

The request example is as follows:

curl --location --request POST 'https://subaccount.apigw.ntruss.com/api/v1/sub-accounts' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
    "apiAllowSources": [
        {
            "type": "IP",
            "source": "***.***.***.***"
        }
    ],
    "canAPIGatewayAccess": true,
    "canConsoleAccess": true,
    "consolePermitIps": [
        "***.***.***.***"
    ],
    "email": "email@ncloud.com",
    "isMfaMandatory": false,
    "loginId": "testuser33",
    "memo": "testuser account",
    "name": "userts3",
    "needPasswordGenerate": true,
    "needPasswordReset": true,
    "useApiAllowSource": true,
    "useConsolePermitIp": true,
    "tags": {
        "env": "dev",
        "team": "a"
    }
}'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field Type Required Description
id String - Sub account ID
success Boolean - API call success status
  • true | false
    • true: Succeeded
    • false: Failed
generatedPassword String - Sub account password
  • Display if needPasswordGenerate is true.

Response status codes

For information about the HTTP status codes common to all Sub Account APIs, see Sub Account response status codes.

Response example

The response example is as follows:

{
  "id": "e60b75d0-****-****-****-***********",
  "success": true,
  "generatedPassword": "*****************"
}