Subuser programmatic access to OpenAPI

Subusers can access JD Cloud OpenAPI programmatically provided that they have AccessKey in [Enabled] state.

Introduction to JD Cloud OpenAPI

JD Cloud OpenAPI is to provide the management capability of all resources of JD Cloud through API to support users to manage cloud resources more flexibly.

To call OpenAPI, you need to use AccessKey and AccessKey Secret key pairs (AK/SK for short). AK/SK is equivalent to username/password and allows the OpenAPI gateway to identify the caller.

How to call JD Cloud OpenAPI, please refer to: OpenAPI & SDK call method

Restrictions on subuser calls to OpenAPI

Permission restrictions

Calling OpenAPI using the subuser's AK/SK is equivalent to the subuser accessing the resource directly, and all operations are restricted by the subuser's authorization, consistent with the subuser's access in the console.

A call to OpenAPI will return 403 HTTP_FORBIDDEN No permission for operations or resources that the subuser does not have access to.

For other error cases in calling OpenAPI, please refer to: OpenAPI & SDK Common Errors

MFA restrictions

If [Operation Protection] is enabled for a Subuser, multi-factor authentication (MFA authentication) is required when invoking sensitive operation interfaces. The method is to enter the x-jdcloud-security-token header parameter in the pass-through field.

OpenAPI public Request Header description, please refer to: OpenAPI & SDK call methods and details of the calls to the SDK in each language.