Authenticating to the platform
In this tutorial, we assume that you have an activated administrator account.
You will do the following:
Register a third-party application as an API client via the management console of the cloud platform.
Issue the API client an access token via
POST /idp/token.With this token, the application will have the right to perform operations in the tenant and its sub-tenants on behalf of the administrator.
Before you start
Start the Python shell and configure its session.
As the result, the requests, json, and pprint modules should be loaded in the interactive shell.
Registering an API client in the tenant
To register an API client, follow the procedures described in the Acronis Cyber Protect Cloud Partner’s Guide. When you will be asked to save the client ID, client secret and data center URL, define variables
client_id,client_secretanddatacenter_urland assign them with the provided data:>>> client_id = '<your client ID>' >>> client_secret = '<your client secret>' >>> datacenter_url = '<your data center URL>'
Assuming that your data center URL is
https://eu2-cloud.acronis.com, the base URL to the Account Management API will behttps://eu2-cloud.acronis.com/api/2.Define a variable named
base_url, and then assign the value of thedatacenter_urlto it and append path to the API to this variable:>>> base_url = f'{datacenter_url}/api/2' >>> base_url 'https://eu2-cloud.acronis.com/api/2'
Issuing the API client an access token
Encode the client ID and client secret string using Base64 encoding and store the result in a variable:
>>> from base64 import b64encode # Used for encoding to Base64 >>> encoded_client_creds = b64encode(f'{client_id}:{client_secret}'.encode('ascii'))
Define a variable named
basic_auth, and then assign an object with theAuthorizationkey containing authentication data to this variable:>>> basic_auth = { ... 'Authorization': 'Basic ' + encoded_client_creds.decode('ascii') ... }
Send a POST request to the
/idp/tokenendpoint. The request should contain authentication data in the request headers and contain thegrant_typefield set toclient_credentialsin its body:>>> response = requests.post( ... f'{base_url}/idp/token', ... headers={'Content-Type': 'application/x-www-form-urlencoded', **basic_auth}, ... data={'grant_type': 'client_credentials'}, ... )
Check the status code of the response:
>>> response.status_code 200
Status code 200 means that the platform has authenticated the API client and issued the API client a token for accessing API endpoints (an access token). The response body text contains an encoded JSON object with this token and some other information.
A different status code means that an error has occurred. For the details, refer to “Status and error codes”.
Convert the JSON text that the response body contains to an object, and then store this object in a variable named
token_info:>>> token_info = response.json() >>> pprint.pprint(token_info) {'access_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...', 'expires_on': 1562910964, 'id_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjI5ZT...', 'token_type': 'bearer'}
Define a variable named
auth, and then assign an object, that will be used for constructing anAuthorizationheader in API requests, to this variable:>>> auth = {'Authorization': 'Bearer ' + token_info['access_token']} >>> auth {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...'}
You will need to specify this variable in every request to the API as follows:
requests.get(f'{base_url}/clients/{client_id}', headers=auth)In order to access Resource and Policy Management APIs, update the
base_urlvariable with the following path to the API:>>> base_url = f'{datacenter_url}/api' >>> base_url 'https://eu2-cloud.acronis.com/api'
Now, your application is all set with access to the Resource and Policy Management APIs.