Gestión de Claves API

Las claves API autentican acceso máquina a máquina. Cada clave usa los encabezados Api-Key y Api-Secret; el secreto se muestra solo al crear o rotar secretos y se almacena hasheado.

API real

Las claves API se gestionan en la API de serviceprojects bajo /v0/apikeys. No se gestionan bajo /projects/{id}/apikeys. La creación y gestión de proyectos está fuera del alcance actual de esta página.

curl -X POST "https://api.hola.cloud/v0/apikeys" \
  -H "X-Glue-Authentication: {\"user\":{\"id\":\"user-1234\"}}" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "CI/CD Key",
    "scopes": [
      {
        "projects": ["project-123"],
        "host_rules": {"mi-proyecto.hola.cloud": "{}"}
      }
    ]
  }'
POST /v0/apikeys HTTP/1.1
Host: api.hola.cloud
X-Glue-Authentication: {"user":{"id":"user-1234"}}
Content-Type: application/json

{
    "name": "CI/CD Key",
    "scopes": [
      {
        "projects": ["project-123"],
        "host_rules": {"mi-proyecto.hola.cloud": "{}"}
      }
    ]
  }
package main

import (
	"fmt"
	"io"
	"net/http"
	"encoding/json"
	"strings"
)

func main() {
	payload := map[string]any{"name": "CI/CD Key", "scopes": []any{map[string]any{"host_rules": map[string]any{"mi-proyecto.hola.cloud": "{}"}, "projects": []any{"project-123"}}}}
	bodyBytes, err := json.Marshal(payload)
	if err != nil {
		panic(err)
	}
	body := string(bodyBytes)

	req, err := http.NewRequest("POST", "https://api.hola.cloud/v0/apikeys", strings.NewReader(body))
	if err != nil {
		panic(err)
	}
	req.Header.Set("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
	req.Header.Set("Content-Type", "application/json")

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()

	responseBody, err := io.ReadAll(resp.Body)
	if err != nil {
		panic(err)
	}
	fmt.Println(string(responseBody))
}
<?php
$payload = ['name' => 'CI/CD Key', 'scopes' => [['host_rules' => ['mi-proyecto.hola.cloud' => '{}'], 'projects' => ['project-123']]]];
$body = json_encode($payload);

$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://api.hola.cloud/v0/apikeys',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS => $body,
    CURLOPT_HTTPHEADER => [
        'X-Glue-Authentication: {"user":{"id":"user-1234"}}',
        'Content-Type: application/json',
    ],
]);

$response = curl_exec($ch);
if ($response === false) {
    throw new Exception(curl_error($ch));
}
curl_close($ch);

echo $response;
import requests

import json

headers = {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
    "Content-Type": "application/json",
}

payload = {"name": "CI/CD Key", "scopes": [{"host_rules": {"mi-proyecto.hola.cloud": "{}"}, "projects": ["project-123"]}]}
body = json.dumps(payload)

response = requests.request(
    "POST",
    "https://api.hola.cloud/v0/apikeys",
    headers=headers,
    data=body
)

print(response.text)
const payload = {"name": "CI/CD Key", "scopes": [{"host_rules": {"mi-proyecto.hola.cloud": "{}"}, "projects": ["project-123"]}]};

const response = await fetch("https://api.hola.cloud/v0/apikeys", {
  method: "POST",
  headers: {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
    "Content-Type": "application/json"
  },
  body: JSON.stringify(payload)
});

console.log(await response.text());
const payload = {"name": "CI/CD Key", "scopes": [{"host_rules": {"mi-proyecto.hola.cloud": "{}"}, "projects": ["project-123"]}]};

const response = await fetch("https://api.hola.cloud/v0/apikeys", {
  method: "POST",
  headers: {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
    "Content-Type": "application/json"
  },
  body: JSON.stringify(payload)
});

const text = await response.text();
console.log(text);
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Map;
import java.util.List;

public class Main {
    public static void main(String[] args) throws Exception {
        var payload = Map.of("name", "CI/CD Key", "scopes", List.of(Map.of("host_rules", Map.of("mi-proyecto.hola.cloud", "{}"), "projects", List.of("project-123"))));
        var body = new ObjectMapper().writeValueAsString(payload);

        var request = HttpRequest.newBuilder()
            .uri(URI.create("https://api.hola.cloud/v0/apikeys"))
            .method("POST", HttpRequest.BodyPublishers.ofString(body))
            .header("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
            .header("Content-Type", "application/json")
            .build();

        var response = HttpClient.newHttpClient().send(request, HttpResponse.BodyHandlers.ofString());
        System.out.println(response.body());
    }
}

Ámbitos

El modelo actual usa projects y host_rules.

Ámbito Campo Ejemplo
Proyectos projects ["project-123"]
Reglas de host host_rules {"mi-proyecto.hola.cloud": "{}"}

Los ámbitos de ruta y método HTTP no forman parte del modelo actual.

Listar claves

curl "https://api.hola.cloud/v0/apikeys" \
  -H "X-Glue-Authentication: {\"user\":{\"id\":\"user-1234\"}}"
GET /v0/apikeys HTTP/1.1
Host: api.hola.cloud
X-Glue-Authentication: {"user":{"id":"user-1234"}}
package main

import (
	"fmt"
	"io"
	"net/http"
)

func main() {
	req, err := http.NewRequest("GET", "https://api.hola.cloud/v0/apikeys", nil)
	if err != nil {
		panic(err)
	}
	req.Header.Set("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()

	responseBody, err := io.ReadAll(resp.Body)
	if err != nil {
		panic(err)
	}
	fmt.Println(string(responseBody))
}
<?php
$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://api.hola.cloud/v0/apikeys',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => [
        'X-Glue-Authentication: {"user":{"id":"user-1234"}}',
    ],
]);

$response = curl_exec($ch);
if ($response === false) {
    throw new Exception(curl_error($ch));
}
curl_close($ch);

echo $response;
import requests

headers = {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
}

response = requests.request(
    "GET",
    "https://api.hola.cloud/v0/apikeys",
    headers=headers
)

print(response.text)
const response = await fetch("https://api.hola.cloud/v0/apikeys", {
  method: "GET",
  headers: {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}"
  }
});

console.log(await response.text());
const response = await fetch("https://api.hola.cloud/v0/apikeys", {
  method: "GET",
  headers: {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}"
  }
});

const text = await response.text();
console.log(text);
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;

public class Main {
    public static void main(String[] args) throws Exception {
        var request = HttpRequest.newBuilder()
            .uri(URI.create("https://api.hola.cloud/v0/apikeys"))
            .method("GET", HttpRequest.BodyPublishers.noBody())
            .header("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
            .build();

        var response = HttpClient.newHttpClient().send(request, HttpResponse.BodyHandlers.ofString());
        System.out.println(response.body());
    }
}

Revocar una clave

curl -X DELETE "https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
  -H "X-Glue-Authentication: {\"user\":{\"id\":\"user-1234\"}}"
DELETE /v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890 HTTP/1.1
Host: api.hola.cloud
X-Glue-Authentication: {"user":{"id":"user-1234"}}
package main

import (
	"fmt"
	"io"
	"net/http"
)

func main() {
	req, err := http.NewRequest("DELETE", "https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890", nil)
	if err != nil {
		panic(err)
	}
	req.Header.Set("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()

	responseBody, err := io.ReadAll(resp.Body)
	if err != nil {
		panic(err)
	}
	fmt.Println(string(responseBody))
}
<?php
$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_CUSTOMREQUEST => 'DELETE',
    CURLOPT_HTTPHEADER => [
        'X-Glue-Authentication: {"user":{"id":"user-1234"}}',
    ],
]);

$response = curl_exec($ch);
if ($response === false) {
    throw new Exception(curl_error($ch));
}
curl_close($ch);

echo $response;
import requests

headers = {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
}

response = requests.request(
    "DELETE",
    "https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    headers=headers
)

print(response.text)
const response = await fetch("https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890", {
  method: "DELETE",
  headers: {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}"
  }
});

console.log(await response.text());
const response = await fetch("https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890", {
  method: "DELETE",
  headers: {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}"
  }
});

const text = await response.text();
console.log(text);
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;

public class Main {
    public static void main(String[] args) throws Exception {
        var request = HttpRequest.newBuilder()
            .uri(URI.create("https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890"))
            .method("DELETE", HttpRequest.BodyPublishers.noBody())
            .header("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
            .build();

        var response = HttpClient.newHttpClient().send(request, HttpResponse.BodyHandlers.ofString());
        System.out.println(response.body());
    }
}

Cómo valida Glue2

  1. Glue2 extrae Api-Key y Api-Secret.
  2. Busca la clave y compara el secreto con el hash almacenado.
  3. Verifica projects y host_rules.
  4. Si es válido, inyecta X-Glue-Authentication como JSON y reenvía la solicitud.

Comentarios

Deja un comentario