Gestión de Claves API
Las claves API autentican acceso máquina a máquina. Cada clave usa los encabezados Api-Key y Api-Secret; el secreto se muestra solo al crear o rotar secretos y se almacena hasheado.
API real
Las claves API se gestionan en la API de serviceprojects bajo /v0/apikeys. No se gestionan bajo /projects/{id}/apikeys. La creación y gestión de proyectos está fuera del alcance actual de esta página.
curl -X POST "https://api.hola.cloud/v0/apikeys" \
-H "X-Glue-Authentication: {\"user\":{\"id\":\"user-1234\"}}" \
-H "Content-Type: application/json" \
-d '{
"name": "CI/CD Key",
"scopes": [
{
"projects": ["project-123"],
"host_rules": {"mi-proyecto.hola.cloud": "{}"}
}
]
}'POST /v0/apikeys HTTP/1.1
Host: api.hola.cloud
X-Glue-Authentication: {"user":{"id":"user-1234"}}
Content-Type: application/json
{
"name": "CI/CD Key",
"scopes": [
{
"projects": ["project-123"],
"host_rules": {"mi-proyecto.hola.cloud": "{}"}
}
]
}package main
import (
"fmt"
"io"
"net/http"
"encoding/json"
"strings"
)
func main() {
payload := map[string]any{"name": "CI/CD Key", "scopes": []any{map[string]any{"host_rules": map[string]any{"mi-proyecto.hola.cloud": "{}"}, "projects": []any{"project-123"}}}}
bodyBytes, err := json.Marshal(payload)
if err != nil {
panic(err)
}
body := string(bodyBytes)
req, err := http.NewRequest("POST", "https://api.hola.cloud/v0/apikeys", strings.NewReader(body))
if err != nil {
panic(err)
}
req.Header.Set("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
req.Header.Set("Content-Type", "application/json")
resp, err := http.DefaultClient.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
responseBody, err := io.ReadAll(resp.Body)
if err != nil {
panic(err)
}
fmt.Println(string(responseBody))
}
<?php
$payload = ['name' => 'CI/CD Key', 'scopes' => [['host_rules' => ['mi-proyecto.hola.cloud' => '{}'], 'projects' => ['project-123']]]];
$body = json_encode($payload);
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => 'https://api.hola.cloud/v0/apikeys',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => $body,
CURLOPT_HTTPHEADER => [
'X-Glue-Authentication: {"user":{"id":"user-1234"}}',
'Content-Type: application/json',
],
]);
$response = curl_exec($ch);
if ($response === false) {
throw new Exception(curl_error($ch));
}
curl_close($ch);
echo $response;
import requests
import json
headers = {
"X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
"Content-Type": "application/json",
}
payload = {"name": "CI/CD Key", "scopes": [{"host_rules": {"mi-proyecto.hola.cloud": "{}"}, "projects": ["project-123"]}]}
body = json.dumps(payload)
response = requests.request(
"POST",
"https://api.hola.cloud/v0/apikeys",
headers=headers,
data=body
)
print(response.text)
const payload = {"name": "CI/CD Key", "scopes": [{"host_rules": {"mi-proyecto.hola.cloud": "{}"}, "projects": ["project-123"]}]};
const response = await fetch("https://api.hola.cloud/v0/apikeys", {
method: "POST",
headers: {
"X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
"Content-Type": "application/json"
},
body: JSON.stringify(payload)
});
console.log(await response.text());
const payload = {"name": "CI/CD Key", "scopes": [{"host_rules": {"mi-proyecto.hola.cloud": "{}"}, "projects": ["project-123"]}]};
const response = await fetch("https://api.hola.cloud/v0/apikeys", {
method: "POST",
headers: {
"X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
"Content-Type": "application/json"
},
body: JSON.stringify(payload)
});
const text = await response.text();
console.log(text);
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Map;
import java.util.List;
public class Main {
public static void main(String[] args) throws Exception {
var payload = Map.of("name", "CI/CD Key", "scopes", List.of(Map.of("host_rules", Map.of("mi-proyecto.hola.cloud", "{}"), "projects", List.of("project-123"))));
var body = new ObjectMapper().writeValueAsString(payload);
var request = HttpRequest.newBuilder()
.uri(URI.create("https://api.hola.cloud/v0/apikeys"))
.method("POST", HttpRequest.BodyPublishers.ofString(body))
.header("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
.header("Content-Type", "application/json")
.build();
var response = HttpClient.newHttpClient().send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}Ámbitos
El modelo actual usa projects y host_rules.
| Ámbito | Campo | Ejemplo |
|---|---|---|
| Proyectos | projects |
["project-123"] |
| Reglas de host | host_rules |
{"mi-proyecto.hola.cloud": "{}"} |
Los ámbitos de ruta y método HTTP no forman parte del modelo actual.
Listar claves
curl "https://api.hola.cloud/v0/apikeys" \
-H "X-Glue-Authentication: {\"user\":{\"id\":\"user-1234\"}}"GET /v0/apikeys HTTP/1.1
Host: api.hola.cloud
X-Glue-Authentication: {"user":{"id":"user-1234"}}
package main
import (
"fmt"
"io"
"net/http"
)
func main() {
req, err := http.NewRequest("GET", "https://api.hola.cloud/v0/apikeys", nil)
if err != nil {
panic(err)
}
req.Header.Set("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
resp, err := http.DefaultClient.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
responseBody, err := io.ReadAll(resp.Body)
if err != nil {
panic(err)
}
fmt.Println(string(responseBody))
}
<?php
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => 'https://api.hola.cloud/v0/apikeys',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CUSTOMREQUEST => 'GET',
CURLOPT_HTTPHEADER => [
'X-Glue-Authentication: {"user":{"id":"user-1234"}}',
],
]);
$response = curl_exec($ch);
if ($response === false) {
throw new Exception(curl_error($ch));
}
curl_close($ch);
echo $response;
import requests
headers = {
"X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
}
response = requests.request(
"GET",
"https://api.hola.cloud/v0/apikeys",
headers=headers
)
print(response.text)
const response = await fetch("https://api.hola.cloud/v0/apikeys", {
method: "GET",
headers: {
"X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}"
}
});
console.log(await response.text());
const response = await fetch("https://api.hola.cloud/v0/apikeys", {
method: "GET",
headers: {
"X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}"
}
});
const text = await response.text();
console.log(text);
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
var request = HttpRequest.newBuilder()
.uri(URI.create("https://api.hola.cloud/v0/apikeys"))
.method("GET", HttpRequest.BodyPublishers.noBody())
.header("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
.build();
var response = HttpClient.newHttpClient().send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}Revocar una clave
curl -X DELETE "https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
-H "X-Glue-Authentication: {\"user\":{\"id\":\"user-1234\"}}"DELETE /v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890 HTTP/1.1
Host: api.hola.cloud
X-Glue-Authentication: {"user":{"id":"user-1234"}}
package main
import (
"fmt"
"io"
"net/http"
)
func main() {
req, err := http.NewRequest("DELETE", "https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890", nil)
if err != nil {
panic(err)
}
req.Header.Set("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
resp, err := http.DefaultClient.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
responseBody, err := io.ReadAll(resp.Body)
if err != nil {
panic(err)
}
fmt.Println(string(responseBody))
}
<?php
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => 'https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CUSTOMREQUEST => 'DELETE',
CURLOPT_HTTPHEADER => [
'X-Glue-Authentication: {"user":{"id":"user-1234"}}',
],
]);
$response = curl_exec($ch);
if ($response === false) {
throw new Exception(curl_error($ch));
}
curl_close($ch);
echo $response;
import requests
headers = {
"X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
}
response = requests.request(
"DELETE",
"https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890",
headers=headers
)
print(response.text)
const response = await fetch("https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890", {
method: "DELETE",
headers: {
"X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}"
}
});
console.log(await response.text());
const response = await fetch("https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890", {
method: "DELETE",
headers: {
"X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}"
}
});
const text = await response.text();
console.log(text);
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
var request = HttpRequest.newBuilder()
.uri(URI.create("https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890"))
.method("DELETE", HttpRequest.BodyPublishers.noBody())
.header("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
.build();
var response = HttpClient.newHttpClient().send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}Cómo valida Glue2
- Glue2 extrae
Api-KeyyApi-Secret. - Busca la clave y compara el secreto con el hash almacenado.
- Verifica
projectsyhost_rules. - Si es válido, inyecta
X-Glue-Authenticationcomo JSON y reenvía la solicitud.
Comentarios