Introduction
Hyper Protect DBaaS is the next-level evolution of how data is stored in a highly secured enterprise cloud service. It is ideally suited for workloads with sensitive data and allows you to retain your data in a fully encrypted client database without need for specialized skills. This service provides capabilities to provision, manage, maintain, and monitor multiple database types like MongoDB and PostgreSQL through standardized APIs. Hyper Protect DBaaS protects against threats of data breach and data manipulation leveraging the strengths of LinuxONE pervasive encryption, scalability, performance, and IBM Secure Service Container technology.
The IBM Cloud™ Hyper Protect DBaaS API is a REST-based API for reading and writing objects.
For details about using IBM Cloud Hyper Protect DBaaS, see IBM Cloud Hyper Protect DBaaS for PostgreSQL and IBM Cloud Hyper Protect DBaaS for MongoDB.
Authentication
To work with the API, authenticate your app or service by including your IBM Cloud IAM access token and user ID in API requests.
You can retrieve an access token by first creating an API key, and then exchanging your API key for a IBM Cloud IAM token and IBM Cloud user ID. For more information, see Get an access token from IBM Cloud API Key.
Endpoint URLs
The following URLs represent the base URLs for the Hyper Protect DBaaS API endpoints. When you call the API, use the URL that corresponds to the region where your service instance is deployed. Add the path for each method to form the complete API endpoint for your requests.
- Dallas:
https://dbaas900.hyperp-dbaas.cloud.ibm.com:20000 - Frankfurt:
https://dbaas902.hyperp-dbaas.cloud.ibm.com:20000 - Sydney:
https://dbaas904.hyperp-dbaas.cloud.ibm.com:20000
Example request to a Dallas endpoint
curl -u "apikey:{apikey}" -X {request_method} "dbaas900.hyperp-dbaas.cloud.ibm.com:20000/api/v2/{user_id}/{method_endpoint}"
Replace {apikey}, {request_method}, {user_id}, and {method_endpoint} in this example with the values for your particular API call.
Methods
Get an access token
Get an access token from IBM Cloud API Key. You will use the access token for future operations that require authentication.
GET /auth/tokenRequest
Custom Headers
The IBM Cloud API Key.
curl -X GET \ "https://<ip>:<port>/api/v2/auth/token" \ -H "accept: application/json" \ -H "api_key: <api_key>"
Response
The access token of one user.
The access token returned from Cloud IAM server.
Example:
eyJraWQiOiI......XmpBTIDdR5wIBM Cloud account ID combined to the API key.
Example:
9025398753de792d09fa384d202fNumber of seconds until the IAM access token expires.
Example:
3600Number of seconds that are counted since January 1st, 1970 until the IAM access token expires.
Example:
1512161390
Status Code
The request was successful.
The API Key is needed as a parameter.
Internal error.
{ "access_token": "eyJraWQiOiI......XmpBTIDdR5w", "user_id": "9025398753de792d09fa384d202f", "expires_in": 3600, "expiration": 1512161390 }
Get service instances
List service instances of IBM Cloud Hyper Protect DBaaS on the server that is indicated by the URL.
GET /servicesRequest
Custom Headers
Valid IAM access token
curl -X GET \ "https://<ip>:<port>/api/v2/{user_id}/services" \ -H "x-auth-token: {access_token}" \ -H "accept: application/json"
Response
List of service instances.
An array of service instances.
Status Code
The request was successful.
The IAM access token specified by "x-auth-token" is invalid.
Internal error.
No Sample Response
Create a service instance
Create a service instance of IBM Cloud Hyper Protect DBaaS on the server that is indicated by the URL.
POST /servicesRequest
Custom Headers
Valid IAM access token.
Set to "yes" to agree to the license.
Information about the user you want to create.
Name of the new service to be created.
Example:
MyDBaaSServiceNameName of the IBM Cloud catalog, could be "hyperp-dbaas-postgresql" or "hyperp-dbaas-mongodb".
Example:
hyperp-dbaas-postgresqlName of the resource group that the new service should be created into.
Example:
DefaultName of the plan for the new service. Note that different plans lead to different rates. Valid value is one of "mongodb-free", "mongodb-small", "mongodb-medium", "mongodb-large", "postgresql-free", "postgresql-small", "postgresql-medium", "postgresql-large".
Example:
mongodb-freeName of the administrator of the new database.
Example:
adminAdministrator's initial password.
Example:
my_passwordThe full CRN (Cloud Resource Name) of the KMS (key management service) instance.
Example:
crn:v1:bluemix:public:kms:us-south:a/5b9cd17284125db65be173928b05bd50:e0e6a08c-f751-45ce-835f-9db8d01ff54a::The ID of one root key of the KMS (key management service) instance.
Example:
66f22ec7-1ca9-4ad4-bdae-4ad949470a7c
curl -X POST \ "https://<ip>:<port>/api/v2/{user_id}/services" \ -d '{"catalog": "hyperp-dbaas-postgresql", "name": <Service_Name>, "resource_group": "Default", "plan": "postgresql-free", "admin_name": "admin", "password": <password_for_admin>, "kms_instance":"<crn_of_kms_instance>", "kms_key":"<id_of_kms_key>"}' \ -H "x-auth-token: {access_token}" \ -H "content-type: application/json" \ -H "accept: application/json" \ -H "accept-license-agreement: yes"
Response
The response of create service API.
The ID of the relevant cluster.
Example:
b62026a0-b5ff-4f9a-8780-ecf28dd32c45The detailed information about the service.
Status Code
The asynchronous request has been submitted successfully.
One or more parameter error.
The IAM access token specified by "x-auth-token" is invalid.
Internal error.
No Sample Response
Get a service instance
Get the service instance of IBM Cloud Hyper Protect DBaaS on the server that is indicated by the URL.
GET /services/{service_guid}Request
Custom Headers
Valid IAM access token.
Path Parameters
The guid ("cluster_id" in DBaaS term) of the service instance.
curl -X GET \ "https://<ip>:<port>/api/v2/{user_id}/services/{service_guid}" \ -H "x-auth-token: {access_token}" \ -H "accept: application/json"
Response
The detailed information about the service.
The ID that is associated with the instance.
Example:
crn:v1:bluemix:public:hypersecuredbaas:us-east:a/485f4bfe66ee6cf533dcacda0472c336:b62026a0-b5ff-4f9a-8780-ecf28dd32c45::When you create a new resource, a GUID (globally unique identifier) is assigned. This is a unique internal GUID managed by Resource Controller that corresponds to the instance. This value is equal to "cluster_id"
Example:
b62026a0-b5ff-4f9a-8780-ecf28dd32c45When you provision a new resource, a relative URL path is created to identify the location of the instance.
Example:
/v1/resource_instances/crn%3Av1%3Abluemix%3Apublic%3Ahypersecuredbaas%3Aus-east%3Aa%2F485f4bfe66ee6cf533dcacda0472c336%3Ab62026a0-b5ff-4f9a-8780-ecf28dd32c45%3A%3AThe human-readable name of the instance.
Example:
MyTestCluster03An alpha-numeric value that identifies the account ID.
Example:
485f4bfe66ee6cf533dcacda0472c336The unique ID of the plan associated with the offering. This value is provided by and stored in the global catalog.
Example:
357878ba-badd-4a92-ad94-1b3aa60be2d5The short ID of the resource group.
Example:
7ae40c00d96140c6a271ee0df3368972The full CRN (Cloud Resource Name) associated with the instance. For more information about this format, see https://console.cloud.ibm.com/docs/overview/crn.html#crn.
Example:
crn:v1:bluemix:public:hypersecuredbaas:us-east:a/485f4bfe66ee6cf533dcacda0472c336:b62026a0-b5ff-4f9a-8780-ecf28dd32c45::The full deployment CRN (defined in the global catalog). The Cloud Resource Name (CRN) of the deployment location where the instance is provisioned.
Example:
crn:v1:bluemix:public:globalcatalog::::deployment:357878ba-badd-4a92-ad94-1b3aa60be2d5%3Aus-east32182The current state of the instance. For example, if the instance is deleted, it will return removed.
Example:
activeLast operation information.
The last operation type.
Example:
createThe operation state.
Example:
failedThe operation description.
Example:
create operationThe operation time.
Example:
2019-06-14T03:19:24.08955876Z
last_operation
The resource-broker-provided URL to access administrative features of the instance.
Example:
https://dbaas-dashboard.us-east.mybluemix.net?id=b62026a0-b5ff-4f9a-8780-ecf28dd32c45&account_id=485f4bfe66ee6cf533dcacda0472c336&plan_name=mongodb-freeThe relative path to the resource aliases for the instance.
Example:
/v1/resource_instances/crn%3Av1%3Abluemix%3Apublic%3Ahypersecuredbaas%3Aus-east%3Aa%2F485f4bfe66ee6cf533dcacda0472c336%3Ab62026a0-b5ff-4f9a-8780-ecf28dd32c45%3A%3A/resource_aliasesThe relative path to the resource bindings for the instance.
Example:
/v1/resource_instances/crn%3Av1%3Abluemix%3Apublic%3Ahypersecuredbaas%3Aus-east%3Aa%2F485f4bfe66ee6cf533dcacda0472c336%3Ab62026a0-b5ff-4f9a-8780-ecf28dd32c45%3A%3A/resource_bindingsThe relative path to the resource keys for the instance.
Example:
/v1/resource_instances/crn%3Av1%3Abluemix%3Apublic%3Ahypersecuredbaas%3Aus-east%3Aa%2F485f4bfe66ee6cf533dcacda0472c336%3Ab62026a0-b5ff-4f9a-8780-ecf28dd32c45%3A%3A/resource_keysThe plan history.
Resource plan ID.
Example:
ab547763-605f-4d83-a52e-f646249c8f89Start date.
Example:
2019-06-12T09:49:26.788894019ZRequestor ID.
Example:
IBMid-2700001320
plan_history
True if migrated otherwise false.
Example:
trueControlled by information.
Status Code
Get service instance successfully.
Can not find the service instance indicated by the guid.
Internal error.
No Sample Response
Delete a service instance
Delete a service instance of IBM Cloud Hyper Protect DBaaS on the server that is indicated by the URL.
DELETE /services/{service_guid}Request
Custom Headers
Valid IAM access token.
Path Parameters
The guid ("cluster_id" in DBaaS term) of the service instance to be deleted.
curl -X DELETE \ "https://<ip>:<port>/api/v2/services/{service_guid}" \ -H "x-auth-token: {access_token}" \ -H "accept: application/json"
Response
OK message object.
OK message.
Example:
ok
Status Code
The asynchronous request has been submitted successfully.
Can not find the service instance that is indicated by the guid.
Internal error.
{ "message": "ok" }
Get database cluster details
Get the detailed information about the specific database cluster that is indicated by its ID.
GET /clusters/{cluster_id}Request
Path Parameters
The ID of a cluster object.
curl -X GET \ "https://<ip>:<port>/api/v2/{user_id}/clusters/{cluster_id}" \ -H "x-auth-token: {access_token}" \ -H "accept: application/json"
Response
An object that shows detailed information about a cluster that has ID, name, state, three replicas, and so on.
The ID of the cluster object.
Example:
7f7aebb87d4fa262a18c8faca505b92aThe region of the cluster.
Example:
eu-deThe name of the cluster.
Example:
replica1The current state of the cluster.
Example:
PROVISIONEDThe reason why the cluster entered the failed state.
The type of the database cluster; currently, "mongodb" and "postgresql" are supported.
Example:
mongodbIBM Cloud Logging service url for DBA
Example:
https://logging.eu-fra.bluemix.net/app/#/kibana5/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(query_string:(analyze_wildcard:!t,query:'cluster_id_str:3d60c20a4709526ad299236881f9d54c')),sort:!('@timestamp',desc))IBM Cloud Monitoring service url
Example:
https://metrics.stage1.ng.bluemix.netThe number of replicas of the cluster to be created; currently only 3 is supported.
Example:
3The resources required by the cluster to be created.
The CPU number.
Example:
2The memory size in units MB, MiB, GB, GiB, TB or TiB.
Example:
20 GiBThe storage size in units MB, MiB, GB, GiB, TB or TiB.
Example:
20 TiB
resource
The external key information.
The CRN (Cloud Resource Name) of the KMS (key management service) instance.
Example:
crn:v1:staging:public:kms:us-south:a/23a24a3e3fe7a115473f07be1c44bdb5:9eeb285a-88e4-4378-b7cf-dbdcd97b5e4e::The ID of the root key of the KMS instance.
Example:
95d5e441-27e7-4715-a8a8-357871722585
external_key
The details of nodes that were created.
Example:The UTC time when the cluster object was created.
Example:
2017-06-22T19:10:51ZThe UTC time when the cluster object is updated.
Example:
2017-06-22T19:10:51Z
Status Code
The request was successful.
Parameter error.
Unauthorized.
Cluster unavailable.
Internal error.
{ "id": "7f7aebb87d4fa262a18c8faca505b92a", "region": "eu-de", "name": "replica1", "state": "RUNNING", "reason": "", "db_type": "mongodb", "log_url": "https://logging.eu-fra.bluemix.net/app/#/kibana5/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(query_string:(analyze_wildcard:!t,query:'cluster_id_str:3d60c20a4709526ad299236881f9d54c')),sort:!('@timestamp',desc))", "metric_url": "https://metrics.stage1.ng.bluemix.net", "replica_count": 3, "resource": { "cpu": 2, "memory": "20 GiB", "storage": "20 TiB" }, "external_key": { "kms_instance": "crn:v1:staging:public:kms:us-south:a/23a24a3e3fe7a115473f07be1c44bdb5:9eeb285a-88e4-4378-b7cf-dbdcd97b5e4e::", "kms_key": "95d5e441-27e7-4715-a8a8-357871722585" }, "nodes": [ { "id": "0286c5b91f9f079d9f1df91fceb391f9", "replica_state": "PRIMARY", "replication_lag": 0, "node_state": "RUNNING", "reason": "", "stopped_reason": "", "ip": "9.152.161.59:27019", "created_at": "2017-06-22T19:10:51Z", "updated_at": "2017-06-22T19:10:51Z", "is_metric_enabled": false, "is_logging_enabled": false }, { "id": "f197da44dbe3fca45e0ddbbb174d2d3f", "replica_state": "SECONDARY", "replication_lag": 0, "node_state": "RUNNING", "reason": "", "stopped_reason": "", "ip": "9.152.161.58:27019", "created_at": "2017-06-22T19:10:51Z", "updated_at": "2017-06-22T19:10:51Z", "is_metric_enabled": true, "is_logging_enabled": false }, { "id": "a93156690ecb7d741cd1a37ac0715ae3", "replica_state": "SECONDARY", "replication_lag": 0, "node_state": "RUNNING", "reason": "", "stopped_reason": "", "ip": "9.152.161.60:27019", "created_at": "2017-06-22T19:10:51Z", "updated_at": "2017-06-22T19:10:51Z", "is_metric_enabled": true, "is_logging_enabled": true } ], "created_at": "2017-06-22T19:10:51Z", "updated_at": "2017-06-22T19:10:51Z" }
List database users
List the information about all the users in the specified database cluster that is indicated by its ID.
GET /clusters/{cluster_id}/usersRequest
Path Parameters
The ID of a cluster object.
curl -X GET \ "https://<ip>:<port>/api/v2/{user_id}/clusters/{cluster_id}/users" \ -H "x-auth-token: {access_token}" \ -H "accept: application/json"
Response
Object of information about users.
User list
Status Code
The request was successful.
Unauthorized.
Cluster unavailable.
Internal error.
{ "users": [ { "auth_db": "admin", "name": "admin" }, { "auth_db": "mydb", "name": "syrena" } ] }
Get database user details
Get the detailed information about the user of a specified database cluster that is indicated by its ID.
GET /clusters/{cluster_id}/users/{db_user_id}Request
Path Parameters
The ID of a cluster object.
The ID of the user about which you want to get information. For MongoDB, it should be "authentication_database.username"; for example: "mydb.syrena". For PostgreSQL, it should be only "username"; for example: "syrena".
curl -X GET \ "https://<ip>:<port>/api/v2/{user_id}/clusters/{cluster_id}/users/{db_user_id}" \ -H "x-auth-token: {access_token}" \ -H "accept: application/json"
Response
A user information object received.
Name of the user.
Example:
syrenaThis field is only for MongoDB. Name of authentication database of the user. For more information about authentication database, see MongoDB documentation (https://docs.mongodb.com/manual/core/security-users/#user-authentication-database).
Example:
mydbDatabase access for the user you want to create.
Example:This field is only for PostgreSQL. For more information about role attributes, see PostgreSQL documentation (https://www.postgresql.org/docs/12/role-attributes.html).
Example:
Status Code
The request was successful.
Unauthorized.
Cluster unavailable, or the user ID not found.
Internal error.
{ "name": "syrena", "auth_db": "mydb", "db_access": [ { "db": "admin", "privileges": [ "userAdminAnyDatabase" ] }, { "db": "test", "privileges": [ "readWrite" ] } ] }
List databases
Get a list of all databases in a specified database cluster that is indicated by its ID.
GET /clusters/{cluster_id}/databasesRequest
Path Parameters
The ID of a cluster object.
curl -X GET \ "https://<ip>:<port>/api/v2/{user_id}/clusters/{cluster_id}/databases" \ -H "x-auth-token: {access_token}" \ -H "accept: application/json"
Response
Information about all databases in a cluster.
The result of the sum of all the size_on_disk fields, in bytes.
Example:
251658240A list of databases.
Example:
Status Code
The request was successful.
Unauthorized.
Cluster unavailable.
Internal error.
{ "total_size": 251658240, "databases": [ { "name": "admin", "size_on_disk": 83886080 }, { "name": "local", "size_on_disk": 83886080 }, { "name": "test", "size_on_disk": 83886080 } ] }
List database log files
List the latest log files of the node that is indicated by its ID.
GET /nodes/{node_id}/logsRequest
Path Parameters
The ID of a node object.
curl -X GET \ "https://<ip>:<port>/api/v2/{user_id}/nodes/{node_id}/logs" \ -H "x-auth-token: {access_token}" \ -H "accept: application/json"
Response
Logs object.
Log file list.
Example:
Status Code
The request was successful.
Unauthorized.
Required resource does not exist; this is usually caused by passing an invalid node ID.
Internal error.
{ "logs": [ { "filename": "mongod.log", "size": 6800, "last_modified": "2018-06-05 05:04:27" }, { "filename": "mongod.log.20180604-1528094566", "size": 531015965, "last_modified": "2018-06-04 06:42:46" }, { "filename": "postgresql.log.20180812-030816", "size": 7118432, "last_modified": "2018-08-12 03:08:16" } ] }
Get log details
Get the content of the specified log file of the node that is indicated by its ID.
GET /nodes/{node_id}/logs/{log_name}Request
Custom Headers
Allowable values: [
application/json,application/x-download]
Path Parameters
The ID of a node object.
The name of the log file.
curl -X GET \ "https://<ip>:<port>/api/v2/{user_id}/nodes/{node_id}/logs/{log_name}" \ -o {log_name} \ -H "x-auth-token: {access_token}" \ -H "accept: application/json"
Response
File downloaded.
Status Code
The request was successful. A log file stream will be returned.
Unauthorized.
Required resource does not exist; this is usually caused by passing an invalid node ID.
Internal error.