This is the multi-page printable view of this section. Click here to print.
Datum Cloud provides a declarative API platform to create the infrastructure necessary to deploy and manage services with advanced networking capabilities. Many of our APIs are exposed through a Kubernetes API as Custom Resources enabling you to use much of the tooling available within the Kubernetes ecosystem to interact with our API.
Continue reading the guides below to understand how to connect and interact with the Datum Cloud API.
The Datum Cloud platform supports users authenticating with the API with
short-lived Bearer tokens. Bearer tokens can be created by creating a Personal
Access Token in the Datum Cloud Portal and using the
https://api.datum.net/datum-os/oauth/token/exchange API endpoint to exchange
the Personal Access Token for a short-lived bearer token.
▶ curl https://api.datum.net/datum-os/oauth/token/exchange \
-H "Authorization: Bearer $PAT" -sS | jq
{
"access_token": "[[redacted]]",
"token_type": "Bearer"
}
Use the returned API token to authenticate with the Datum Cloud control planes. The token should be refreshed every hour.
datumctl auth get-token command to quickly grab a short-lived
access token that can be used to authenticate with the Datum Cloud API.Invalid authentication tokens or unauthorized requests will result in the same 403 Forbidden error.
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "forbidden: User \"system:anonymous\" cannot get path \"/openapi/v3\"",
"reason": "Forbidden",
"details": {},
"code": 403
}
The Datum Cloud platform is comprised of multiple control planes that users can interact with to manage their organization’s resources.
A control plane is the central component responsible for managing and reconciling resources within the system. It continuously monitors the declared state of customer-defined configurations and ensures that the actual system state aligns with those definitions.
The Datum Cloud control plane acts as the authoritative source of truth, processing API requests, validating configurations, and coordinating underlying infrastructure changes. It maintains resource consistency by detecting deviations and automatically applying corrective actions.
There are two primary control planes that users will interact with to manage the resources deployed within their organization.
Most users will interact with a project control plane to manage resources.
The following base URL can be used to access an organization’s control plane:
https://api.datum.net/apis/resourcemanager.datumapis.com/v1alpha/organizations/{organization_id}/control-plane
Projects created in an organization’s control plane will have their own control plane created to manage resources. Use the following base URL to access a project’s control plane:
https://api.datum.net/apis/resourcemanager.datumapis.com/v1alpha/projects/{project_id}/control-plane
Every control plane exports the APIs available in the control plane by exporting
an OpenAPI for each service at the /openapi/v3 URL. For example, here’s an
example that demonstrates some services available in an organization’s control
plane.
$ curl -sS 'https://api.datum.net/apis/resourcemanager.datumapis.com/v1alpha/organizations/{organization_id}/control-plane/openapi/v3' \
-H "Authorization: Bearer $(datumctl auth get-token)"
{
"paths": {
"apis/resourcemanager.datumapis.com/v1alpha": {
"serverRelativeURL": "/openapi/v3/apis/resourcemanager.datumapis.com/v1alpha?hash=D0A1DF465E973D5C8FC30D065B864272955A66C14609154E7EAECC0426C71E99F3982ECBA4D5C6C92EC3DF497E159F2129D0F8A20CDC8E5746583D1BFEA80A52"
},
]
}
The URL provided in the response can be used to retrieve the OpenAPI v3 spec for the service.