Following knowledges are required in common to use SSS API.

• Smart Data Platform API is a set of HTTP request / response to control your Smart Data Platform resources. Here "resources" includes not only Virtual Machine, Network, but includes your own user, tenant, contract itself.
• In following chapters, we describe general usage of Smart Data Platform APIs.

• SSS is a service conponent in Smart Data Platform, it provides some APIs to control your
  1. Contract: Smart Data Platform is a unit of billing. Each tenant, user, and other resource. belong to contract, and each contract can have separate billing address.
  2. Tenants: Tenant is a "box" which your computing resources belong.
  3. Users: User is a unit of authentication / authorization. Each user has itown API key / API sercret, and login id and password.
  4. Role: Tenant accessibility of each user for each tenant.
  5. API keys (and permissions): Set of strings which identifies / authenticates who you are in API request.

• First of all, you have to generate your own API key and API secret from SSS control panel to use APIs. Login to Smart Data Platform, and access to "Profile" in header.

  

• If your API availability status is set to Unavailable, edit this setting to Available to enable API access.
• Make sure to assign appropriate IAM Groups and IAM Roles to access SDPF APIs. For more information, please visit this link.
• You can now generate your API key by clicking the button below.

• You can check your API Key and API Secret Key on the next screen.
• The API Secret Key can only be confirmed on this screen, so if the information is lost, it must be reissued. In addition, the previous API key will become invalid if reissued. Therefore, please take care to securely store your API Secret key in a secure manner.

• Note these two strings to use in the following steps, and you also can transit API Reference top page. You can check all Smart Data Platform endpoints in API Reference top page.

• You can access to all SDPF services' API of any region with this api key pair.

• For Example, this endpoint depends on your contract's default region. Default is GL1 (Global) region: https://api.ntt.com/sss/api

• You can use SSS API in other regions by specifying region in endpoint. Replace {region_name} with a region name (ex: jp1).

  • https://sss-{region_name}-ecl.api.ntt.com/api

• Note that some parameters may not be returned depends on the endpoint you selected.

• You have to specify tenant id (or tenant name) to control computing resources via API. First of all, select workspace to go to the workspace selection screen.

• Next, select the workspace to which the tenant to be operated belongs.

• Next, select "Detail" in the workspace.

• Then the tenant ID will be displayed.

• (This procedure is required only when you are using APIs for contorolling tenant resources. You don't need to specify tenant when you are using SSS API.)

• Most of Smart Data Platform API requires authentication with "Keystone", which is API authenticator defaults to Openstack (Some service in Smart Data Platform have its own authentication).

• Keystone requires "API key" and "API secret", and "tenant id" or "tenant name" you are to control.

• Following sample shows request sample of Keystone authentication.

curl -i \
-H "Content-Type: application/json" \
-d '
{
  "auth": {
      "identity": {
          "methods": [
              "password"
          ],
          "password": {
              "user": {
                  "domain": {
                      "id": "default"
                  },
                  "name": "YoNZW2nvy04STyHHpzuwLkAjDuP9z4RZ",
                  "password": "ZDvAof5wKtN6AEZh"
              }
          }
      },
      "scope": {
          "project": {
              "id": "bff444188b6f46adaa4e1e64051f4125"
          }
      }
  }
}' \
https://api.ntt.com/keystone/v3/auth/tokens

• ("project" is the same meaning to "tenant" in Openstack)

• Tenant id/name is not required for using SSS API. In this case you can simply omit "scope" object from json body.

curl -i \
-H "Content-Type: application/json" \
-d '
{
  "auth": {
      "identity": {
          "methods": [
              "password"
          ],
          "password": {
              "user": {
                  "domain": {
                      "id": "default"
                  },
                  "name": "YoNZW2nvy04STyHHpzuwLkAjDuP9z4RZ",
                  "password": "ZDvAof5wKtN6AEZh"
              }
          }
      }
  }
}' \
https://api.ntt.com/keystone/v3/auth/tokens

• Response should includes:

  • X-Subject-Token in header (HTTP Response header name is case insensitive.)
  • JSON body (your role, tenant information, list of service endpoints)

• if your name / password / tenant id (or tenant name) is collect.

• X-Subject-Token is a essential information for API authentication, and you use this string in following steps. (We call this string just "token" after here.)

• Obtained token lifetime is 1 hour.

• See Get Keystone Token for more info.

---

• Keystone is allocated in each region, so if you are trying to use regional services, you need to get token from a Keystone which the service belongs.

• Usually, you can use GL1 (Global) APIs endpoint only. If you want to use other endpoints, please execute folowing.

  • The case you are admin user, please create the region's tenant with GL1 SSS API endpoint.
  • The case you are not admin user, please ask to the admin user to create role between you and the region's tenant.

• Keystone API endpoints are described as follows.

Region	Keystone Endpoint
GL1 (Global)	https://api.ntt.com/keystone
Other regions	https://keystone-{region_name}-ecl.api.ntt.com

• For example, keystone-jp1-ecl.api.ntt.com is a Keystone URL for JP1 region.

• In following sections, we describe SSS API as example. See other documents for other service components' API.

• Smart Data Platform SSS API endpoints are described as follows.

Region	SSS Endpoint
GL1 (Global)	https://api.ntt.com/sss/api
Other regions	https://sss-{region_name}-ecl.api.ntt.com/api

• The default region that newly create users belong to is GL1.

• Whichever endpoint you use, you need to first get a token from the same region. If you use GL1, call APIs in the following order:

# Get token from below
https://api.ntt.com/keystone/v3/

# Then call the API with the token
https://api.ntt.com/sss/api/v2/{resource}

• In the same way, if you want to use JP7 region, first get a keystone token and then call the SSS API:

# Get token from below
https://keystone-jp7-ecl.api.ntt.com/v3/

# Then call the API with the token
https://sss-jp7-ecl.api.ntt.com/api/v2/{resource}

• As SSS data is synced all over the world, any region endpoint can be used for most of SSS API, but some "regional" data includes in response from the contract's default region.

• Once you determine SSS api endpoint, you can throw request.
  • SSS API is standard REST API, which uses json body as request / response.
  • Designate "X-Auth-Token" in header and set the token you got as value
  • TLS 1.0/1.2 algorithm is recommended for HTTP secure protocol.
  • For POST / PUT (requires body) request, set "Content-Type: application/json" in header

GET request example

curl -1 -iv -X GET -H "X-Auth-Token: 0a07185f627142fbba2f9a4b53c99015" https://api.ntt.com/sss/api/v2/workspaces

POST request example

curl -1 -iv -X POST -H "Content-Type: application/json" -H "X-Auth-Token: 0a07185f627142fbba2f9a4b53c99015" -d '{
  "login_id": "test001",
  "mail_address": "test@ntt.com",
  "password": "Dsrtf34ht",
  "contract_id": "econXXXXXXXXX",
  "notify_password": "true"
}' https://api.ntt.com/sss/api/v2/users

Date	Version	Detail
2024/09/18	3.0.0	Added v2 "Login Ip Address Restriction" APIs. / Update attributes of User APIs.
2024/06/11	2.8.0	Added v2 "Get Your Own User Information" API.
2024/05/14	2.7.3	Added some response parameter of Contract/Menu API.
2023/12/19	2.5.2	Closed v1.0 Billing APIs.
2023/08/09	2.5.1	Added v2 "Create API-Only User" API. / Added v2 "Available Menus for Channel" APIs. Migrated API documentation to OpenAPI Specification format.
2023/05/24	2.4.1	Added a new parameter "description" to v1.0/v2 Contract APIs. / Added v2 Bookmarked Menus APIs
2022/08/02	2.3.0	Added some request/response parameter of v1.0/v2 GetApprovalRequest/ListApprovalRequest API.
2022/04/19	2.2.3	Added v2 Update API Availability API.Remove/Add some parameters of v1.0/v2 user API.
2021/11/09	2.1.2	Added v2 billing API / login event API and remove some parameters of v1.0/v2 user API.
2021/05/25	2.0.0	Added v2 API and fixed some parameters of v1.0 API.
2020/03/09	1.11.0	Added some response parameter of GetContract/CreateUser/GetUser API.
2019/10/01	1.8.2	Changed service name (Enterprise Cloud 2.0 -> Smart Data Platform). Added one API of Contract API (CreateBillingBulkFile(WholeSale)_ForPartnerOnly API). Change billing infomation's format of Contract API(GetBilling API/GetBilling_ForPartnerOnly API).
2019/03/19	1.7.1	Added 2 APIs of User API(Update Auto Role Settings API)/Contract API(Search Contracts API).
2018/09/04	1.6.1	Added 7 APIs of Notification API/Contract API(about BulkBillingFile)/Update Tenant API. Modify Reason Phase of HTTP Response. (ex. 200 OK => 200 200, 404 Not Found => 404 404)
2018/06/12	1.6.0	Added an API of "Change Contract Information(For partner user only)".
2018/03/04	1.5.2	Added 11 APIs of "UserType Management API" and "Contract Group Management API".
2017/08/30	1.4.1	Added notes to GetBilling API/DeleteTenant API.
2017/05/16	1.4.1	Added an API of "Contract Owner Change" / Added a csv format of GetBilling API's response.
2017/03/30	1.4.0	Added 3 APIs of "Approval API".
2017/02/03	1.3.0	Added 2 APIs of "ECL 2.0 IAM API" / Modified CreateContract API response.
2016/10/04	1.2.0	Added "ECl 2.0 IAM API" description.
2016/05/19	1.1.0	Added 5 APIs only for Partner User.
2016/03/01	1.0.0	Initial version.

Infomation on Keystone API