Key Management Service (KMS) provides a console for visual operations and multiple methods for calling API operations, including OpenAPI Explorer, Alibaba Cloud SDK, and Terraform. OpenAPI Explorer supports online debugging of API operations.
Overview of OpenAPI Explorer
Alibaba Cloud provides OpenAPI Explorer for developers to understand and use the API operations of various Alibaba Cloud services in a quick and efficient manner. OpenAPI Explorer integrates the following features for API operations: intelligent search, documentation, online debugging, SDK obtaining, CodeSample, call error diagnosis, and call statistics. In OpenAPI Explorer, you can call API operations of Alibaba Cloud services and view API requests and responses. In addition, OpenAPI Explorer automatically generates the corresponding SDK sample code to facilitate use of Alibaba Cloud services. For more information, see What is an API?
Version Description
OpenAPI Explorer supports online debugging for APIs of the 2016-01-20
version. 2016-01-20
is an API version number instead of a date. Users are provided with the latest public information about the API. 2016-01-20
is the up-to-date version of the KMS API. For more information about how to view the version of an API, see API version.
Version | Description |
Recommended |
Online debugging
KMS provides features such as API debugging in OpenAPI Explorer. Before you call API operations, take note of the following information provided by KMS: versions, endpoints, and parameters.
The URL of the API debugging page is https://next.api.alibabacloud.com/api/Kms/2016-01-20.
Endpoints
We recommend that you select an endpoint based on the region in which the resource you want to access resides to reduce latency. For example, if KMS resides in the China (Hangzhou) region, the public endpoint is kms.cn-hangzhou.aliyuncs.com
and the virtual private cloud (VPC) endpoint is kms-vpc.cn-hangzhou.aliyuncs.com
Public endpoints can be accessed globally.
VPC endpoints are accessible only from within a VPC in a specific Alibaba Cloud region. VPC endpoints provide the following advantages:
Higher security: VPC endpoints can be accessed only from within a VPC. This provides higher security and privacy.
Faster response: VPC endpoints use the internal network environment to deliver faster responses than those of public endpoints. In addition, by using VPC endpoints, you are free from issues such as network latency and bandwidth limits.
Low cost: VPC endpoints are accessed over an internal network.
The detailed endpoints are as follows:
Regions in China
Region name
Region ID
Public endpoint
VPC address
China (Hangzhou)
cn-hangzhou
kms.cn-hangzhou.aliyuncs.com
kms-vpc.cn-hangzhou.aliyuncs.com
China (Shanghai)
cn-shanghai
kms.cn-shanghai.aliyuncs.com
kms-vpc.cn-shanghai.aliyuncs.com
China (Shenzhen)
cn-shenzhen
kms.cn-shenzhen.aliyuncs.com
kms-vpc.cn-shenzhen.aliyuncs.com
China (Heyuan)
cn-heyuan
kms.cn-heyuan.aliyuncs.com
kms-vpc.cn-heyuan.aliyuncs.com
China (Guangzhou)
cn-guangzhou
kms.cn-guangzhou.aliyuncs.com
kms-vpc.cn-guangzhou.aliyuncs.com
China (Qingdao)
cn-qingdao
kms.cn-qingdao.aliyuncs.com
kms-vpc.cn-qingdao.aliyuncs.com
China (Beijing)
cn-beijing
kms.cn-beijing.aliyuncs.com
kms-vpc.cn-beijing.aliyuncs.com
China (Zhangjiakou)
cn-zhangjiakou
kms.cn-zhangjiakou.aliyuncs.com
kms-vpc.cn-zhangjiakou.aliyuncs.com
China (Hohhot)
cn-huhehaote
kms.cn-huhehaote.aliyuncs.com
kms-vpc.cn-huhehaote.aliyuncs.com
China (Ulanqab)
cn-wulanchabu
kms.cn-wulanchabu.aliyuncs.com
kms-vpc.cn-wulanchabu.aliyuncs.com
China (Chengdu)
cn-chengdu
kms.cn-chengdu.aliyuncs.com
kms-vpc.cn-chengdu.aliyuncs.com
China (Hong Kong)
cn-hongkong
kms.cn-hongkong.aliyuncs.com
kms-vpc.cn-hongkong.aliyuncs.com
Regions outside China
Region name
Region ID
Public endpoint
VPC address
Singapore
ap-southeast-1
kms.ap-southeast-1.aliyuncs.com
kms-vpc.ap-southeast-1.aliyuncs.com
Malaysia (Kuala Lumpur)
ap-southeast-3
kms.ap-southeast-3.aliyuncs.com
kms-vpc.ap-southeast-3.aliyuncs.com
Indonesia (Jakarta)
ap-southeast-5
kms.ap-southeast-5.aliyuncs.com
kms-vpc.ap-southeast-5.aliyuncs.com
Philippines (Manila)
ImportantIn this region, only one zone exists and the service-level agreement (SLA) is not guaranteed.
ap-southeast-6
kms.ap-southeast-6.aliyuncs.com
kms-vpc.ap-southeast-6.aliyuncs.com
Thailand (Bangkok)
ImportantIn this region, only one zone exists and the SLA is not guaranteed.
ap-southeast-7
kms.ap-southeast-7.aliyuncs.com
kms-vpc.ap-southeast-7.aliyuncs.com
Japan (Tokyo)
ap-northeast-1
kms.ap-northeast-1.aliyuncs.com
kms-vpc.ap-northeast-1.aliyuncs.com
Germany (Frankfurt)
eu-central-1
kms.eu-central-1.aliyuncs.com
kms-vpc.eu-central-1.aliyuncs.com
UK (London)
eu-west-1
kms.eu-west-1.aliyuncs.com
kms-vpc.eu-west-1.aliyuncs.com
US (Silicon Valley)
us-west-1
kms.us-west-1.aliyuncs.com
kms-vpc.us-west-1.aliyuncs.com
US (Virginia)
us-east-1
kms.us-east-1.aliyuncs.com
kms-vpc.us-east-1.aliyuncs.com
UAE (Dubai)
me-east-1
kms.me-east-1.aliyuncs.com
kms-vpc.me-east-1.aliyuncs.com
Identities
After you log on to OpenAPI Explorer by using your Alibaba Cloud account, OpenAPI Explorer uses your Alibaba Cloud account to debug API operations online by default. An Alibaba Cloud account has permissions on all API operations. Security risks may arise if you use an Alibaba Cloud account to call API operations. We strongly recommend that you call API operations or perform routine O&M as a Resource Access Management (RAM) user. Before you call API operations by using a RAM user, grant the required permissions to the RAM user based on your business requirements. For more information, see Use RAM to implement access control.
Identity | Supported |
Yes | |
RAM user (recommended) | Yes |
RAM role (recommended) | Yes |
References
Integration methods
SDKs can be easily integrated with your applications and cover the widest range of operations. We recommend that you use SDKs to call API operations.
Integration method | Supported |
Yes | |
Yes | |
No | |
Partially | |
Yes |
Alibaba Cloud SDK
Alibaba Cloud provides SDKs in multiple programming languages, such as Java, C#, Go, Python, Node.js, TypeScript, PHP, and C++. You can integrate the SDKs with your applications to directly call API operations. SDKs encapsulate various information, including the data signing logic, timeout mechanism, and retry mechanism. SDKs return structured response objects based on specifications to facilitate development. For more information, see Alibaba Cloud SDK.
You can use KMS SDK to call API operations. For more information about the programming languages supported by KMS SDK and how to install related dependencies, see KMS SDK.
Alibaba Cloud CLI
You can run
aliyun
commands to interact with Alibaba Cloud services and manage cloud service resources. For more information, see What is Alibaba Cloud CLI?You can use Alibaba Cloud CLI to call the API operations of KMS. For more information, see User guide of Alibaba Cloud CLI.
ROS
Resource Orchestration Service (ROS) is an Alibaba Cloud service that can simplify the management of cloud computing resources. You can create a template to describe the cloud computing resources that you need, such as Elastic Compute Service (ECS) and ApsaraDB RDS instances, and the relationship between the resources. ROS automatically creates and configures all the resources based on the template to implement automated deployment and O&M. For more information, see What is ROS?
You cannot use ROS to call the API operations of KMS.
Terraform
Terraform is an open source tool that is used to preview, configure, and manage cloud infrastructure and resources in a secure and efficient manner. Terraform works in a similar way as ROS. Terraform calls API operations by interpreting templates. For more information, see What is Terraform?
For more information, see Overview.
Custom API encapsulation
To make native HTTP calls, you must construct custom requests and sign the requests. For more information about the signature mechanism, see List of operations by function and Request syntax and signature method V3.
Usage notes
The number of queries per second (QPS) that an Alibaba Cloud account can initiate varies based on the API operation. For more information, see the QPS limits section in the API reference of each operation.
NoteAll RAM users that belong to an Alibaba Cloud account share the QPS quota of the Alibaba Cloud account.
If an error is returned after you call an API operation of KMS, check whether the input parameters and values are valid based on the returned error code. For more information, see Common error codes.
You can also use the Alibaba Cloud OpenAPI Diagnostics platform to perform self-service diagnostics based on the returned request ID or SDK error message.