All Products
Search
Document Center

Key Management Service:Integration overview

Last Updated:Dec 06, 2024

Key Management Service (KMS) provides a console for visual operations and multiple methods for calling API operations, including OpenAPI Explorer, Alibaba Cloud SDK, and Terraform. OpenAPI Explorer supports online debugging of API operations.

Overview of OpenAPI Explorer

Alibaba Cloud provides OpenAPI Explorer for developers to understand and use the API operations of various Alibaba Cloud services in a quick and efficient manner. OpenAPI Explorer integrates the following features for API operations: intelligent search, documentation, online debugging, SDK obtaining, CodeSample, call error diagnosis, and call statistics. In OpenAPI Explorer, you can call API operations of Alibaba Cloud services and view API requests and responses. In addition, OpenAPI Explorer automatically generates the corresponding SDK sample code to facilitate use of Alibaba Cloud services. For more information, see What is an API?

Version Description

OpenAPI Explorer supports online debugging for APIs of the 2016-01-20 version. 2016-01-20 is an API version number instead of a date. Users are provided with the latest public information about the API. 2016-01-20 is the up-to-date version of the KMS API. For more information about how to view the version of an API, see API version.

Version

Description

2016-01-20

Recommended

Online debugging

KMS provides features such as API debugging in OpenAPI Explorer. Before you call API operations, take note of the following information provided by KMS: versions, endpoints, and parameters.

The URL of the API debugging page is https://next.api.alibabacloud.com/api/Kms/2016-01-20.

image

Endpoints

We recommend that you select an endpoint based on the region in which the resource you want to access resides to reduce latency. For example, if KMS resides in the China (Hangzhou) region, the public endpoint is kms.cn-hangzhou.aliyuncs.com and the virtual private cloud (VPC) endpoint is kms-vpc.cn-hangzhou.aliyuncs.com

  • Public endpoints can be accessed globally.

  • VPC endpoints are accessible only from within a VPC in a specific Alibaba Cloud region. VPC endpoints provide the following advantages:

    • Higher security: VPC endpoints can be accessed only from within a VPC. This provides higher security and privacy.

    • Faster response: VPC endpoints use the internal network environment to deliver faster responses than those of public endpoints. In addition, by using VPC endpoints, you are free from issues such as network latency and bandwidth limits.

    • Low cost: VPC endpoints are accessed over an internal network.

The detailed endpoints are as follows:

  • Regions in China

    Region name

    Region ID

    Public endpoint

    VPC address

    China (Hangzhou)

    cn-hangzhou

    kms.cn-hangzhou.aliyuncs.com

    kms-vpc.cn-hangzhou.aliyuncs.com

    China (Shanghai)

    cn-shanghai

    kms.cn-shanghai.aliyuncs.com

    kms-vpc.cn-shanghai.aliyuncs.com

    China (Shenzhen)

    cn-shenzhen

    kms.cn-shenzhen.aliyuncs.com

    kms-vpc.cn-shenzhen.aliyuncs.com

    China (Heyuan)

    cn-heyuan

    kms.cn-heyuan.aliyuncs.com

    kms-vpc.cn-heyuan.aliyuncs.com

    China (Guangzhou)

    cn-guangzhou

    kms.cn-guangzhou.aliyuncs.com

    kms-vpc.cn-guangzhou.aliyuncs.com

    China (Qingdao)

    cn-qingdao

    kms.cn-qingdao.aliyuncs.com

    kms-vpc.cn-qingdao.aliyuncs.com

    China (Beijing)

    cn-beijing

    kms.cn-beijing.aliyuncs.com

    kms-vpc.cn-beijing.aliyuncs.com

    China (Zhangjiakou)

    cn-zhangjiakou

    kms.cn-zhangjiakou.aliyuncs.com

    kms-vpc.cn-zhangjiakou.aliyuncs.com

    China (Hohhot)

    cn-huhehaote

    kms.cn-huhehaote.aliyuncs.com

    kms-vpc.cn-huhehaote.aliyuncs.com

    China (Ulanqab)

    cn-wulanchabu

    kms.cn-wulanchabu.aliyuncs.com

    kms-vpc.cn-wulanchabu.aliyuncs.com

    China (Chengdu)

    cn-chengdu

    kms.cn-chengdu.aliyuncs.com

    kms-vpc.cn-chengdu.aliyuncs.com

    China (Hong Kong)

    cn-hongkong

    kms.cn-hongkong.aliyuncs.com

    kms-vpc.cn-hongkong.aliyuncs.com

  • Regions outside China

    Region name

    Region ID

    Public endpoint

    VPC address

    Singapore

    ap-southeast-1

    kms.ap-southeast-1.aliyuncs.com

    kms-vpc.ap-southeast-1.aliyuncs.com

    Malaysia (Kuala Lumpur)

    ap-southeast-3

    kms.ap-southeast-3.aliyuncs.com

    kms-vpc.ap-southeast-3.aliyuncs.com

    Indonesia (Jakarta)

    ap-southeast-5

    kms.ap-southeast-5.aliyuncs.com

    kms-vpc.ap-southeast-5.aliyuncs.com

    Philippines (Manila)

    Important

    In this region, only one zone exists and the service-level agreement (SLA) is not guaranteed.

    ap-southeast-6

    kms.ap-southeast-6.aliyuncs.com

    kms-vpc.ap-southeast-6.aliyuncs.com

    Thailand (Bangkok)

    Important

    In this region, only one zone exists and the SLA is not guaranteed.

    ap-southeast-7

    kms.ap-southeast-7.aliyuncs.com

    kms-vpc.ap-southeast-7.aliyuncs.com

    Japan (Tokyo)

    ap-northeast-1

    kms.ap-northeast-1.aliyuncs.com

    kms-vpc.ap-northeast-1.aliyuncs.com

    Germany (Frankfurt)

    eu-central-1

    kms.eu-central-1.aliyuncs.com

    kms-vpc.eu-central-1.aliyuncs.com

    UK (London)

    eu-west-1

    kms.eu-west-1.aliyuncs.com

    kms-vpc.eu-west-1.aliyuncs.com

    US (Silicon Valley)

    us-west-1

    kms.us-west-1.aliyuncs.com

    kms-vpc.us-west-1.aliyuncs.com

    US (Virginia)

    us-east-1

    kms.us-east-1.aliyuncs.com

    kms-vpc.us-east-1.aliyuncs.com

    UAE (Dubai)

    me-east-1

    kms.me-east-1.aliyuncs.com

    kms-vpc.me-east-1.aliyuncs.com

Identities

After you log on to OpenAPI Explorer by using your Alibaba Cloud account, OpenAPI Explorer uses your Alibaba Cloud account to debug API operations online by default. An Alibaba Cloud account has permissions on all API operations. Security risks may arise if you use an Alibaba Cloud account to call API operations. We strongly recommend that you call API operations or perform routine O&M as a Resource Access Management (RAM) user. Before you call API operations by using a RAM user, grant the required permissions to the RAM user based on your business requirements. For more information, see Use RAM to implement access control.

Identity

Supported

Alibaba Cloud account

Yes

RAM user (recommended)

Yes

RAM role (recommended)

Yes

References

Integration methods

Note

SDKs can be easily integrated with your applications and cover the widest range of operations. We recommend that you use SDKs to call API operations.

Integration method

Supported

Alibaba Cloud SDK

Yes

Alibaba Cloud CLI

Yes

ROS

No

Terraform

Partially

Custom API encapsulation

Yes

Alibaba Cloud SDK

  • Alibaba Cloud provides SDKs in multiple programming languages, such as Java, C#, Go, Python, Node.js, TypeScript, PHP, and C++. You can integrate the SDKs with your applications to directly call API operations. SDKs encapsulate various information, including the data signing logic, timeout mechanism, and retry mechanism. SDKs return structured response objects based on specifications to facilitate development. For more information, see Alibaba Cloud SDK.

  • You can use KMS SDK to call API operations. For more information about the programming languages supported by KMS SDK and how to install related dependencies, see KMS SDK.

Alibaba Cloud CLI

ROS

  • Resource Orchestration Service (ROS) is an Alibaba Cloud service that can simplify the management of cloud computing resources. You can create a template to describe the cloud computing resources that you need, such as Elastic Compute Service (ECS) and ApsaraDB RDS instances, and the relationship between the resources. ROS automatically creates and configures all the resources based on the template to implement automated deployment and O&M. For more information, see What is ROS?

  • You cannot use ROS to call the API operations of KMS.

Terraform

  • Terraform is an open source tool that is used to preview, configure, and manage cloud infrastructure and resources in a secure and efficient manner. Terraform works in a similar way as ROS. Terraform calls API operations by interpreting templates. For more information, see What is Terraform?

  • For more information, see Overview.

Custom API encapsulation

To make native HTTP calls, you must construct custom requests and sign the requests. For more information about the signature mechanism, see List of operations by function and Request syntax and signature method V3.

Usage notes

  • The number of queries per second (QPS) that an Alibaba Cloud account can initiate varies based on the API operation. For more information, see the QPS limits section in the API reference of each operation.

    Note

    All RAM users that belong to an Alibaba Cloud account share the QPS quota of the Alibaba Cloud account.

  • If an error is returned after you call an API operation of KMS, check whether the input parameters and values are valid based on the returned error code. For more information, see Common error codes.

  • You can also use the Alibaba Cloud OpenAPI Diagnostics platform to perform self-service diagnostics based on the returned request ID or SDK error message.