Astra DevOps API (2.3.0)

Download OpenAPI specification:Download

Use this REST API to manage your DataStax Astra DB organizations and perform lifecycle actions for your Astra DB databases.

To get started, use the /v2/clientIdSecrets endpoints to create a token to authenticate your API calls.

Authentication

Generate and revoke tokens that are used to authenticate DevOps API operations.

Create a new AstraCS token

Authorizations:
BearerAuth
Request Body schema: application/json

The model for creating a token

roles
required
Array of strings

The roles with which the token will be created.

orgId
string

The UUID of the organization under which the token will be created (optional). If not provided, the token will be created under the organization/enterprise of the token making the request.

Responses

Request samples

Content type
application/json
{
  • "roles": [
    ],
  • "orgId": "uuid"
}

Response samples

Content type
application/json
{
  • "clientId": "string",
  • "secret": "string",
  • "orgId": "uuid",
  • "roles": [
    ],
  • "token": "uuid"
}

Get a list of tokens for an org

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Deletes a token

Authorizations:
BearerAuth
path Parameters
clientId
required
string

clientID to revoke token for

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Get a list of clients for an org

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

generateTokenForClient

Authorizations:
BearerAuth
Request Body schema: application/json

The model for generating token for client

roles
required
Array of strings

Responses

Request samples

Content type
application/json
{
  • "roles": [
    ]
}

Response samples

Content type
application/json
[
  • {
    }
]

Revokes a token

Authorizations:
BearerAuth
path Parameters
clientId
required
string

clientID to revoke token for

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Database Operations

Use these DevOps APIs to manage Astra databases. Resize is for Astra Classic databases only.

Returns a list of databases

Get a list of databases visible to the user

Authorizations:
BearerAuth
query Parameters
include
string
Default: "nonterminated"
Enum: "nonterminated" "all" "active" "pending" "preparing" "prepared" "initializing" "parked" "parking" "unparking" "terminating" "terminated" "resizing" "error" "maintenance" "suspended" "suspending"

Allows filtering so that databases in listed states are returned

provider
string
Default: "ALL"
Enum: "ALL" "GCP" "AWS" "AZURE"

Allows filtering so that databases from a given provider are returned

starting_after
string

Optional parameter for pagination purposes. Used as this value for starting retrieving a specific page of results

limit
integer [ 1 .. 100 ]
Default: 25

Optional parameter for pagination purposes. Specify the number of items for one page of data

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a new database

Takes a user provided databaseInfo and returns the uuid for a new database

Authorizations:
BearerAuth
Request Body schema: application/json
required

Definition of new database

name
required
string

Name of the database--user friendly identifier

keyspace
string

(Optional) Keyspace name in database. If not passed, keyspace is created with name "default_keyspace"

cloudProvider
required
string
Enum: "AWS" "GCP" "AZURE"

CloudProvider where the database lives

tier
required
string
Enum: "developer" "C10" "C20" "C40" "D10" "D20" "D40" "serverless"

Tier defines the compute power (vertical scaling) for the database, developer gcp is the free tier.

capacityUnits
required
integer [ 1 .. 100 ]

CapacityUnits is the amount of space available (horizontal scaling) for the database. For free tier the max CU's is 1, and 100 for CXX/DXX the max is 12 on startup.

region
required
string

Region refers to the cloud region.

dbType
string
Value: "vector"

Type of the serverless database, currently only supported value is "vector". "vector" creates a cassandra database with vector support. Field not being inputted creates default serverless database.

Responses

Request samples

Content type
application/json
{
  • "name": "mySplendidDatabase",
  • "keyspace": "myKeyspace",
  • "cloudProvider": "AWS",
  • "tier": "developer",
  • "capacityUnits": 1,
  • "region": "us-west-2",
  • "dbType": "vector"
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Finds database by ID

Returns specified database

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

Responses

Response samples

Content type
application/json
{
  • "id": "1234-5678-91011121-3141",
  • "orgId": "organizations/7142-1283-54249566-3707",
  • "ownerId": "users/8243-2404-85664728-0889",
  • "info": {
    },
  • "creationTime": "2012-11-01T22:08:41+00:00",
  • "terminationTime": "2019-11-01T22:08:41+00:00",
  • "status": "ACTIVE",
  • "storage": {
    },
  • "availableActions": [
    ],
  • "message": "Auto parked due to inactivity",
}

Adds keyspace into database

Adds the specified keyspace to the database

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

keyspaceName
required
string

Name of database keyspace

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Removes keyspace

Removes the specified keyspace from the database

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

keyspaceName
required
string

Name of database keyspace

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Obtain zip for connecting to the database

Returns a temporary URL to download a zip file with certificates for connecting to the database. The URL expires after five minutes.

There are two types of the secure bundle URL:

  • Internal - Use with VPC peering connections to use private networking and avoid public internet for communication.
  • External - Use with any connection where the public internet is sufficient for communication between the application and the Astra database with MTLS.
Both types support MTLS for communication via the driver.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

query Parameters
all
boolean
Default: false

Optional parameter to obtain secure-connect-*.zip for one (false) or many (true) datacenters. If false, 200 returns CredsURL (download URLs for one datacenter). If true, 200 returns CredsURLList (download URLs for multiple datacenters).

Responses

Response samples

Content type
application/json
Example
{
  • "downloadURL": "nifty.cloud.datastax.com:9092",
  • "downloadURLInternal": "internal-nifty.cloud.datastax.com:9092",
  • "downloadURLMigrationProxy": "proxy-nifty.cloud.datastax.com:9092",
  • "downloadURLMigrationProxyInternal": "proxy-nifty.cloud.datastax.com:9092",
  • "datcenterID": "dde308f5-a8b0-474d-afd6-81e5689e3e25",
  • "region": "us-east-1",
  • "cloudProvider": "AWS",
  • "customDomainBundles": [
    ]
}

Configure Astra Remote Telemetry

Enables metrics exporting to an external system. Note: updates replace any existing config.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

Request Body schema: application/json
Any of
required
object (KafkaTelemetryRequestBlock)

Telemetry Config Block for Kafka servers

Responses

Request samples

Content type
application/json
Example
{
  • "kafka": {
    }
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Retrieve Remote Telemetry configuration

Get the current Telemetry configuration for the database

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

Responses

Response samples

Content type
application/json
Example
{
  • "kafka": {
    }
}

Terminates a database

Terminates a database

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

query Parameters
preparedStateOnly
boolean
Default: false

For internal use only. Used to safely terminate prepared databases.

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Suspends a database

Suspends a database

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

query Parameters
freeConsumed
integer
Default: -1

Represents, from 0 to 100, the free credits percentage consumed.

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Resizes a database

Resizes a database. Total number of capacity units desired should be specified.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

Request Body schema: application/json
required

Map containing capacityUnits key with a value greater than the current number of capacity units (max increment of 3 additional capacity units)

capacityUnits
integer [ 1 .. 100 ]

CapacityUnits can be increased by a max of three additional capacity units per operation. Reducing capacity units is not supported at this time

Responses

Request samples

Content type
application/json
{
  • "capacityUnits": 4
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

List all database datacenters

Returns the list of configured ACTIVE datacenters for the given database, if you want to get the TERMINATED along with ACTIVE send query param all=true

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

query Parameters
all
boolean
Default: false

Allows retrieving datacenters in TERMINATED state along with ACTIVE ones

Responses

Response samples

Content type
application/json
[]

Adds datacenters

Adds the list of datacenters. Supported in AWS, Azure, and Google Cloud.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

Request Body schema: application/json
required

Map containing capacityUnits key with a value greater than the current number of capacity units (max increment of 3 additional capacity units)

Array
id
string
name
string
tier
required
string
status
required
string
cloudProvider
required
string
region
required
string
regionZone
string
Enum: "emea" "apac" "na" "sa"
regionClassification
string
Enum: "standard" "premium" "premium_plus"
capacityUnits
integer

CapacityUnits is the amount of space available (horizontal scaling) for the database

grafanaUrl
string
cqlshUrl
string
graphqlUrl
string
dataEndpointUrl
string
secureBundleUrl
string
secureBundleInternalUrl
string
secureBundleMigrationProxyUrl
string
secureBundleMigrationProxyInternalUrl
string

Responses

Request samples

Content type
application/json
[]

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Terminates a datacenter

Terminates a datacenter

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

datacenterID
required
string

String representation of the datacenter ID

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Resets Password

Sets a database password to the one specified in POST body

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

Request Body schema: application/json
required

Map containing username and password. The specified password will be updated for the specified database user

username
string
password
string

New password (min 6 characters)

Responses

Request samples

Content type
application/json
{
  • "username": "dbusername",
  • "password": "MyNewSecur3Passw0rd"
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Organization Operations

DevOps APIs for your Astra organization.

Get the current organization from the passed token

Retrieve the details for the organization in the provided token

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Configure Audit Logging

Enables audit log exporting to an external system.

Authorizations:
BearerAuth
path Parameters
orgID
required
string

String representation of the organization ID

Request Body schema: application/json
Any of
required
any (PulsarTelemetryRequestBlock)

Telemetry Config

Responses

Request samples

Content type
application/json
{
  • "pulsar": {
    }
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Retrieve Remote Audit Log Configuration or Check Status

Get the current audit log configuration or verify the setup status for the organization.

Authorizations:
BearerAuth
path Parameters
orgID
required
string

String representation of the organization ID

Responses

Response samples

Content type
application/json
{
  • "pulsar": {
    }
}

Delete Audit Log Configuration

Remove audit logging for the organization.

Authorizations:
BearerAuth
path Parameters
orgID
required
string

String representation of the organization ID

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Enterprise Operations

DevOps APIs for your Astra enterprise.

Create an organization under an enterprise.

Create a new organization under the given enterprise.

Authorizations:
BearerAuth
Request Body schema: application/json
name
required
string

The name of the organization

email
required
string

The email of the organization

adminUserID
required
string

The datastax UUID of the user who will be the admin of the organization

enterpriseID
required
string

The UUID of the enterprise under which the organization needs to be created

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "email": "string",
  • "adminUserID": "string",
  • "enterpriseID": "string"
}

Response samples

Content type
application/json
{
  • "OrganizationName": "acme production org",
  • "OrganizationID": "8f112467-7b55-4f0a-877f-c97e2bc10074",
  • "OrganizationEmail": "admin@acme-enterprises.com",
  • "MarketplaceData": { },
  • "CreatedAt": "2024-06-14T15:41:45.395919529Z",
  • "LastModified": "2024-06-14T15:41:45.395919529Z",
  • "OrgType": "organization",
  • "EnterpriseId": "9df02cbd-fb84-47c0-a5cf-b7a912928a4e",
  • "OrganizationGroupId": "f9336a4e-e489-4db2-ab29-0939af587268"
}

Get Enterprise usage report for a given enterprise Id and request payload

Provides the usage report for a given enterprise Id and request payload breakdown across multiple cluster region combination within given window (not more than 90 days)

Authorizations:
BearerAuth
Request Body schema: application/json
required

Consists of the start and end time for the usage report, requested orgids, clusters

startDate
required
string

start date time in ISO RFC3339 format

endDate
required
string

end date time in ISO RFC3339 format

clusterIDs
Array of strings

List of the cluster IDs

orgIDs
Array of strings

List of the org IDs

Responses

Request samples

Content type
application/json
{
  • "startDate": "2021-05-06T06:13:23.57Z",
  • "endDate": "2021-05-06T06:13:23.57Z",
  • "clusterIDs": [
    ],
  • "orgIDs": [
    ]
}

Response samples

Content type
application/json
{
  • "totalCost": null,
  • "costs": [
    ]
}

Roles

Use the DevOps Roles APIs to manage roles in your Astra organization.

Get all roles for an organization

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
[
  • [
    ]
]

Create a role in an organization

Authorizations:
BearerAuth
Request Body schema: application/json

The model for create role body

name
required
string
required
object (Policy)

A policy for a role in Astra.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "policy": {
    }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "policy": {
    },
  • "last_update_datetime": "2019-08-24T14:15:22Z",
  • "last_update_userid": "string"
}

Get a role for an organization

Retrieve the details for a role for a given organization

Authorizations:
BearerAuth
path Parameters
roleID
required
string

id for the role

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Update a role within an organization

Update a role within an organization

Authorizations:
BearerAuth
path Parameters
roleID
required
string

id for the role

Request Body schema: application/json

The model for update role body

name
required
string
required
object (Policy)

A policy for a role in Astra.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "policy": {
    }
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Delete a role by ID

Authorizations:
BearerAuth
path Parameters
roleID
required
string

id for the role

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Users

Use the DevOps Users APIs to manage users in your Astra organization.

Invite a user to an organization

Invite a user to an organization or resend an invitation with new invitation details, such as an updated expiration

Authorizations:
BearerAuth
Request Body schema: application/json
email
required
string

The email of the user being invited

orgID
required
string

The unique system generated identifier of the organization

roles
required
Array of strings

Responses

Request samples

Content type
application/json
{
  • "email": "string",
  • "orgID": "string",
  • "roles": [
    ]
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Get an organization's users

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
{
  • "orgID": "string",
  • "orgName": "string",
  • "users": [
    ]
}

Get an organization's user

Authorizations:
BearerAuth
path Parameters
userID
required
string

id for the user

Responses

Response samples

Content type
application/json
{
  • "userID": "3476f3bb-10df-4d2f-ac2b-f05c65676724",
  • "email": "joe@datastax.com",
  • "status": "active",
  • "roles": [
    ]
}

Remove or uninvite a user from an organization

Authorizations:
BearerAuth
path Parameters
userID
required
string

id for the user

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Update organization roles for a user

Authorizations:
BearerAuth
path Parameters
userID
required
string

id for the user

Request Body schema: application/json
roles
required
Array of strings

Responses

Request samples

Content type
application/json
{
  • "roles": [
    ]
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Token

Generate and revoke tokens that are used to authenticate DevOps API operations.

Create a new AstraCS token

Authorizations:
BearerAuth
Request Body schema: application/json

The model for creating a token

roles
required
Array of strings

The roles with which the token will be created.

orgId
string

The UUID of the organization under which the token will be created (optional). If not provided, the token will be created under the organization/enterprise of the token making the request.

Responses

Request samples

Content type
application/json
{
  • "roles": [
    ],
  • "orgId": "uuid"
}

Response samples

Content type
application/json
{
  • "clientId": "string",
  • "secret": "string",
  • "orgId": "uuid",
  • "roles": [
    ],
  • "token": "uuid"
}

Get a list of tokens for an org

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Deletes a token

Authorizations:
BearerAuth
path Parameters
clientId
required
string

clientID to revoke token for

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Get a list of clients for an org

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

generateTokenForClient

Authorizations:
BearerAuth
Request Body schema: application/json

The model for generating token for client

roles
required
Array of strings

Responses

Request samples

Content type
application/json
{
  • "roles": [
    ]
}

Response samples

Content type
application/json
[
  • {
    }
]

Revokes a token

Authorizations:
BearerAuth
path Parameters
clientId
required
string

clientID to revoke token for

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Access List

View, create, modify, or delete the IP access list for an Astra database.

Get all access lists for an organization

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get the access list for a database

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

Responses

Response samples

Content type
application/json
{
  • "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973",
  • "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b",
  • "addresses": [
    ],
  • "configurations": {
    }
}

Upsert the access list for a database. This endpoint replaces the entire access list with what is present in the request body.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

Request Body schema: application/json
Array of objects (AddressRequest)

A listing of the allowed addresses

object (AccessListConfigurations)

Responses

Request samples

Content type
application/json
{
  • "addresses": [
    ],
  • "configurations": {
    }
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Add addresses to the access list for a database

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

Request Body schema: application/json
Array
address
required
string^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0...

The address (ip address and subnet mask in CIDR notation) of the address to allow

enabled
required
boolean

The indication if the access address is enabled or not

description
required
string

Description of this addresses use

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Update the access list for a database. This endpoint updates existing fields in the access list if they exist

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

Request Body schema: application/json
Array of objects (AddressRequest)

A listing of the allowed addresses

object (AccessListConfigurations)

Responses

Request samples

Content type
application/json
{
  • "addresses": [
    ],
  • "configurations": {
    }
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Delete a list of addresses or the access list for a database. If the addresses query parameter is not present it will delete the entire access list. If the addresses query parameter is present it will delete only the given addresses from the access list

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

query Parameters
addresses
Array of strings

Array of addresses

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Validate the structure of an access list

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
{
  • "valid": true,
  • "validationFailures": [
    ]
}

Get a template of an access list

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
{
  • "addresses": [
    ],
  • "configurations": {
    }
}

DevOps Access List

View, create, modify, or delete the access list that restricts access to the DevOps API for an Astra organization.

Get DevOps API Access List

Retrieves a DevOps API Access List for a specific organization by ID.

Authorizations:
BearerAuth
path Parameters
orgId
required
string

The ID of the Astra DB organization.

Responses

Response samples

Content type
application/json
{
  • "addresses": [
    ]
}

Create DevOps API Access List

Creates a new DevOps API Access List for a specific organization by ID.

Authorizations:
BearerAuth
path Parameters
orgId
required
string

The ID of the Astra DB organization.

Request Body schema: application/json
required

request to create a new access list for the DevOps API

Array
address
string

Address of the CIDR or IP.

description
string

Description of what this address is for.

enabled
boolean

Flag stating whether this address is in use.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "addresses": [
    ]
}

Replace DevOps API Access List

Replaces an existing DevOps API Access List with a new one for a specific Astra DB organization by ID.

Authorizations:
BearerAuth
path Parameters
orgId
required
string

The ID of the Astra DB organization.

Request Body schema: application/json
required

request to replace an existing access list for the DevOps API with the submitted one

Array
address
string

Address of the CIDR or IP.

description
string

Description of what this address is for.

enabled
boolean

Flag stating whether this address is in use.

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "addresses": [
    ]
}

Update DevOps API Access List

Updates an existing DevOps API Access List for a specific Astra DB organization by ID.

Authorizations:
BearerAuth
path Parameters
orgId
required
string

The ID of the Astra DB organization.

Request Body schema: application/json
required

request to add an IP address to an existing DevOps API Access List

address
string

Address of the CIDR or IP.

description
string

Description of what this address is for.

enabled
boolean

Flag stating whether this address is in use.

Responses

Request samples

Content type
application/json
{
  • "address": "string",
  • "description": "string",
  • "enabled": true
}

Response samples

Content type
application/json
{
  • "addresses": [
    ]
}

Remove entire DevOps API Access List from an Astra DB organization.

Removes an entire DevOps API Access List for a specific organization by ID. This will disable the DevOps API Access List feature for the specified organization.

Authorizations:
BearerAuth
path Parameters
orgId
required
string

The ID of the Astra DB organization.

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Gets info about all private link connections for a specific org

Gets info about all private link connections for a specific org

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
{
  • "clusters": [
    ]
}

Gets info about all private link connections for a specific cluster

Gets info about all private link connections for a cluster

Authorizations:
BearerAuth
path Parameters
clusterID
required
string <uuid>

Database ID

Responses

Response samples

Content type
application/json
{
  • "clusterID": "string",
  • "datacenters": [
    ]
}

Gets info about private link in a datacenter

Gets info about a private link connection in a specific datacenter

Authorizations:
BearerAuth
path Parameters
clusterID
required
string <uuid>

Database ID

datacenterID
required
string <uuid>

Datacenter ID from the Astra Portal. There is a unique Datacenter ID for each database region.

Responses

Response samples

Content type
application/json
{
  • "serviceName": "com.amazonaws.vpce.us-east-1.vpce-svc-1148ea04af491da11",
  • "allowedPrincipals": [
    ],
  • "datacenterID": "string",
  • "endpoints": [
    ]
}

Add an allowed principal to the private link service

Configure private link by providing the allowed principal to connect with

Authorizations:
BearerAuth
path Parameters
clusterID
required
string <uuid>

Database ID

datacenterID
required
string <uuid>

Datacenter ID from the Astra Portal. There is a unique Datacenter ID for each database region.

Request Body schema: application/json

The model for adding a private link allowed principal

allowedPrincipals
Array of strings (AllowedPrincipals)

List of principals to do action for private link

Responses

Request samples

Content type
application/json
{
  • "allowedPrincipals": [
    ]
}

Response samples

Content type
application/json
{
  • "serviceName": "com.amazonaws.vpce.us-east-1.vpce-svc-1148ea04af491da11",
  • "allowedPrincipals": [
    ]
}

Add an allowed principal to the private link service

Configure private link by providing the allowed principal to connect with

Authorizations:
BearerAuth
path Parameters
clusterID
required
string <uuid>

Database ID

datacenterID
required
string <uuid>

Datacenter ID from the Astra Portal. There is a unique Datacenter ID for each database region.

Request Body schema: application/json

The model for adding a private link allowed principal

allowedPrincipals
Array of strings (AllowedPrincipals)

List of principals to do action for private link

Responses

Request samples

Content type
application/json
{
  • "allowedPrincipals": [
    ]
}

Response samples

Content type
application/json
{
  • "serviceName": "com.amazonaws.vpce.us-east-1.vpce-svc-1148ea04af491da11",
  • "allowedPrincipals": [
    ]
}

Remove an allowed principal from the private link service

Remove an allowed principal from the private link service

Authorizations:
BearerAuth
path Parameters
clusterID
required
string <uuid>

Database ID

datacenterID
required
string <uuid>

Datacenter ID from the Astra Portal. There is a unique Datacenter ID for each database region.

Request Body schema: application/json

The model for removing a private link allowed principal

allowedPrincipal
string

The allowed-principal

Responses

Request samples

Content type
application/json
{
  • "allowedPrincipal": "arn:aws:iam::123456789012:role/admin"
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Accept an endpoint to the private link service

Complete Private Link connection by providing your endpoint

Authorizations:
BearerAuth
path Parameters
clusterID
required
string <uuid>

Database ID

datacenterID
required
string <uuid>

Datacenter ID from the Astra Portal. There is a unique Datacenter ID for each database region.

Request Body schema: application/json

The model for an AWS Private Link connection creation request

endpointID
string

The user's endpoint created in their cloud provider account

description
string

The human readable description of the endpoint

Responses

Request samples

Content type
application/json
{
  • "endpointID": "vpce-svc-1148ea04af8675309",
  • "description": "ecomm-team-billing-app-prod"
}

Response samples

Content type
application/json
{
  • "endpointID": "vpce-svc-1148ea04af491da11",
  • "description": "ecomm-team-billing-app",
  • "linkID": "126845687",
  • "status": "Accepted",
  • "createdDateTime": "2009-11-10T23:00:00"
}

Gets info about a private link endpoint

Gets info about a private link endpoint

Authorizations:
BearerAuth
path Parameters
clusterID
required
string <uuid>

Database ID

datacenterID
required
string <uuid>

Datacenter ID from the Astra Portal. There is a unique Datacenter ID for each database region.

endpointID
required
string

Endpoint ID

Responses

Response samples

Content type
application/json
{
  • "endpointID": "vpce-svc-1148ea04af491da11",
  • "description": "ecomm-team-billing-app",
  • "linkID": "126845687",
  • "status": "Accepted",
  • "createdDateTime": "2009-11-10T23:00:00"
}

Update the description for a private link endpoint

Update the description for a private link endpoint

Authorizations:
BearerAuth
path Parameters
clusterID
required
string <uuid>

Database ID

datacenterID
required
string <uuid>

Datacenter ID from the Astra Portal. There is a unique Datacenter ID for each database region.

endpointID
required
string

Endpoint ID

Request Body schema: application/json

The model for updating the description for an endpoint

description
string

User defined description of the endpoint

Responses

Request samples

Content type
application/json
{
  • "description": "ecomm-team-billing-app"
}

Response samples

Content type
application/json
{
  • "endpointID": "vpce-svc-1148ea04af491da11",
  • "description": "ecomm-team-billing-app",
  • "linkID": "126845687",
  • "status": "Accepted",
  • "createdDateTime": "2009-11-10T23:00:00"
}

Reject an endpoint from the private link service

Reject an endpoint from the private link service

Authorizations:
BearerAuth
path Parameters
clusterID
required
string <uuid>

Database ID

datacenterID
required
string <uuid>

Datacenter ID from the Astra Portal. There is a unique Datacenter ID for each database region.

endpointID
required
string

Endpoint ID

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Return the list of custom domains used by an organization for access via one or more private links.

Returns a list of custom domains used by an organization. The list contains those user defined domain names or domain name prefixes that are used as suffixes when accessing the databases in the various datacenters via private links.

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
[
  • "string"
]

Define a new set of custom domains for usage with private links.

Sets a set of custom domains used by an organization. The input list should contain those user defined domain names or domain name prefixes that will be used as suffixes when accessing the databases in the various datacenters via private links.

Authorizations:
BearerAuth
Request Body schema: application/json
required
Array
string

Responses

Request samples

Content type
application/json
[
  • "string"
]

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

VPC Peering

Use the DevOps VPC Peering APIs to manage VPC peering for Astra Classic databases.

Retrieves VPC peering connection information for an Astra database in a given cloud provider

Retrieves VPC peering connection details (if any exist) for Astra database

Authorizations:
BearerAuth
path Parameters
provider
required
string
Enum: "aws" "azure" "gcp"

The name of the provider, such as 'aws', 'azure' or 'gcp'

databaseID
required
string

The ID for the database

Responses

Response samples

Content type
application/json
{
  • "connectionId": "string",
  • "status": "string",
  • "currentVpc": {
    },
  • "otherVpc": {
    }
}

Creates a VPC peering connection

Creates a VPC peering connection between an Astra database's VPC and the VPC provided

Authorizations:
BearerAuth
path Parameters
provider
required
string
Enum: "aws" "azure" "gcp"

The name of the provider, such as 'aws', 'azure' or 'gcp'

databaseID
required
string

The ID for the database

Request Body schema: application/json
One of
tenantId
required
string

ID of the Azure tenant the subscription resides in

subscriptionId
required
string

ID of the subscription the resource group and virtual network reside in

resourceGroupName
required
string

Name of the Resource Group the virtual network resides in

virtualNetworkName
required
string

Name of the Virtual Network the peering is connecting to

Responses

Request samples

Content type
application/json
Example
{
  • "tenantId": "string",
  • "subscriptionId": "string",
  • "resourceGroupName": "string",
  • "virtualNetworkName": "string"
}

Response samples

Content type
application/json
{
  • "connectionId": "string",
  • "status": "string",
  • "currentVpc": {
    },
  • "otherVpc": {
    }
}

Deletes an existing VPC peering connection

Deletes a VPC peering connection for an Astra database on the given cloud provider

Authorizations:
BearerAuth
path Parameters
provider
required
string
Enum: "aws" "azure" "gcp"

The name of the provider, such as 'aws', 'azure' or 'gcp'

databaseID
required
string

The ID for the database

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Customer Keys

Manage customer keys for your Astra organization.

Creates a new Customer Key used for serverless database encryption for an organization

A service to create a new Customer Key registration used for serverless database encryption in an organization.

Authorizations:
BearerAuth
Request Body schema: application/json

KMS details that need to be created.

orgId
string <uuid>

The unique identifier for the organization.

object (AWS-KMS)
object (GCP-KMS)

Responses

Request samples

Content type
application/json
{
  • "orgId": "368600f6-a1e7-42f1-8266-2960de5313f3",
  • "aws": {
    },
  • "gcp": {
    }
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Retrieves all Serverless keys in an organization

A service to retrieve the existing Customer Keys of an organization.

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Creates a new Customer Key used for serverless database encryption for an organization

A service to create a new Customer Key registration used for serverless database encryption in an organization.

Authorizations:
BearerAuth
Request Body schema: application/json

KMS details that need to be created.

orgId
string <uuid>

The unique identifier for the organization.

object (AWS-KMS)
object (GCP-KMS)

Responses

Request samples

Content type
application/json
{
  • "orgId": "368600f6-a1e7-42f1-8266-2960de5313f3",
  • "aws": {
    },
  • "gcp": {
    }
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Retrieves all Serverless keys in an organization

A service to retrieve the existing Customer Keys of an organization.

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Creates a new Customer Key used for classic database encryption for an organization

A service to create a new Customer Key registration used for classic database encryption in an organization.

Authorizations:
BearerAuth
Request Body schema: application/json

KMS details that need to be created.

orgId
string <uuid>

The unique identifier for the organization.

object (AWS-KMS)
object (GCP-KMS)

Responses

Request samples

Content type
application/json
{
  • "orgId": "368600f6-a1e7-42f1-8266-2960de5313f3",
  • "aws": {
    },
  • "gcp": {
    }
}

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Retrieves all Classic keys in an organization

A service to retrieve the existing Customer Keys of an organization.

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Retrieves a Serverless Customer Key in an organization

Retrieves a Serverless Customer Key in an organization for a given cloud-provider & region combination.

Authorizations:
BearerAuth
path Parameters
provider
required
string

The name of the provider, such as: aws.

region
required
string

The region in which the key exists.

Responses

Response samples

Content type
application/json
{
  • "orgId": "ccd0aa59-facd-4a42-b27f-49dba057833d",
  • "aws": {
    }
}

Retrieves a Classic Customer Key in an organization

Retrieves a Classic Customer Key in an organization for a given cloud-provider & region combination.

Authorizations:
BearerAuth
path Parameters
provider
required
string

The name of the provider, such as: aws.

region
required
string

The region in which the key exists.

Responses

Response samples

Content type
application/json
{
  • "orgId": "ccd0aa59-facd-4a42-b27f-49dba057833d",
  • "aws": {
    }
}

Retrieves an array of Serverless Storage Cloud provider accounts

Retrieves an array of Cloud provider accounts for a given cloud-provider & region combination to which customers need to grant their KMS keys access to for serverless keys.

Authorizations:
BearerAuth
path Parameters
provider
required
string

The name of the provider, such as: aws.

region
required
string

The region in which the key exists.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Assigns a new cloud account to an organization that will be used for classic database encryption

Assigns a new cloud account for an organization given a cloud provider that will be used for classic database encryption.

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Retrieves an array of Classic Cloud provider accounts

Retrieves an array of Cloud provider accounts for a given cloud-provider & region combination to which customers need to grant their KMS keys access to for Classic keys.

Authorizations:
BearerAuth
path Parameters
provider
required
string

The name of the provider, such as: aws.

region
required
string

The region in which the key exists.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Regions

Get available regions by database type, user, or organization.

Returns supported regions and availability for a given user / org

Returns all supported tier, cloud, region, count, and capacity combinations

Authorizations:
BearerAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Returns the list of available regions for serverless

Returns all region, cloud, name, zone and classification info available in serverless

Authorizations:
BearerAuth
query Parameters
region-type
string
Default: ""

Region type query parameter to retrieve regions supporting serverless and/or vector dbs. By default this API only returns serverless db regions for backward compatibility. To retrieve vector supported regions please pass query parameter region-type=vector. Valid values for this parameter are empty region-type query parameter (default behavior to retrieve serverless regions), all (to retrieve both vector and serverless regions) and vector (to retrieve vector regions). Any invalid value will be ignored and API will show the default behavior i.e. return serverless regions only.

filter-by-org
string
Default: "disabled"

Filter by org query parameter retrieves regions based on current organization ID. By default this API returns all regions for backward compatibility. To retrieve vector supported regions please pass query parameter region-type=vector. Another valid values for this parameter is 'disabled' (default), i.e. retrieve serverless regions without filtering out by current org. Any invalid value will be ignored and API will show the default behavior.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Migrations

Use the DevOps API to manage SSTables-based migrations

initialize a new migration

Initialize a new SSTables based migration.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

query Parameters
concurrency
string

Sets the desired concurrency for the import.

targetSubsetSizeGB
string

Sets the target subset size for the import.

Responses

Response samples

Content type
application/json
{
  • "migrationID": "string",
  • "status": "INITIALIZING",
  • "concurrency": 0,
  • "targetSubsetSizeGB": 0.1
}

initialize a new migration

Initialize a new SSTables based migration.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

datacenterID
required
string

String representation of the datacenter ID

query Parameters
concurrency
string

Sets the desired concurrency for the import.

targetSubsetSizeGB
string

Sets the target subset size for the import.

option.*
string

Optional SSTable Import parameters. E.g. ?option.targetSubsetSizeGb=6.5. These options are not exposed via the devops API.

Responses

Response samples

Content type
application/json
{
  • "migrationID": "string",
  • "status": "INITIALIZING",
  • "concurrency": 0,
  • "targetSubsetSizeGB": 0.1
}

launch a migration

Launch an SSTables based migration.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

migrationID
required
string

String representation of the active migration ID

Responses

Response samples

Content type
application/json
{
  • "migrationID": "string",
  • "status": "INITIALIZING",
  • "concurrency": 0,
  • "targetSubsetSizeGB": 0.1
}

pause a migration

pause a migration in the import phase

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

migrationID
required
string

string representation of the active migration ID

Responses

Response samples

Content type
application/json
{
  • "migrationID": "string",
  • "status": "INITIALIZING",
  • "concurrency": 0,
  • "targetSubsetSizeGB": 0.1
}

resume a paused migration

resume a migration in the paused phase

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

migrationID
required
string

string representation of the active migration ID

Responses

Response samples

Content type
application/json
{
  • "migrationID": "string",
  • "status": "INITIALIZING",
  • "concurrency": 0,
  • "targetSubsetSizeGB": 0.1
}

abort a migration

abort a migration

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

migrationID
required
string

string representation of the active migration ID

Responses

Response samples

Content type
application/json
{
  • "migrationID": "string",
  • "status": "INITIALIZING",
  • "concurrency": 0,
  • "targetSubsetSizeGB": 0.1
}

cleanup a migration

deletes all artifacts after a concluded migration (complete/failed/aborted)

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

migrationID
required
string

string representation of the active migration ID

query Parameters
option.cleanupTime
string

Optional parameter indicating the desired time of the cleanup. Format: unix timestamp, e.g. 2024-09-06T15:30:00Z

Responses

Response samples

Content type
application/json
{
  • "migrationID": "string",
  • "status": "INITIALIZING",
  • "concurrency": 0,
  • "targetSubsetSizeGB": 0.1
}

get migration status

Get status information about an SSTables based migration.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

migrationID
required
string

String representation of the active migration ID

Responses

Response samples

Content type
application/json
{
  • "migrationID": "string",
  • "status": "INITIALIZING",
  • "concurrency": 0,
  • "targetSubsetSizeGB": 0.1
}

PCU

Use the DevOps API to manage provisioned capacity units for eligible organizations and databases.

Gets the PCU groups

Gets the PCU groups

Authorizations:
BearerAuth
Request Body schema: application/json
required

PCU group UUIDs

pcuGroupUUIDs
Array of strings

PCU group UIDs

orgID
string

OrganizationID of the PCU group, ignored for authenticated users

Responses

Request samples

Content type
application/json
{
  • "pcuGroupUUIDs": [
    ],
  • "orgID": "some-org"
}

Response samples

Content type
application/json
[
  • {
    }
]

Creates a PCU group

Given PCU group information, creates a PCU group

Authorizations:
BearerAuth
Request Body schema: application/json
required

PCU group model.

Array (= 1 items)
orgID
string

OrganizationID of the PCU group, ignored for authenticated users

title
string

Title of the PCU group

cloudProvider
string

Cloud provider of the PCU group

region
string

Region of the PCU group

instanceType
string

Instance type of the PCU group

provisionType
string

Provision type of the PCU group

min
integer

Minimum shared hourly PCUs in the PCU group

max
integer

Maximum shared hourly PCUs in the PCU group

reserved
integer

Absolute required PCUs in the PCU group

description
string

Description of the PCU group

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
[
  • {
    }
]

Updates one or more PCU groups

Given PCU group information, updates the PCU groups

Authorizations:
BearerAuth
Request Body schema: application/json
required

PCU Group model.

Array (= 1 items)
pcuGroupUUID
string

UUID of the PCU group to update

title
string

Title of the PCU group

instanceType
string

Instance type of the PCU group

provisionType
string

Provision type of the PCU group

min
integer

Minimum shared hourly PCUs in the PCU group

max
integer

Maximum shared hourly PCUs in the PCU group

reserved
integer

Absolute required PCUs in the PCU group

description
string

Description of the PCU group

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Gets a PCU group UUID returns all associated datacenters and their status

Given a PCU group UUID, returns all associated datacenters and their status

Authorizations:
BearerAuth
path Parameters
pcuGroupUUID
required
string

The PCU group UUID to get the associated datacenters and their status

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Creates a PCU group association

Given PCU group UUID and datacenter UUID, creates a PCU group association

Authorizations:
BearerAuth
path Parameters
pcuGroupUUID
required
string

The PCU group UUID part of this association

datacenterUUID
required
string

The datacenter UUID part of this association

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Deletes a PCU group association

Given datacenter UUID and PCU group UUID, delete the association

Authorizations:
BearerAuth
path Parameters
pcuGroupUUID
required
string

The PCU group UUID part of this association

datacenterUUID
required
string

The datacenter UUID part of this association

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

list the snapshots of a DB

list the snapshots of a DB

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

query Parameters
from
string
Example: from=2006-01-02T15:04:05Z07:00

optional timestamp from which to list the snapshots

to
string
Example: to=2006-01-02T15:04:05Z07:00

optional timestamp until which to list the snapshots

sourceRegion
string

When set then identifies which region to use as the source.

start a clone operation

Start a clone operation.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

sourceDBID
required
string

The ID of the DB that is being cloned from.

query Parameters
snapshotID
required
string

The ID of the snapshot in the source DB used as the basis of the clone operation.

sourceRegion
string

When set then identifies which region to use as the source.

Responses

Response samples

Content type
application/json
{
  • "operationID": "string",
  • "status": "RUNNING"
}

get the status of a clone operation

Get the status of a clone operation.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

operationID
required
string

The ID of the clone operation.

Responses

Response samples

Content type
application/json
{
  • "operationID": "string",
  • "status": "RUNNING"
}

start a restore operation

Start a restore operation.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

query Parameters
snapshotID
required
string

The ID of the snapshot in the source DB used as the basis of the restore operation.

Responses

Response samples

Content type
application/json
{
  • "operationID": "string",
  • "status": "RUNNING"
}

get the status of a restore operation

Get the status of a restore operation.

Authorizations:
BearerAuth
path Parameters
databaseID
required
string

String representation of the database ID

operationID
required
string

The ID of the restore operation.

Responses

Response samples

Content type
application/json
{
  • "operationID": "string",
  • "status": "RUNNING"
}