Manage access list with the DevOps API

Use the DevOps API to add and remove addresses for your database access list. You can also enable and disable your access list.

You can use the DevOps API to perform the actions your role permissions allow.

The following roles use the application token to execute DevOps API queries:

  • Organization Administrator

  • Database Administrator

The access list feature will be rolled out for classic databases over a few weeks. If you do not see the access list feature in your database settings, please open a support ticket.

Prerequisites

  1. Create an application token to authenticate your service account in the DevOps API.

  2. Once you have authenticated your service account, you can add and remove IP addresses and CIDRs for your access list in the DevOps API.

  3. You must have your access list on to be able to manage your access list via the DevOps API.

Add addresses to the access list for your databases

  1. Check existing access lists within your organization or database to see which addresses are already on your access list(s):

    Access lists are configured for each database within an organization. You must add each address to every database access list for which you want the address to have access.

    • cURL command (/v2): Get all access lists in organization

    • cURL command (/v2): Get access list in database

    • Result

    curl --request GET \
      --url 'https://api.astra.datastax.com/v2/access-lists' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>'
    curl --request GET \
      --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>'
    [
      {
        "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973",
        "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b",
        "addresses": [
          {
            "address": "137.187.23.0/24",
            "enabled": true,
            "description": "This address allows the database connections from the production environment.",
            "lastUpdateDateTime": "2021-01-21T17:32:28Z"
          }
        ],
        "configurations": {
          "accessListEnabled": true
        }
      }
    ]
  2. Get a template for your access list:

    • cURL command (/v2)

    • Result

    curl --request GET \
      --url 'https://api.astra.datastax.com/v2/access-list/template' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>'
    [
      {
        "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973",
        "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b",
        "addresses": [
          {
            "address": "137.187.23.0/24",
            "enabled": true,
            "description": "This address allows the database connections from the production environment.",
            "lastUpdateDateTime": "2021-01-21T17:32:28Z"
          }
        ],
        "configurations": {
          "accessListEnabled": true
        }
      }
    ]

    For more, see Get template of access list in the DevOps API.

  3. Complete your access list to submit.

  4. Add your access list addresses:

    curl --request POST \
      --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>' \
      --data '{
          [
            "address": "125.187.17.0/24",
            "enabled": true,
            "description": "Development"
          ]
        }'

    For more, see Add addresses to access list for a database in the DevOps API.

  5. Confirm the new addresses have been added to your access list:

    • cURL command (/v2)

    • Result

    curl --request GET \
      --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>'
    [
      {
        "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973",
        "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b",
        "addresses": [
          {
            "address": "137.187.23.0/24",
            "enabled": true,
            "description": "This address allows the database connections from the production environment.",
            "lastUpdateDateTime": "2021-01-21T17:32:28Z"
          },
          {
            "address": "125.187.17.0/24",
            "enabled": true,
            "description": "Development"
          },
        ],
        "configurations": {
          "accessListEnabled": true
        }
      }
    ]

Replace existing access list for your database

  1. Check existing access lists within your organization or database to see which addresses are already on your access list:

    • cURL command (/v2): Get all access lists in organization

    • cURL command (/v2): Get access list in database

    • Result

    curl --request GET \
      --url 'https://api.astra.datastax.com/v2/access-lists' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>'
    curl --request GET \
      --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>'
    [
      {
        "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973",
        "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b",
        "addresses": [
          {
            "address": "137.187.23.0/24",
            "enabled": true,
            "description": "This address allows the database connections from the production environment.",
            "lastUpdateDateTime": "2021-01-21T17:32:28Z"
          }
        ],
        "configurations": {
          "accessListEnabled": true
        }
      }
    ]
  2. Submit your revised access list:

    • cURL command (/v2): Replace access list

    • cURL command (/v2): Update access list

    curl --request PUT \
      --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>' \
      --data '{
          "addresses": [
              {
                "address": "125.187.17.0/24",
                "enabled": true,
                "description": "Development"
                "lastUpdateDateTime": "2021-01-21T17:32:28Z"
              }
            ],
            "configurations": {
              "accessListEnabled": true
            }
        }'
    curl --request PATCH \
      --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>' \
      --data '{
          "addresses": [
              {
                "address": "125.187.17.0/24",
                "enabled": true,
                "description": "Development"
              }
            ],
            "configurations": {
              "accessListEnabled": true
            }
        }'
  3. Confirm the new addresses have been added to your access list:

    • cURL command (/v2)

    • Result

    curl --request GET \
      --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>'
    [
      {
        "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973",
        "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b",
        "addresses": [
          {
            "address": "137.187.23.0/24",
            "enabled": true,
            "description": "This address allows the database connections from the production environment.",
            "lastUpdateDateTime": "2021-01-21T17:32:28Z"
          },
          {
            "address": "125.187.17.0/24",
            "enabled": true,
            "description": "Development"
          },
        ],
        "configurations": {
          "accessListEnabled": true
        }
      }
    ]

Delete address or access lists

If you do not specify which addresses to delete, the entire access list is deleted.

When the entire access list is deleted, public access is no longer restricted.

  1. Check existing access lists within your organization or database to see which addresses are already on your access list:

    • cURL command (/v2): Get all access lists in organization

    • cURL command (/v2): Get access list in database

    • Result

    curl --request GET \
      --url 'https://api.astra.datastax.com/v2/access-lists' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>'
    curl --request GET \
      --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>'
    [
      {
        "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973",
        "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b",
        "addresses": [
          {
            "address": "137.187.23.0/24",
            "enabled": true,
            "description": "This address allows the database connections from the production environment.",
            "lastUpdateDateTime": "2021-01-21T17:32:28Z"
          },
          {
            "address": "125.187.17.0/24",
            "enabled": true,
            "description": "Development"
          },
        ],
        "configurations": {
          "accessListEnabled": true
        }
      }
    ]
  2. Delete an address from your access list:

    • cURL command (/v2): Delete addresses from access list

    • cURL command (/v2): Delete entire access list

    curl --request DELETE \
      --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>' \
      --data '{
          "addresses": [
              {
                "address": "125.187.17.0/24"
              }
            ]
        }'
    curl --request DELETE \
      --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>'
  3. Confirm the address no longer exists:

    • cURL command (/v2): Get all access lists in organization

    • cURL command (/v2): Get access list in database

    • Result

    curl --request GET \
      --url 'https://api.astra.datastax.com/v2/access-lists' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>'
    curl --request GET \
      --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \
      --header 'Accept: application/json' \
      --header 'Authorization: Bearer <application_token>'
    [
      {
        "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973",
        "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b",
        "addresses": [
          {
            "address": "137.187.23.0/24",
            "enabled": true,
            "description": "This address allows the database connections from the production environment.",
            "lastUpdateDateTime": "2021-01-21T17:32:28Z"
          }
        ],
        "configurations": {
          "accessListEnabled": true
        }
      }
    ]

For more, see Delete addresses or access list for database in the DevOps API.

What’s next?

Explore the DevOps API.