API Documentation
The API Explorer in Zadara Cloud provides an interactive, Swagger-based interface that allows users to explore, test, and validate available REST APIs directly from the web console. Using the zCompute API Explorer, users can review API definitions, inspect request and response schemas, and execute test calls without relying on external tools.
Accessing the API Explorer
To access the API Explorer from the Zadara Cloud Console:
Log in to the Zadara Cloud management console.
Click the Help (?) icon in the top-right corner.
Select API Explorer from the Help menu.
API Authentication and Token Management
All zCompute API operations require authorization using an authentication token. Tokens may be generated either through the API Explorer UI or programmatically via CLI or third-party REST tools. Each token is issued with a specific scope, which determines whether it applies at the account (domain) level or project level.
Token Generation via API Explorer
When opening the API Explorer while logged in to the zCompute console, an authentication token is automatically generated for the logged in user and copied to the clipboard. This token is valid for 4 hours.
This token can be used with any external tools like curl or python, but it can also be pasted into the Authorize dialog in the Swagger interface and used immediately to execute and test API operations directly in your browser.
Simply click the Authorize button:
Paste your token, press Authorize:
Then press Close:
Token Generation via CLI or Third-Party Tools
When using curl or any other 3rd-party tools a token can be retrieved by making a call against /api/v2/identity/auth with some key data included. If the authentication was successful, the reply will include the API token in the X-Subject-Token header.
This token is valid for 4 hours.
The included data is as follows (with the username, password, and account name substituted in).
Domain-Scoped Token (Account Level)
A domain-scoped token is required for API operations that apply to the entire account, such as account-level configuration or administrative actions. The request data can be scoped to an entire Account as follows:
{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "<USERNAME>",
"password": "<PASSWORD>",
"domain": {
"name": "<ACCOUNT_NAME>"
}
}
}
},
"scope": {
"domain": {
"name": "<ACCOUNT_NAME>"
}
}
}
}Project-Scoped Token (Project Level)
Some API operations are restricted to a specific project. A token can be scoped to a project with:
{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "<USER_NAME>",
"password": "<PASSWORD>",
"domain": {
"name": "<ACCOUNT_NAME>"
}
}
}
},
"scope": {
"project": {
"domain": {
"name": "<ACCOUNT_NAME>"
},
"name": "<PROJECT_NAME>"
}
}
}
}Scope Considerations
Some API commands operate at the project scope, while others require domain-level access. As a result, separate tokens may be required depending on the API being invoked. Using an incorrectly scoped token may result in authorization errors even when credentials are valid.
Example Token Generation
An example of this authentication call can be seen in the following curl call:
curl -s -i -H "Content-Type: application/json" -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"<USERNAME>","password":"<PASSWORD>","domain":{"name":"<ACCOUNT_NAME>"}}}},"scope":{"domain":{"name":"<ACCOUNT_NAME>"}}}}' "https://<API_ENDPOINT>/api/v2/identity/auth"Successfully token generation will return with HTTP 201 Created and the token will be returned in the response header X-Subject-Token.
The response body will include key details about the token, such as is_domain (indicating whether the token is domain scoped or project scoped), project name (where applicable, assigned roles, and expiry.
For example:
{
"token": {
"domain": {
"id": "86158dfd01c211f1a7df5254007b1fe7",
"name": "exampleaccount"
},
"methods": [
"password",
"totp"
],
"roles": [
{
"id": "_member_",
"name": "_member_"
}
],
"expires_at": "2026-02-04T16:08:44.000000Z",
"user": {
"password_expires_at": "2026-03-29 13:17:35",
"domain": {
"id": "86158dfd01c211f1a7df5254007b1fe7",
"name": "exampleaccount"
},
"id": "4eb7ba626b704ff9b6d0f707417a01b5",
"name": "exampleuser"
},
"audit_ids": [
"Lf5yxMMHRKe6EVC_IxqI3Q"
],
"issued_at": "2026-02-04T12:08:44.000000Z"
}
}The X-Subject-Token can be extracted cleanly from the above output using grep and sed:
<AUTH CALL> | grep -i X-Subject-Token | sed 's/[^:]*:[ ]*//'Token Generation with MFA Enabled
If your user has TOTP multi-factor authentication enabled, you will need to also include a totp under methods and include a subsequent block with the details:
"totp": {
"user": {
"domain": {
"name": "<ACCOUNT_NAME>"
},
"name": "<USERNAME>",
"passcode": "<TOTP_CODE>"
}
}A full example can be seen here:
{
"auth": {
"identity": {
"methods": [
"password",
"totp"
],
"password": {
"user": {
"domain": {
"name": "<ACCOUNT_NAME>"
},
"name": "<USERNAME>",
"password": "<PASSWORD>"
}
},
"totp": {
"user": {
"domain": {
"name": "<ACCOUNT_NAME>"
},
"name": "<USERNAME>",
"passcode": "<TOTP_CODE>"
}
}
},
"scope": {
"domain": {
"name": "<ACCOUNT_NAME>"
}
}
}
}Using the API Explorer UI
In Zadara Compute < 25.06, there is a bug in the API Explorer
where the generated
curl
command and Request path are incorrect.
Please see
Zadara Compute API Explorer Path Bug
for guidance on how to determine the correct API Endpoint path.
The API Explorer organizes available API calls in categories such as cluster, compute, networking, identity, monitoring, quotas, and virtual machine management.
Selecting a category (for example, VMs) expands the view to show all API operations available for that service, including the HTTP method, resource path, and a brief description of the API call:
The Authorize option is available at the category level to confirm or update the active authorization context.
Clicking on any of these will expand to show you all the details about the API call, including all available Parameters and the possible Responses:
Testing API Operations in the API Explorer
In addition to the details described above in Using the API Explorer UI, each API call includes a Try it out button for running real API calls directly from your browser window.
To use it, simply do the following:
Click Try it out to enable input fields.
Provide any applicable parameters.
Click Execute to submit the request.
After execution, the API Explorer displays:
HTTP response code
Response body (JSON)
Request URL
Generated curl command reflecting the exact request sent
This allows validated API calls to be reused externally for scripting or automation..
AWS Compatible API
zCompute includes a number of AWS-compatible endpoints to allow for the usage of standard APIs for things like EC2 and IAM. These endpoints allow the use of 3rd-party AWS tools and SDKs (for example, AWS CLI or boto3).
The list of endpoints can be found on the Zadara Compute help menu by navigating to Help (?) → API Endpoints.
Each service exposes a dedicated endpoint URL that must be configured in the corresponding AWS-compatible client or SDK. You can hover over each to reveal a copy button:
Some boto3 examples can be found here: boto3 for ec2 — zCompute
Access Keys
Access keys for use with the AWS APIs can be generated from the zCompute webUI from the My Account > Access Keys page:
Swagger OpenAPI Specification YAML
At the top of each API Explorer category, all API calls are also available as in the Swagger/OpenAPI Specification 2.0 YAML format:
OAS is an open standard format for defining APIs, and you can read the full documentation for it here: