Subaccount and Group APIs

The ChaosSearch API offers scripted access for managing subaccounts and groups.

Permitted users can use the /user/login API to acquire a security token from the ChaosSearch service. This is the same process that occurs when a user logs in to the console interface directly. The token can be used as part of a specific x-amz-security-token header in the REST requests when calling the ChaosSearch APIs. Customer administrators can create subaccount users with permission to run the endpoints and APIs. These users, referred to as service users, can store their credentials in an appropriate location relative to the type of application they use for making requests.

API users can then use commands such as curl, python, or other APIs to run the /user/createSubAccount or /user/deleteSubAccount endpoints to create/update or delete static subaccounts in the cluster. Similarly, permitted admins could use the /user/groups endpoint to manage the create, update, and delete of groups.

The following is a command line example using curl (with sample credentials) to delete an existing subaccount. The process for using the endpoints can be adapted to the automation tooling, framework, and languages used by the customer:

% curl '' \
  -H 'Connection: keep-alive' \
  -H 'x-amz-cs3-authorization: AWS 
1234567890ABCDEFGHIJ:ABCDEF0123456789abcdef01234=' \
  -H 'Authorization: AWS 1234567890ABCDEFGHIJ:ABCDEF0123456789abcdef01234=' \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'x-amz-security-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJTZWNyZXRBY2Nlc3NLZXkiOiJiVGI0M1hZY0g1YXE1NW1wSVIvYWhNUGVkQzROQnhlTnZDSk1ibVlBIiwiZXBvY2giOjE2NDc0NTQ0MDMwODIsImV4dGwiTG9naW5UeXBlIjoiYWNjb3VudCIsImV4cCI6MTY0Nzk4MDQzNiwiaWF0IjoxNjQ3OTUxNjM2LCJlbWFpbCI6InRlc3QiLCJqdGkiOiJjOWVmMDczMy00MDMwLTQzMTgtYmU4Ni1hODJlNWZjZTEzYWIifQ.rOv_1dDD4TsXnyUTG85zc7Ypa2OkmMiOUcjrQEmHhIM' \
  -H 'x-amz-chaossumo-route-token: login' \
  --data-raw '{"Username":"subacct3"}' \


The "Exists":false message indicates a successful deletion of the subacct3 user.

Master API Key Generation

Tenant users within a cluster can generate a master API key for use in applications which connect to the ChaosSearch Elastic APIs. The Master API key can also be used to access Management APIs to manage ChaosSearch configurations.

Did this page help you?