REST APIs
The Oracle Cloud Infrastructure APIs are typical REST APIs that use HTTPS requests and responses. This topic describes basic information about using the APIs.
API Reference and Endpoints
For links to the Oracle Cloud Infrastructure API reference and a list of the regional API endpoints, seeAPI Reference and Endpoints.
API Version
The base path of the endpoint includes the desired API version (for example, 20160918). Here's an example for a POST request to create a new VCN in the Ashburn region:
POST https://iaas.us-ashburn-1.oraclecloud.com/20160918/vcnsAPI Breaking Changes Policy
Oracle Cloud Infrastructure provides 12 months advance notice before the date of removing or changing an existing API of a Cloud Service that you have deployed which would require you to update the code.
Request Signing Required
All Oracle Cloud Infrastructure API requests must be signed for authentication purposes. For information about the required credentials and how to sign the requests, seeRequest Signatures.
HTTPS and TLS 1.2 Required
All Oracle Cloud Infrastructure API requests must support HTTPS and SSL protocol TLS 1.2.
Maximum Allowed Client Clock Skew
HTTP status code 401 (NotAuthenticated) is returned if the client's clock is skewed more than 5 minutes from the server's. To determine the server's clock time, use this curl command with the API endpoint:
curl -s --head<endpoint> | grep DateFor example:
curl -s --head https://iaas.us-phoenix-1.oraclecloud.com | grep DateRequest and Response Format
The Oracle Cloud Infrastructure APIs use standard HTTP requests and responses. Each may contain Oracle-specific headers for pagination, entity tags (ETags), and so on as described elsewhere in this topic and in the API documentation.
Each response includes a unique Oracle-assigned request ID (for example, bb3f3275-f356-462a-93c4-bf40fb82bb02) in theopc-request-id response header. If you need to contact Oracle about a particular request, please provide this request ID.
Many of the API operations require JSON in the request body or return JSON in the response body. The specific contents of the JSON are described in the API documentation for the individual operation. Notice that the JSON is not wrapped or labeled according to the operation's name or the object's name or type.
Make sure to set theContent-Type header toapplication/json in your POST and PUT requests that contain JSON in the body.
Example CreateVcn Request
POST https://iaas.us-phoenix-1.oraclecloud.com/20160918/vcnshost: iaas.us-phoenix-1.oraclecloud.comopc-retry-token: 239787fs987Content-Type: application/jsonHTTP headers required for authenticationOther HTTP request headers per the HTTP spec{ "compartmentId": "ocid1.compartment.oc1..aaaaaaaauwjnv47knr7uuuvqar5bshnspi6xoxsfebh3vy72fi4swgrkvuvq", "displayName": "Apex Virtual Cloud Network", "cidrBlock": "172.16.0.0/16"}Example CreateVcn Response
200 OKopc-request-id: 6c4d01a6-f764-4325-a3f8-720c8b5cae7b{ "id": "ocid1.vcn.oc1.phx.aaaaaaaa4ex5pqjtkjhdb4h4gcnko7vx5uto5puj5noa5awznsqpwjt3pqyq", "compartmentId": "ocid1.compartment.oc1..aaaaaaaauwjnv47knr7uuuvqar5bshnspi6xoxsfebh3vy72fi4swgrkvuvq", "displayName": "Apex Virtual Cloud Network", "cidrBlock": "172.16.0.0/16" "defaultRouteTableId": "ocid1.routetable.oc1.phx.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq", "defaultSecurityListId": "ocid1.securitylist.oc1.phx.aaaaaaaac6h4ckr3ncbxmvwinfvzxjbr7owu5hfzbvtu33kfe7hgscs5fjaq" "defaultDhcpOptionsId": "ocid1.dhcpoptions.oc1.phx.aaaaaaaawglzn7s5sogyfznl25a4vxgu76c2hrgvzcd3psn6vcx33lzmu2xa" "state": "PROVISIONING", "timeCreated": "2016-07-22T17:43:01.389+0000"}Error Format
If a request results in an error, the response contains a standard HTTP response code with 4xx for client errors and 5xx for server errors. The body also includes JSON with an error code and a description of the error. For example:
{ "code": "InvalidParameter", "message": "Description may not be empty; description size must be between 1 and 400"}For a list of common errors across all services, seeAPI Errors.
Request Throttling
Oracle Cloud Infrastructure applies throttling to many API requests to prevent accidental or abusive use of resources. If you make too many requests too quickly, you might see some succeed and others fail. Oracle recommends that you implement an exponential back-off, starting from a few seconds to a maximum of 60 seconds. When a request fails due to throttling, the system returns response code 429 and the following error code and description:
{ "code": "TooManyRequests", "message": "User-rate limit exceeded."}Polling for Resource Status
Most Oracle Cloud Infrastructure resources, such as compute instances, have lifecycles. In many cases, you want your code to wait until a resource orwork request reaches a specific state, or a timeout is exceeded, before taking further action.
You can poll a resource to determine its state. For example, when you callGetInstance, the response body contains aninstance resource that includes thelifecycleState attribute. You might want your code to wait until the instance'slifecycleState is RUNNING before proceeding.
Different resources take different amounts of time to transition between states. Therefore, the optimal frequency and duration parameters for a polling strategy can vary among resources. The Oracle Cloud Infrastructure SDK waiters use the following default strategy:
- Use an exponential back-off, starting from a few seconds to a maximum of 30 seconds between poll attempts.
- Poll up to 20 minutes, and then stop.
Or more information on waiters, see:
Where to Find Your Tenancy's OCID
If you use the API, you'll need yourtenancy 's OCID in order to sign the requests (seeRequest Signatures). You'll also need it for some of the IAM API operations. An OCID is an Oracle Cloud ID (seeResource Identifiers).
Get the tenancy OCID from the Oracle Cloud Console on theTenancy Details page:
In thenavigation menu , select theProfile menu
and then selectTenancy:<your_tenancy_name>.The tenancy OCID is shown underTenancy Information. SelectShow to display the entire ID or selectCopy to copy it to your clipboard.
The tenancy OCID looks something like this (notice the word "tenancy" in it):ocid1.tenancy.oc1..<unique_ID>.
List Pagination
Most List operations paginate results. For example, results are paginated for theListInstances operation in the Core Services API. When you call a paginated List operation, the response indicates more pages of results by including theopc-next-page header.
A page can be empty even when more results remain. Anytime the
opc-next-page header appears, there are more list items to get. For more information about resource list control, seeOverview of Search.List pagination for Object StorageListObjects works differently because the pagination controls are also used for object name filtering.ListObjects returnsnextStartWith instead ofopc-next-page in the response body. To paginate through more objects, use the returnednextStartWith value with thestart parameter. To filter which objects ListObjects returns, use thestart andend parameters.
Make a new GET request against the same URL, modified by setting the page query parameter to the value from theopc-next-page header. Repeat this process until you get a response without anopc-next-page header. The absence of this header indicates that you have reached the last page of the list.
For an alternative to writing pagination code, see the functions in thepagination module provided with the SDK for Python.
opc-prev-page header. Repeat this process until you get a response without anopc-prev-page header. The absence of this header indicates that you have reached the first page of the list.For an alternative to writing pagination code, see the functions in thepagination module provided with the SDK for Python.
In the GET request, set thelimit to the number of items you want returned in the response.
The service will return no more than the number specified as
limit, but might not return that exact number.Retry Token
For some operations you can provide a unique retry token (opc-retry-token) so the request can be retried in case of a timeout or server error without the risk of executing that same action again. The token expires after 24 hours, but can be invalidated before then due to conflicting operations (for example, if a resource has been deleted and purged from the system, then a retry of the original creation request may be rejected).
ETags for Optimistic Concurrency Control
The API supports etags for the purposes of optimistic concurrency control. The GET and POST calls return anetag response header with a value you should store. When you later want to update or delete the resource, set theif-match header to the ETag you received for the resource. The resource will then be updated or deletedonly if the ETag you provide matches the current value of that resource's ETag.
Null vs. Empty Strings for Optional Parameters
If you send an empty string ("") as the value of an optional parameter, the API validates the value as normal (for example, checks against minimum and maximum allowed length, and so on). Often the minimum allowed length is 1, so an error would be returned. If you don't set the value (it's null), the API performs no validation, and some other action may occur. For example: if you don't set a value for thedisplayName when creating a new VCN object, the service will auto-generate a value.
- REST APIs
- API Reference and Endpoints
- API Version
- API Breaking Changes Policy
- Request Signing Required
- HTTPS and TLS 1.2 Required
- Maximum Allowed Client Clock Skew
- Request and Response Format
- Error Format
- Request Throttling
- Polling for Resource Status
- Where to Find Your Tenancy's OCID
- List Pagination
- Retry Token
- ETags for Optimistic Concurrency Control
- Null vs. Empty Strings for Optional Parameters