NS1 Status

Articles in this section

See more

Managing DDI organizations, users, & API keys

  • Updated
Follow

With the exception of operators, all users, zones, records, and API keys are objects within an organization. Each is managed by an organization member with sufficient privileges—however, operators also have the ability to act on behalf of an organization. This is necessary when setting up the first organization's users or API keys.

NOTE
If you are an operator acting on behalf of an organization, adding an exclamation point and the org_id (for example, !2000) to the end of an API key allows you to use other endpoints described in NS1’s API documentation.

Viewing organizations

curl -k -X GET \
https://$CORE_HOST_IP/v1/ops/orgs \
-H "X-NSONE-Key: $OPERATOR_KEY"

Creating an organization

To continue with the initial setup of Private DNS, an operator must create the first organization using the following PUT command:

curl -k -X PUT \
https://$CORE_HOST_IP/v1/ops/orgs \
-H "X-NSONE-Key: $OPERATOR_KEY" \
-d '{"name": "Organization Name"}'

The new organization ID (“org_id”) is included in the response. By default, the ID of the first organization is set to 2000. For example:

{
"org_id": 2000,
"name": "Organization Name",
"id": "5b16cb703ca56f"
}

Updating organization settings

curl -k -X POST \
https://$CORE_HOST_IP/v1/ops/orgs/$ORG_ID \
-H "X-NSONE-Key: $OPERATOR_KEY" \
-d '{"name": "New Organization Name"}'

Deleting an organization

Deleting an organization removes all data associated with the organization—including API keys, users, teams, as well as zone and record data. This can only be performed with the operator’s 2FA token generated during bootstrapping. 

NOTE
An operator's 2FA secret token was returned in response to creating the operator. It can be generated with any six-digit TOTP generator that refreshes at 30-second intervals.
curl -k -X DELETE \
https://$CORE_HOST_IP/v1/ops/orgs/$ORG_ID?token=$2FA_SECRET \
-H "X-NSONE-Key: $OPERATOR_KEY"

Resetting a user's password

If a user forgets their password, an operator can generate a new invite token. For example:

curl -k -X POST \
https://$CORE_HOST_IP/v1/ops/account/$ORG_ID/user/username/password/reset \
-H "X-NSONE-Key: $OPERATOR_KEY"

Creating an API key

NOTE
The Private DNS/Enterprise DDI portal (including the URL and login credentials) is different from the public NS1 portal.

  1. Log in to your Private DNS/Enterprise DDI (via https://$CORE_CONTAINER).

  2. In the upper-right corner, click your organization name, and select Account Settings > Users & Teams from the drop-down menu.

  3. Under the API keys tab, click Add API key.

  4. Enter a descriptive name for the new API key, modify permissions as desired, and then click Create Key.

  5. Use the new API key in the header of your API calls. For example:

    curl -k -X PUT -H "X-NSONE-Key: $API_KEY" -d '{ "name": "MyKey" }' https://$CORE_HOST_IP/v1/account/apikeys

 

Related articles