Copy page

Developers

API Documentation

All your Scaleway resources

The Scaleway API allows you to create and manage all your Scaleway resources programmatically.

Anything you can do through the Scaleway consoleOpen in new context can also be done through the API, from creating Instances to attaching them to Private Networks, to configuring Identity and Access Management, and more.

Curl examples are provided throughout our API documentation. However, calls to the Scaleway API can also be made via various other libraries, SDKs and devtools.

Documentation for achieving specific use cases via each product's API can be found on our main website, in the API/CLI section for your product of choice.

Make your first request

1. Generate your API keyOpen in new context.

2. Run the curl request below in your terminal. Make sure you replace <your-secret-key> with the secret part of your API key.

   Code
   curl -X GET \
       -H "X-Auth-Token: <your-secret-key>" \
       -H "ContentType: application/json" \
       "https://api.scaleway.com/instance/v1/zones/fr-par-1/servers"

   The response will be a JSON list of your Instances in the fr-par-1 region, and their details.

   See How to authenticate for information on generating API keys, and Endpoints for further details on how the HTTPS endpoint breaks down.

How to authenticate

Each request made to Scaleway API must be authenticated by sending an X-Auth-Token HTTP header with each request. This header contains the secret key part of your Scaleway API key, which you can generate on the Scaleway consoleOpen in new context.

We recommend exporting your secret key as an environment variable, which you can then pass directly in your curl request as follows. Remember to replace the example value with your own API secret key.

Code
export SCW_SECRET_KEY=720438f9-fcb9-4ebb-80a7-808ebf15314b

Curl request:

Code
curl -X GET \
    -H "X-Auth-Token: $SCW_SECRET_KEY" \
    -H "ContentType: application/json" \
    "https://api.scaleway.com/instance/v1/zones/fr-par-1/servers"

Identity and Access Management (IAM)

Scaleway API keys are subject to IAMOpen in new context permissions. An API key always inherits the IAM permissions of its bearer: the IAM userOpen in new context or IAM applicationOpen in new context with which the key is associated.

If the API key is associated with the Owner of a Scaleway Organization, it has full rights and permissions for actions within that Organization. Otherwise, it has the permissions defined for the bearer in the Organization via policiesOpen in new context.

Requests and responses

Requests and responses to the Scaleway API are JSON-based.

Requests

An API request consists of a call to the Scaleway API, asking it to carry out an action or provide information.

Each API request will include a specified method, depending on the action you wish to perform:

Request method	Usage	Example
GET	Used to get a resource from a server. The server looks for the data you have requested, and sends it back to you.	List your Instances: GET /instance/v1/zones/{zone}/servers
POST	Often used to create a resource, this method provides additional data such as a JSON payload sent from the client to the server in the message body.	Create an Instance: POST instance/v1/zones/{zone}/servers
PATCH	Used to modify an existing resource	Update an Instance: PATCH instance/v1/zones/{zone}/servers/{server_id}
DELETE	Used to delete a resource	Delete an Instance: DELETE /instance/v1/zones/{zone}/servers/{server_id}

Example request to list existing flexible IPs:

Code
curl -X GET \
    -H "X-Auth-Token: $SCW_SECRET_KEY" \
    -H "ContentType: application/json" \
    "https://api.scaleway.com/instance/v1/zones/fr-par-1/ips"

Responses

After receiving a request, the API sends a response. This consists of the response body, headers and the HTTP status code. When a request is successful, the response body will typically be sent back in the form of a JSON object. An exception to this is when a DELETE request is processed, which will result in an empty response body.

Example response to the curl above, listing existing flexible IPs:

Code
{
   "ips":[
      {
         "id":"b483671d-677f-435f-9de9-9a1adee70f25",
         "address":"50.17.253.160",
         "reverse":null,
         "server":{
            "id":"f9c1998a-9af8-4e2f-b6b7-9b9030daaa71",
            "name":"my-instance"
         },
         "organization":"8e3b57b8-eee9-4de1-975e-522c48c0dac0",
         "project":"a6cdba1f-2ee2-4a04-a5af-2d457b194ee3",
         "zone":"fr-par-1",
         "tags":[
         ]
      }
   ]
}

HTTP status codes

The Scaleway API uses conventional HTTP response codes to indicate the success or failure of a request. In general, codes in the 2xx range indicate success, codes in the 4xx range indicate an error that resulted from the provided information (e.g. a required parameter is missing), and codes in the `5xx range indicate an error with our servers.

HTTP status code	Meaning	Suggested solution
200 OK	Request was successful	N/A
201 Resource Created	Resource was successfully created	N/A
400 Bad Response	Request was unsuccessful	Often this means the request was missing a required parameter.
401 Unauthorized	Request was unsuccessful due to an unvalid API Key	If using IAM check your API key’s permissionsOpen in new context otherwise check the API.

For most non-2xx status codes, a message is provided in the response body giving more detail about the cause of the issue.

Endpoints

Every Scaleway API can be accessed through a single endpoint: api.scaleway.com.

Endpoints generally conform to one of the following patterns:

• Zoned: api.scaleway.com/{product}/{version}/zones/{zone}/{object}..., e.g. api.scaleway.com/instance/v1/zones/{zone}/servers
• Regional: api.scaleway.com/{product}/{version}/regions/{region}/{object}..., e.g. api.scaleway/com/k8s/v1/regions/fr-par/clusters
• Global: api.scaleway.com/{product}/{version}/{object}... e.g. api.scaleway.com/iam/v1alpha1/users.

Regions and zones

Each Scaleway API is either zoned (e.g. Instances, Elastic Metal, Public Gateways), regional (e.g. Kubernetes, Serverless Functions, Messaging and Queuing) or global (e.g. IAM, Billing).

For zoned and regional APIs, the target zone or region for the request is specified in the endpoint (see the codes in the table below). All requests are scoped to that particular zone or region, so for example a List servers request will list servers in that zone or region only.

Scaleway products are hosted in our datacenters across the following regions and zones:

Region	Zone	Description
fr-par	fr-par-1, fr-par-2, fr-par-3	France Paris
nl-ams	nl-ams-1, nl-ams-2, nl-ams-3	Netherlands Amsterdam
pl-waw	pl-waw-1, pl-waw-2, pl-waw-3	Poland Warsaw

Versions

Versioning allows Scaleway to improve its APIs without breaking clients' applications when new versions are rolled out.

Versions are managed in the URI path, for example api.scaleway.com/iam/v1alpha1/.

By default, the documentation for the current major version always displays on the main page for a given API, but alternative available versions may also be available via the version dropdown at the top of the page.

Versions do not reflect product stability, but rather the stability of the interface. API versions can be categorized into three main release tracks:

Example	Track
v1	General Availability. Stable.
v1beta1	Beta. Pre-GA.
v1alpha1	Alpha. Experimental.

When a new version is released, the older version remains available for a period of time to allow users time to move to it. Developer tools (CLI, Terraform, SDKS etc.) are updated to use the newer version. Remaining clients using the old version are notified and warned to move, before the old version is removed and can no longer receive requests.

Objects

Each product API contains methods for one or more objects. In the case of the Instance API, for example, objects include servers (Instances), images, volumes, security groups and snapshots. The object, combined with the request method e.g. GET, DELETE, POST etc and (if applicable) other parameters sent in the request, determines the action to be carried out on the object.