Access services with a service account

This tutorial shows you how to make your first API call with your service account.

Prerequisites

You have a project: Create a new project
You have a service account: Create a new service account
You have a service account key created: Create a new service account key
Your service account is privileged sufficiently for targeted API call: Assign a role to a service account

Preparation

To call STACKIT APIs with a service account, acquire a bearer access token: Acquire a bearer token with service account keys.

The bearer token created using your service account key is short‑lived. Typically, refresh or renew it every 600 seconds.
Find an endpoint that fulfils your task in the API Explorer. For this guide, we chose Project – Download audit log entries from STACKIT Audit Log API (2.0).
Gather the information required for the API call. For example, copy your project ID from the portal.

Now you should have the following information:

Project ID
Short‑lived or long‑lived token
Endpoint URI
Payload (not needed for GET and DELETE endpoints)

Procedure

Compose all information into a final call. Use this curl template:

curl --location --request GET 'https://auditlog.api.stackit.cloud/v2/projects/[Insert your projectId here]?start-time-range=2025-01-01T08:10:14.422Z&end-time-range=2025-01-02T08:10:14.422Z' \
--header 'Authorization: Bearer [Insert your short-lived or long-lived token here]'

If all inputs are valid, the API returns HTTP status code 200 OK. This is a sample response payload:

{
    "items": [
        {
            "id": "ANONYMIZED_ID",
            "receivedTimeStamp": "2025-09-02T08:01:30.027Z",
            "eventVersion": "v1.0",
            "eventSource": "membership",
            "region": "eu01",
            "severity": "INFO",
            "visibility": "PUBLIC",
            "eventType": "ADMIN_ACTIVITY",
            "eventTimeStamp": "2025-09-02T08:01:22.645Z",
            "eventName": "Project member added",
            "sourceIpAddress": "ANONYMIZED_IP",
            "userAgent": "ANONYMIZED_USER_AGENT",
            "initiator": {
                "id": "ANONYMIZED_INITIATOR_ID",
                "email": "anonymized@email.com"
            },
            "request": {
                "endpoint": "PATCH /v2/ANONYMIZED_PROJECT_ID/members",
                "parameters": {},
                "body": {
                    "payload": {
                        "members": [
                            {
                                "role": "owner",
                                "subject": "ANONYMIZED_SUBJECT_EMAIL"
                            }
                        ],
                        "resource_type": "project"
                    },
                    "resource_id": "ANONYMIZED_PROJECT_ID"
                }
            },
            "context": {
                "projectId": "ANONYMIZED_PROJECT_ID"
            },
            "resourceId": "ANONYMIZED_PROJECT_ID",
            "resourceName": "ANONYMIZED_PROJECT_ID",
            "result": {
                "role": "owner",
                "subject": "ANONYMIZED_SUBJECT_EMAIL"
            }
        }
    ],
    "cursor": null,
    "limit": 50
}