Access services with a service account

This tutorial shows you how to make your first API call with your service account.

Prerequisites

You have a project: Create a new project
You have a service account: Create a new service account
You have a service account key created: Create a new service account key
Your service account is privileged sufficiently for targeted API call: Assign a role to a service account

Preparation

To make any call with service accounts to the STACKIT API, you need an (bearer) access token: Acquire a bearer token with service account keys.

The bearer token created using your service account’s key is short-lived. Typically, you need to refresh or renew it every 600 seconds.
Next, consult the API Explorer for an endpoint which fulfills your desired task.

For this guide we chose Project - Download audit log entries from STACKIT Audit Log API (2.0).
Gather all information required for the API call, e.g. copy your project ID from the portal.

Now you should have the following information:

Project ID
Short-lived or long-lived token
Endpoint URI
Payload (not needed on GET and DELETE endpoints)

Procedure

Now compose all information into a final call. Here you can find a curl template:

curl --location --request GET 'https://auditlog.api.stackit.cloud/v2/projects/[Insert your projectId here]?start-time-range=2025-01-01T08:10:14.422Z&end-time-range=2025-01-02T08:10:14.422Z' \
--header 'Authorization: Bearer [Insert your short-lived or long-lived token here]'

If everything is correctly provided, the API will answer with a HTTP status code 200 OK. This is a sample response payload:

{
    "items": [
        {
            "id": "ANONYMIZED_ID",
            "receivedTimeStamp": "2025-09-02T08:01:30.027Z",
            "eventVersion": "v1.0",
            "eventSource": "membership",
            "region": "eu01",
            "severity": "INFO",
            "visibility": "PUBLIC",
            "eventType": "ADMIN_ACTIVITY",
            "eventTimeStamp": "2025-09-02T08:01:22.645Z",
            "eventName": "Project member added",
            "sourceIpAddress": "ANONYMIZED_IP",
            "userAgent": "ANONYMIZED_USER_AGENT",
            "initiator": {
                "id": "ANONYMIZED_INITIATOR_ID",
                "email": "anonymized@email.com"
            },
            "request": {
                "endpoint": "PATCH /v2/ANONYMIZED_PROJECT_ID/members",
                "parameters": {},
                "body": {
                    "payload": {
                        "members": [
                            {
                                "role": "owner",
                                "subject": "ANONYMIZED_SUBJECT_EMAIL"
                            }
                        ],
                        "resource_type": "project"
                    },
                    "resource_id": "ANONYMIZED_PROJECT_ID"
                }
            },
            "context": {
                "projectId": "ANONYMIZED_PROJECT_ID"
            },
            "resourceId": "ANONYMIZED_PROJECT_ID",
            "resourceName": "ANONYMIZED_PROJECT_ID",
            "result": {
                "role": "owner",
                "subject": "ANONYMIZED_SUBJECT_EMAIL"
            }
        }
    ],
    "cursor": null,
    "limit": 50
}