Application Service

• 1: API Gateway
• 1.1: Overview
• 1.2: How-to guides
• 1.2.1: Resource-based Policy
• 1.3: API Reference
• 1.4: CLI Reference
• 1.5: Release Notes
• 2: Queue Service
• 2.1: Message API reference
• 2.2: How to guides
• 2.3: Overview
• 2.3.1: ServiceWatch Metrics
• 2.4: CLI Reference
• 2.5: API Reference
• 2.6: Release Note

1 - API Gateway

1.1 - Overview

Service Overview

API Gateway is a service that easily creates, manages, and monitors APIs. It defines resources and methods related to APIs in a consistent manner, and can apply built-in security access. Additionally, it can easily and conveniently monitor API usage status and performance metrics.

Features

• Convenient API Management: Through the console, you can conveniently register and manage APIs, and provide JWT (Json Web Token) for access permission management. It is also linked with SCP Cloud Functions, allowing Cloud Functions function calls via API Gateway.
• Stable Traffic Handling: API Gateway can manage backend system traffic through usage plans. Usage plans can set the maximum number of calls per hour (hour/day/month), and this prevents excessive traffic from entering, enabling stable service usage.
• Easy and convenient monitoring: Provides a dashboard that allows you to manage various functions such as API version management that links different deployment versions per stage, and to monitor API usage status. Through this, you can easily and quickly identify performance metrics such as API calls, response times, and error counts.

Service Architecture Diagram

• The developer (3rd party Developer) can access various backend services via a single endpoint (API Gateway) using Rest API.
• API Gateway can route the request to an appropriate backend service or Cloud Function.
• If authentication and authorization are required, the user is verified with JWT.
• Request data is transformed as needed, or responses from multiple services are aggregated into one through the API Gateway.
• When traffic is high, you can apply load balancing and rate limiting to improve service stability.
• Supports web clients to call APIs from other domains through CORS settings.
• All requests and responses are logged and monitored in the API Gateway service, allowing rapid detection of failures and anomalies.
• By separating stages for each environment such as development, testing, and production, you can manage API versions and utilize the required version. API management, security policy application, etc., can be handled consistently centrally through the API Gateway service.

Provided Features

API Gateway provides the following features.

• API Management and Operations

  • Custom Domain Name: Connect a custom domain to the API to provide a unique URL for the user
  • REST API creation and management: Define resources and methods (GET, POST, etc.) and set authentication method
  • API version and stage management: Operate the same API in multiple versions simultaneously and manage changes
  • Routing: Routing requests to various backend services based on the URI path or request headers
  • Monitoring and Logging: API performance monitoring and logging possible (available December 2025)

• API security

  • IP ACL setting: Control to allow only specific IPs to access, enhancing security

• Cloud Functions integration: Execute business logic in response to external requests by integrating with serverless computing

  • CORS support: Set Cross-Origin Resource Sharing (CORS) to allow resource access from other domains

Components

API

An API is a collection of resources and methods integrated with backend HTTP endpoints, Cloud Functions, or other SCP services. APIs provide a logical interface to the actual service and are deployed across multiple stages, allowing use in various environments (development, production, etc.).

Resources

Resources are logical units that represent specific endpoints (URI paths) within an API. Each resource can be organized in a tree structure and can have multiple HTTP methods. For example, paths such as /users , /orders become individual resources.

Method

The method defines the HTTP actions (e.g., GET, POST, PUT, DELETE, etc.) that can be performed on each resource. Each method is integrated with a specific backend to process actual data or execute functionality.

Stage

The stage is a named reference to a specific point in time (snapshot) of an API deployment, distinguishing environments in the API lifecycle such as development (dev), testing (test), and production (prod). Each stage has its own unique URL, and separate settings per environment are possible for caching, logging, throttling, stage variables, etc. Stages support various operational scenarios such as environment-specific configurations and traffic segregation.

Endpoint

The endpoint is a unique URL address used by the client to access the API. A separate endpoint is created for each stage.

Integration

Integration defines how API methods connect to the actual backend (HTTP endpoints, Functions). Through request and response data transformation, authentication, mapping templates, etc., you can finely control the integration with the backend.

JWT (Json Web Token)

It is a token-based web standard (RFC 7519) used for authentication and authorization. JWT encodes a JSON object composed of three parts (Header, Payload, Signature) in Base64 URL-safe format, and prevents tampering by digitally signing with a secret key or public key. When securely exchanging authentication information and permissions between a server and client, or between services, it is used by placing them in the HTTP header, allowing stateless authentication without session storage.

CORS (Cross-Origin Resource Sharing)

It is a mechanism that bypasses the Same-Origin Policy applied in web browsers for security reasons, allowing resource sharing between servers of different origins (when protocol, domain, or port differ). The server specifies which origins’ requests are allowed through HTTP response headers (e.g., Access-Control-Allow-Origin, etc.), enabling the client (browser) to safely perform cross-origin requests. If CORS is not properly configured, the browser blocks requests for resources from other origins, which is a web standard security policy that must be considered when using various resources such as external API calls, fonts, images, and videos.

Regional Provision Status

API Gateway can be provided in the environments below.

Preliminary Service

This is a list of services that can be optionally configured before creating the service. Please refer to the guide provided for each service for details and prepare in advance. ​

1.2 - How-to guides

Users can create the API Gateway service by entering required information through the Samsung Cloud Platform Console and selecting detailed options.

Creating an API

An API is a collection of resources and methods integrated with backend HTTP endpoints, Cloud Functions, or other SCP services. An API provides a logical interface to the actual service and can be deployed to multiple stages for use in different environments (development, production, etc.).

You can create and use APIs through the Samsung Cloud Platform Console.

To create an API, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.

2. Click the Create API button on the Service Home page. This will take you to the Create API page.

3. Enter the required information for creating the service and select detailed options on the Create API page.

   • Select the required information in the Service Information section.

     Item	Required	Description
     API Name	Required	Enter API name Start with lowercase English letters, do not end with special characters (-), and enter 3 ~ 50 characters using lowercase letters, numbers, and special characters (-)
     API Creation Method	Required	Select API creation method Select from Create New, Clone Existing API
     API to Clone	Required	When selecting Clone Existing API as the API creation method, select from already created APIs
     Description	Optional	Enter additional information or description about the API within 50 characters
     API Endpoint Type	Required	Path to access the API Region: Process requests within the region where the API is deployed Private: Expose to receive API requests privately from other VPCs When Private is selected, JWT activation is applied

     Table. API service information input items
   • Enter or select the required information in the Additional Information section.

     Item	Required	Description
     Tags	Optional	Add tags Click the Add Tag button to create and add a new tag or add an existing tag Up to 50 tags can be added Newly added tags are applied after service creation is complete

     Table. API additional information input items

4. Review the detailed information and estimated charges in the Summary panel, then click the Complete button.

   • Once creation is complete, verify the created resource on the API List page.

Viewing API Details

You can view and modify the complete resource list and detailed information of API services. The API Details page consists of Details, Tags, and Operation History tabs.

To view detailed information of an API service, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.
2. Click the API menu on the Service Home page. This will take you to the API List page.
3. Click the resource for which you want to view detailed information on the API List page. This will take you to the API Details page.
   • The API Details page displays status information and additional feature information, and consists of Details, Tags, and Operation History tabs.

     Item	Description
     Status Display	Status of the API created by the user Creating: API being created Active: API operating normally Deleting: API being deleted Error: Service unavailable due to API internal error
     Service Termination	Button to terminate the service

     Table. API status information and additional features

Details

On the API Details page, you can view detailed information of the selected resource and modify information if necessary.

Connection Management

On the Connection Management page, you can manage connection requests for PrivateLink Service for API Gateway.

Tags

On the API Details page, you can view tag information of the selected resource, and add, modify, or delete tags.

Operation History

On the API Details page, you can view the operation history of the selected resource.

Integrating with PrivateLink Service

By integrating API Gateway service with PrivateLink service, you can connect ‘API Gateway and VPC’ or ‘API Gateway and other SCP services’ without external internet. Data uses only the internal network, providing high security, and no public IP, NAT, VPN, or internet gateway is required.

Creating PrivateLink Service for API Gateway Service

When creating an API, select the endpoint type as Private. You can expose the API to be accessed privately from other VPCs or services.

Creating a PrivateLink Endpoint

You can create an entry point to access other PrivateLinks in API Gateway service.

To create a PrivateLink Endpoint, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.

2. Click the PrivateLink Endpoint menu on the Service Home page. This will take you to the PrivateLink Endpoint List page.

3. Click the Create PrivateLink Endpoint button on the PrivateLink Endpoint List page. This will take you to the Create PrivateLink Endpoint page.

   • Enter or select the required information.

     Item	Required	Description
     PrivateLink Endpoint Name	Required	Enter PrivateLink Endpoint name Enter 3 ~ 20 characters using English letters and numbers
     Description	Optional	Enter additional information or description within 50 characters
     PrivateLink Service ID	Required	Enter the ID of the PrivateLink Service to connect Check the Service ID with the PrivateLink Service provider in advance, and after creating the Endpoint, provide the Endpoint ID to the provider Enter 3 ~ 60 characters using English letters and numbers

     Table. PrivateLink Endpoint creation information input items

4. When information entry and selection is complete, click the Confirm button.

5. Check the message in the notification popup window, then click the Confirm button.

   • Once creation is complete, verify the created resource in the PrivateLink Endpoint list.
   • To delete a PrivateLink Endpoint, select the resource to delete from the list and click the Delete button.

Viewing PrivateLink Endpoint Details

You can view and modify the complete resource list and detailed information of PrivateLink Endpoint. The PrivateLink Endpoint Details page consists of Details and Operation History tabs.

To view detailed information of an API service, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.
2. Click the PrivateLink Endpoint menu on the Service Home page. This will take you to the PrivateLink Endpoint List page.
3. Click the resource for which you want to view detailed information on the PrivateLink Endpoint List page. This will take you to the PrivateLink Endpoint Details page.
   • The PrivateLink Endpoint Details page displays status information and additional feature information, and consists of Details and Operation History tabs.

     Item	Description
     Status Display	Status of PrivateLink Endpoint Requesting: Connection request/approval pending, Cancel Request button displayed Active: Creation complete, operating Creating: Being created Deleting: Being deleted Disconnected: Connection blocked Rejected: Connection rejected, Request Approval Again button displayed Error: Error occurred Canceled: Connection request canceled, Request Approval Again button displayed
     Cancel Request	Request connection cancellation
     Request Approval Again	Request connection again when connection request is in canceled status

     Table. PrivateLink Endpoint status information and additional features

Details

On the PrivateLink Endpoint Details page, you can view detailed information of the selected resource.

Operation History

On the PrivateLink Endpoint Details page, you can view the operation history of the selected resource.

Creating a Resource

A resource is a logical unit representing a specific endpoint (URI path) within an API. Each resource can be organized in a tree structure and can have multiple HTTP methods.

To create a resource, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.

2. Click the API Gateway > Resource menu on the Service Home page. This will take you to the Resource page.

3. Click the Create Resource button on the Resource page. This will take you to the Create Resource popup window.

   • Enter or select the required information.

     Item	Required	Description
     Resource Name	Required	Enter resource name Start with lowercase English letters and enter 3 ~ 50 characters using lowercase letters, numbers, and special characters (-{}) When using braces, only the format {character} is allowed and cannot be empty
     Resource Path	Required	Select the path selected from the resource menu tree

     Table. Resource creation information input items

4. When information entry and selection is complete, click the Confirm button.

5. Check the message in the notification popup window, then click the Confirm button.

   • Once creation is complete, verify the created resource in the resource list.
   • To delete a resource, select the resource to delete from the list and click the Delete button.

Creating a Method

A method defines HTTP actions (e.g., GET, POST, PUT, DELETE, etc.) that can be performed on each resource. Each method is integrated with a specific backend to process actual data or execute functions.

To create a method, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.

2. Click the API Gateway > Resource menu on the Service Home page. This will take you to the Resource page.

3. Click the Create Method button on the Resource page. This will take you to the Create Method popup window.

   • Enter or select the required information.

     Item	Required	Description
     Method Type	Required	Select method type Already created values are not displayed in the list. When ANY is selected, all types of methods are created
     Integration Type	Required	Select endpoint type Select from HTTP, Cloud Function, PrivateLink
     Endpoint URL	Required	Enter endpoint URL when selecting HTTP type An endpoint is a unique URL used by clients to access the API. Separate endpoints are created for each stage. Various types such as Regional, Edge-Optimized, Private, etc. Must be a valid URL starting with http:// or https://, and enter within 500 characters using English letters and special characters ($-_.+!*’:(){}/)
     Endpoint	Required	Select endpoint when selecting Cloud Function type Region is provided as the current region and cannot be changed
     URL Query String Parameters	Optional	Check Use and then enter Name Enter using English letters, numbers, and special characters (_)
     HTTP Request Headers	Optional	Check Use and then enter Name Enter using English letters, numbers, and special characters (-)
     API Key Usage	Optional	Check Use to limit usage through usage policy

     Table. Method creation information input items

4. When information entry and selection is complete, click the Save button.

5. Check the message in the notification popup window, then click the Confirm button.

   • Once creation is complete, verify the created resource in the method list.
   • To delete a method, select the resource to delete from the list and click the Delete button.

Deploying an API

To reflect an API under development to the actual service environment, API deployment is required.

To deploy a created API, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.

2. Click the API Gateway > Resource menu on the Service Home page. This will take you to the Resource page.

3. Click the Deploy API button on the Resource page. This will take you to the Deploy API popup window.

   • Enter or select the required information.

     Item	Required	Description
     Stage	Required	Select stage to deploy API New Stage: Deploy by creating a new stage None Stage: Deploy without selecting a stage
     Stage Name	Required	When selecting New Stage, enter new stage name Start with lowercase English letters, do not end with special characters (-), and enter 3 ~ 30 characters using lowercase letters, numbers, and special characters (-)
     Deployment Description	Optional	Enter additional information or description about API deployment within 50 characters

     Table. API deployment information input items

4. When information entry and selection is complete, click the Deploy button.

5. Check the message in the notification popup window, then click the Confirm button.

Creating a Stage

A stage is a named reference to a specific point in time (snapshot) of an API deployment, distinguishing environments for each lifecycle of the API such as development (dev), test (test), production (prod), etc. Each stage has a unique URL, and separate settings can be made per environment such as caching, logging, throttling, and stage variables. Through stages, various operational scenarios such as Canary release, environment-specific settings, and traffic separation are supported.

To create a stage to deploy an API, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.

2. Click the API Gateway > Stage menu on the Service Home page. This will take you to the Stage page.

3. Click the Create Stage button on the Stage page. This will take you to the Create Stage popup window.

   • Enter or select the required information.

     Item	Required	Description
     Stage Name	Required	When selecting New Stage, enter new stage name Start with lowercase English letters, do not end with special characters (-), and enter 3 ~ 50 characters using lowercase letters, numbers, and special characters (-)
     Stage Description	Optional	Enter additional information or description about the stage within 100 characters
     API Deployment Version	Required	Select API version to deploy Start with lowercase English letters, do not end with special characters (-), and enter 3 ~ 50 characters using lowercase letters, numbers, and special characters (-)

     Table. Stage creation information input items

4. When information entry and selection is complete, click the Confirm button.

5. Check the message in the notification popup window, then click the Confirm button.

   • Once creation is complete, verify the created resource in the stage list.

Viewing Stage Details

You can view and modify the stage list and detailed information. The details page consists of Stage Details information and API Deployment Version Management, CORS, Usage Policy tabs.

To view detailed information of a stage, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.
2. Click the API Gateway > Stage menu on the Service Home page. This will take you to the Stage page.
3. Click the resource for which you want to view detailed information in the stage list.
   • The Stage Details displays status information and additional feature information, and consists of API Deployment Version Management, CORS, and Usage Policy tabs.
   • To delete a stage, select the resource to delete from the list and click the Delete button.
   • To modify a stage, select the resource to modify from the list and click the Modify button.

Stage Details

On the Stage Details page, you can view detailed information of the selected resource.

API Deployment Version Management

On the API Deployment Version Management tab, you can view API deployment history.

CORS (Cross-Origin Resource Sharing)

On the CORS tab, you can view the CORS list.

Usage Policy

On the Usage Policy tab, you can view the usage policy connected to the stage.

Creating Authentication

JWT (JSON Web Token) is an open standard (RFC 7519) used for user authentication. JWT is a claim-based web token that stores information about the user in an encrypted token using JSON format.

To create a JWT, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.

2. Click the API Gateway > Authentication menu on the Service Home page. This will take you to the Authentication List page.

3. Click the Create JSON Web Token button on the Authentication List page. This will take you to the Create JSON Web Token popup window.

   • Enter or select the required information.

     Item	Required	Description
     JWT Name	Required	Enter token name Start with lowercase English letters, do not end with special characters (-), and enter 3 ~ 50 characters using lowercase letters, numbers, and special characters (-)
     Stage to Connect	Optional	Check Use and then select a stage

     Table. Authentication creation information input items

4. When information entry and selection is complete, click the Confirm button.

5. Check the message in the notification popup window, then click the Confirm button. This will take you to the Access Token notification popup window.

   • Tokens can only be viewed in the Access Token notification popup window. If necessary, download the Access Token file.

6. Check the message in the Access Token notification popup window, then click the Confirm button.

   • Once creation is complete, verify the created resource in the authentication list.
   • To delete a token, select the resource to delete from the list and click the Delete button.
   • To modify a token, select Modify from the context menu of the resource to be modified.

Creating Access Control

You can add access allowed IPs so that API calls are made only from specific IPs when calling an API.

To create an access control, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.

2. Click the API Gateway > Access Control menu on the Service Home page. This will take you to the Access Control List page.

3. Click the Create Access Control button on the Access Control List page. This will take you to the Create Access Control popup window.

   • Enter or select the required information.

     Item	Required	Description
     Access Control Name	Required	Enter access control name Start with lowercase English letters, do not end with special characters (-), and enter 3 ~ 50 characters using lowercase letters, numbers, and special characters (-)
     Public Access Allowed IP	Required	Enter IP to allow access Enter up to 100 using ‘,’
     Stage to Connect	Optional	Check Use and then select a stage
     Description	Optional	Enter additional information or description about access control within 50 characters

     Table. Access control creation information input items

4. When information entry and selection is complete, click the Confirm button.

5. Check the message in the notification popup window, then click the Confirm button.

   • Once creation is complete, verify the created resource in the access control list.
   • To delete the access control list, select the resource to delete from the list and click the Delete button. The Default access control cannot be deleted.
   • To modify an access control, select Modify from the context menu of the resource to be modified.

Terminating an API

You can reduce operating costs by terminating services that are not in use. However, since terminating a service may immediately stop the operating service, you should proceed with termination after fully considering the impact of service interruption.

To terminate an API, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.
2. Click the API menu on the Service Home page. This will take you to the API List page.
3. Select the resource to terminate on the API List page and click the Terminate Service button.
4. When termination is complete, verify that the resource has been terminated on the API List page.

Using Report

You can check API traffic, performance, and error status.

To use Report, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.
2. Click the API Gateway > Report menu on the Service Home page. This will take you to the Report page.
   • Enter or select the required information.

3. When information entry and selection is complete, you can view Report information.

Creating a Usage Policy

Usage policies are established to ensure efficient distribution of server resources, secure service stability, and prevent unnecessary traffic and abuse.

To create a usage policy, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.
2. Click the API Gateway > Usage Policy menu on the Service Home page. This will take you to the Usage Policy page.
3. Click the Create Usage Policy button on the Usage Policy page. This will take you to the Create Usage Policy page.
   • Enter or select the required information.

4. When information entry and selection is complete, click the Complete button.
5. Check the message in the notification popup window, then click the Confirm button.
   • Once creation is complete, verify the created resource in the usage policy list.

Creating an API Key

API Keys are used to identify which user or application is calling an API. They are mainly used to limit usage through usage policies.

To create an API Key, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.
2. Click the API Gateway > Usage Policy menu on the Service Home page. This will take you to the Usage Policy page.
3. Click the usage policy in the list. This will take you to the Usage Policy Details page.
4. Click the Create API Key button on the Usage Policy Details page. This will take you to the Add API Key popup window.
   • Enter or select the required information.

4. When information entry and selection is complete, click the Confirm button.
5. Check the message in the notification popup window, then click the Confirm button.
   • Once creation is complete, verify the created resource on the Usage Policy Details page.

Creating a Resource Policy

You can block unauthorized access from the source through resource-based policies and enhance the security level of the service.

To create a resource policy, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.
2. Click the API Gateway > Resource Policy menu on the Service Home page. This will take you to the Resource Policy page.
3. Click the Create Resource Policy button on the Resource Policy page. This will take you to the Create Resource Policy page.
   • Enter or select the required information in the Service Information section.

4. When information entry and selection is complete, click the Complete button.
5. Check the message in the notification popup window, then click the Confirm button.
   • Once creation is complete, you can view, modify, or delete the resource policy.

1.2.1 - Resource-based Policy

Resource-based Policy Overview

API Gateway’s Resource-based Policy is a policy granted to a resource that allows you to decide whether to allow or deny (Effect) actions on specific resources to principals. Using resource-based policies, you can directly define the principals that can call the API.

Through resource-based policies, you can allow secure API calls by defining the following:

• Users of specific Samsung Cloud Platform accounts
• Specific source IP address ranges or CIDR blocks

Source policies are defined as JSON policy documents attached to an API to control whether a specified security principal (usually an IAM role or group) can call the API.

Resource-based Policy Usage Scenarios

The main usage scenarios for resource-based policies are as follows:

Resource-based Policy Scenarios

The resource-based policy scenarios used when specific features of API Gateway operate are as follows:

Additional User Usage Scenarios

While not automatically registered by API Gateway’s resource-based policy, users can add and utilize it as needed. Scenarios that users can add and utilize are as follows:

• Cross-account access
  • When an IAM user of account A wants to execute Lambda of account B, register account A in the function policy of account B.
• Hybrid access control
  • Instead of simply limiting accounts or IPs, you can configure it so that both specific users and specific IP bands must be satisfied simultaneously to allow access.

Managing API Gateway’s Resource-based Policy

To view and set API Gateway’s resource-based policy, follow these steps:

1. Click the All Services > Application Service > API Gateway menu. This will take you to the API Gateway Service Home page.
2. Click the API Gateway > Resource Policy menu on the Service Home page. This will take you to the Resource Policy page.
3. Click the Modify button in the Policy Details item. The Modify Resource Policy popup window opens. * When you click the Delete button, the registered policy is deleted.
4. In the Modify Resource Policy popup window, select a Policy Template and then write the policy. * For policy examples by policy template, see Resource-based Policy Examples.
5. When writing is complete, click the Complete button.

Resource-based Policy Examples

Users can additionally define resource-based policies or modify existing policies as needed.

Default Policy

This is a policy that is automatically registered when an API is created.

Policy Template

{
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Effect": "Allow",
      "Principal": "*",
      "Resource": [
        "srn:{{Offering}}::{{AccountID}}:kr-west1::apigateway:api/{{ApiId}}"
      ],
      "Sid": "DefaultStatement"
    }
  ],
  "Version": "2024-07-01"
}

{
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Effect": "Allow",
      "Principal": "*",
      "Resource": [
        "srn:{{Offering}}::{{AccountID}}:kr-west1::apigateway:api/{{ApiId}}"
      ],
      "Sid": "DefaultStatement"
    }
  ],
  "Version": "2024-07-01"
}

Policy Example

{
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Effect": "Allow",
      "Principal": "*",
      "Resource": [
        "srn:e::accountId1:kr-west1::apigateway:api/apiId1"
      ],
      "Sid": "DefaultStatement"
    }
  ],
  "Version": "2024-07-01"
}

{
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Effect": "Allow",
      "Principal": "*",
      "Resource": [
        "srn:e::accountId1:kr-west1::apigateway:api/apiId1"
      ],
      "Sid": "DefaultStatement"
    }
  ],
  "Version": "2024-07-01"
}

Account Allow List

This is a policy that allows only users of specific SCP accounts (Root user or IAM Role) to call the API.

Policy Template

{
  "Version": "",
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Condition": {
        "SrnLike": {
          "scp:RequestAttribute/body['method-srn']": [
            "srn:{{Offering}}::{{AccountID}}:kr-west1::apigateway:method/{{ApiId}}/{{stageNameOrWildcard*}}/{{httpVerbOrWildcard*}}/{{resourcePathOrWildcard*}}"
          ]
        }
      },
      "Effect": "Allow",
      "Principal": {
        "scp": [
          "srn:{{Offering}}::{{AccountID}}:::iam:user/{{UserSrn}}"
        ]
      },
      "Resource": [
        "srn:{{Offering}}::{{AccountID}}:kr-west1::apigateway:api/{{ApiId}}"
      ],
      "Sid": "Statement1"
    }
  ]
}

{
  "Version": "",
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Condition": {
        "SrnLike": {
          "scp:RequestAttribute/body['method-srn']": [
            "srn:{{Offering}}::{{AccountID}}:kr-west1::apigateway:method/{{ApiId}}/{{stageNameOrWildcard*}}/{{httpVerbOrWildcard*}}/{{resourcePathOrWildcard*}}"
          ]
        }
      },
      "Effect": "Allow",
      "Principal": {
        "scp": [
          "srn:{{Offering}}::{{AccountID}}:::iam:user/{{UserSrn}}"
        ]
      },
      "Resource": [
        "srn:{{Offering}}::{{AccountID}}:kr-west1::apigateway:api/{{ApiId}}"
      ],
      "Sid": "Statement1"
    }
  ]
}

Policy Example

{
  "Version": "",
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Condition": {
        "SrnLike": {
          "scp:RequestAttribute/body['method-srn']": [
            "srn:e::accountId1:kr-west1::apigateway:method/apiId1/stage1/GET/resource1"
          ]
        }
      },
      "Effect": "Allow",
      "Principal": {
        "scp": [
          "srn:e::accountId1:::iam:user/userId1"
        ]
      },
      "Resource": [
        "srn:e::accountId1:kr-west1::apigateway:api/apiId1"
      ],
      "Sid": "Statement1"
    }
  ]
}

{
  "Version": "",
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Condition": {
        "SrnLike": {
          "scp:RequestAttribute/body['method-srn']": [
            "srn:e::accountId1:kr-west1::apigateway:method/apiId1/stage1/GET/resource1"
          ]
        }
      },
      "Effect": "Allow",
      "Principal": {
        "scp": [
          "srn:e::accountId1:::iam:user/userId1"
        ]
      },
      "Resource": [
        "srn:e::accountId1:kr-west1::apigateway:api/apiId1"
      ],
      "Sid": "Statement1"
    }
  ]
}

IP Range Deny List

This is a policy that allows or blocks only specific IP addresses or CIDR ranges.

Policy Template

{
  "Version": "",
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Condition": {
        "SrnLike": {
          "scp:RequestAttribute/body['method-srn']": [
            "srn:{{Offering}}::{{AccountID}}:kr-west1::apigateway:method/{{ApiId}}/{{stageNameOrWildcard*}}/{{httpVerbOrWildcard*}}/{{resourcePathOrWildcard*}}"
          ]
        },
        "NotIpAddress": {
          "scp:SourceIp": [
            "{{sourceIpOrCIDRBlock}}",
            "{{sourceIpOrCIDRBlock}}"
          ]
        }
      },
      "Effect": "Allow",
      "Principal": "*",
      "Resource": [
        "srn:{{Offering}}::{{AccountID}}:kr-west1::apigateway:api/{{ApiId}}"
      ],
      "Sid": "Statement1"
    }
  ]
}

{
  "Version": "",
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Condition": {
        "SrnLike": {
          "scp:RequestAttribute/body['method-srn']": [
            "srn:{{Offering}}::{{AccountID}}:kr-west1::apigateway:method/{{ApiId}}/{{stageNameOrWildcard*}}/{{httpVerbOrWildcard*}}/{{resourcePathOrWildcard*}}"
          ]
        },
        "NotIpAddress": {
          "scp:SourceIp": [
            "{{sourceIpOrCIDRBlock}}",
            "{{sourceIpOrCIDRBlock}}"
          ]
        }
      },
      "Effect": "Allow",
      "Principal": "*",
      "Resource": [
        "srn:{{Offering}}::{{AccountID}}:kr-west1::apigateway:api/{{ApiId}}"
      ],
      "Sid": "Statement1"
    }
  ]
}

Policy Example

{
  "Version": "",
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Condition": {
        "SrnLike": {
          "scp:RequestAttribute/body['method-srn']": [
            "srn:e::accountId1:kr-west1::apigateway:method/apiId1/stage1/GET/resource1"
          ]
        },
        "NotIpAddress": {
          "scp:SourceIp": [
            "1.2.3.4/24",
            "5.6.7.8/32"
          ]
        }
      },
      "Effect": "Allow",
      "Principal": "*",
      "Resource": [
        "srn:e::accountId1:kr-west1::apigateway:api/apiId1"
      ],
      "Sid": "Statement1"
    }
  ]
}

{
  "Version": "",
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Condition": {
        "SrnLike": {
          "scp:RequestAttribute/body['method-srn']": [
            "srn:e::accountId1:kr-west1::apigateway:method/apiId1/stage1/GET/resource1"
          ]
        },
        "NotIpAddress": {
          "scp:SourceIp": [
            "1.2.3.4/24",
            "5.6.7.8/32"
          ]
        }
      },
      "Effect": "Allow",
      "Principal": "*",
      "Resource": [
        "srn:e::accountId1:kr-west1::apigateway:api/apiId1"
      ],
      "Sid": "Statement1"
    }
  ]
}

Cross-account Access

This is a policy that allows UserId2 belonging to accountId2 to call API apiId1 belonging to accountId1.

Policy Example

{
  "Version": "",
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Condition": {
        "SrnLike": {
          "scp:RequestAttribute/body['method-srn']": [
            "srn:e::accountId1:kr-west1::apigateway:method/apiId1/*/*/*"
          ]
        }
      },
      "Effect": "Allow",
      "Principal": {
        "scp": [
          "srn:e::accountId1:::iam:user/userId1",
          "srn:e::accountId2:::iam:user/userId2",
        ]
      },
      "Resource": [
        "srn:e::accountId1:kr-west1::apigateway:api/apiId1"
      ],
      "Sid": "Statement1"
    }
  ]
}

{
  "Version": "",
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
      "Condition": {
        "SrnLike": {
          "scp:RequestAttribute/body['method-srn']": [
            "srn:e::accountId1:kr-west1::apigateway:method/apiId1/*/*/*"
          ]
        }
      },
      "Effect": "Allow",
      "Principal": {
        "scp": [
          "srn:e::accountId1:::iam:user/userId1",
          "srn:e::accountId2:::iam:user/userId2",
        ]
      },
      "Resource": [
        "srn:e::accountId1:kr-west1::apigateway:api/apiId1"
      ],
      "Sid": "Statement1"
    }
  ]
}

Hybrid Access Control

This is a policy that allows UserId2 belonging to accountId2 to call API apiId1 belonging to accountId1.

• You can add conditions to simultaneously validate the User ID (Principal) and resource Condition (Condition). Below is an example that additionally defines inaccessible IPs.

Policy Example

{
  "Version": "",
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
       "Condition": {
        "SrnLike": {
          "scp:RequestAttribute/body['method-srn']": [
            "srn:e::accountId1:kr-west1::apigateway:method/apiId1/*/*/*"
          ]
        },
        "NotIpAddress": {
          "scp:SourceIp": [
            "1.2.3.4/24",
            "5.6.7.8/32"
          ]
        }
      },
      "Effect": "Allow",
      "Principal": {
        "scp": [
          "srn:e::accountId1:::iam:user/userId1",
        ]
      },
      "Resource": [
        "srn:e::accountId1:kr-west1::apigateway:api/apiId1"
      ],
      "Sid": "Statement1"
    }
  ]
}

{
  "Version": "",
  "Statement": [
    {
      "Action": [
        "apigateway:InvokeApigatewayRegion"
      ],
       "Condition": {
        "SrnLike": {
          "scp:RequestAttribute/body['method-srn']": [
            "srn:e::accountId1:kr-west1::apigateway:method/apiId1/*/*/*"
          ]
        },
        "NotIpAddress": {
          "scp:SourceIp": [
            "1.2.3.4/24",
            "5.6.7.8/32"
          ]
        }
      },
      "Effect": "Allow",
      "Principal": {
        "scp": [
          "srn:e::accountId1:::iam:user/userId1",
        ]
      },
      "Resource": [
        "srn:e::accountId1:kr-west1::apigateway:api/apiId1"
      ],
      "Sid": "Statement1"
    }
  ]
}

1.3 - API Reference

1.4 - CLI Reference

1.5 - Release Notes

API Gateway

2 - Queue Service

2.1 - Message API reference

Overview

The Queue Service provided by Samsung Cloud Platform can send, receive, and delete messages.
In this guide, we provide an explanation of the Queue Service API and how to call it.

Queue Service Call Procedure

Queue Service API URL address must be changed according to the operating environment and region. Please check the operating environment and region information in the table below.

Calling API

AUTH PARAMS

Header Description

Scp-Accesskey      : Access Key issued from the Samsung Cloud Platform portal
Scp-Signature      : Signature that encrypts the called API request with the Access Secret Key mapped to the Access Key. The HMAC encryption algorithm uses HmacSHA256.
Scp-Target         : Action that requests the Queue Service. ScpQS.SendMessage, ScpQS.SendMessageBatch, ScpQS.ReceiveMessage, ScpQS.DeleteMessage, ScpQS.DeleteMessageBatch one of
Scp-Timestamp      : January 1, 1970 00:00:00 defines the elapsed time from Coordinated Universal Time (UTC) as milliseconds.
Scp-ClientType     : user-api specification

Create Signature

• Generate the string to be signed from the request, encrypt it with HmacSHA256 algorithm using Access and Secret Key, then encode it in Base64.
• Use this value as Scp-Signature.
• The generated Signature is valid for 15 minutes.1. Click the All Services > Application > Queue Service menu. Navigate to the Service Home page of Queue Service.

Signature Generation Sample Code (Java)

public static String makeHmacSignature(String method,
                                       String url,
                                       String timestamp,
                                       String accessKey,
                                       String accessSecretKey,
                                       String clientType) {
  
    String body = method + url + timestamp + accessKey + clientType;
  
    String encodeBase64Str;
  
    try {
        byte[] message = body.getBytes("UTF-8");
        byte[] secretKey = accessSecretKey.getBytes("UTF-8");
  
        Mac mac = Mac.getInstance("HmacSHA256");
        SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey, "HmacSHA256");
        mac.init(secretKeySpec);
        byte[] hmacSha256 = mac.doFinal(message);
        encodeBase64Str = Base64.getEncoder().encodeToString(hmacSha256);
    } catch (Exception e) {
        throw new RuntimeException("Failed to calculate hmac-sha256", e);
    }
  
    return encodeBase64Str;
}

Signature Generation Sample Code (JavaScript)

### Queue Service API Call Example
#### Curl
```commandline
curl -i -X GET
-H "Scp-Accesskey:2sd2gg=2agbdSD26svcD"
-H "Scp-Signature:fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef="
-H "Scp-Timestamp:1605290625682"
-H "Scp-ClientType:user-api"
-H "Scp-Target:ScpQS.SendMessage"
--data '{"MessageBody": "sample message",  "QueueUrl": "https://queueservice.kr-west1.e.samsungsdscloud.com/33ff0000a8a345d78cdf163673f3da11/samplequeue"}'
'https://queueservice.service.kr-west1.e.samsungsdscloud.com'

Python

import requests

url = "https://queueservice.service.kr-west1.e.samsungsdscloud.com"
payload = {
   'MessageBody': 'sample message',
   'QueueUrl': 'https://queueservice.kr-west1.e.samsungsdscloud.com/33ff0000a8a345d78cdf163673f3da11/samplequeue'
}
headers = {
  'Scp-Accesskey': '2sd2gg=2agbdSD26svcD',
  'Scp-Signature': 'fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=',
  'Scp-Timestamp': '1605290625682',
  'Scp-ClientType': 'user-api',
  'Scp-Target': 'ScpQS.SendMessage'
}

response = requests.request("GET", url, headers=headers, data=payload)

if response.status_code == 200:
    contents = response.text
    return contents
else:
    raise Exception(f"Failed to GET API: {response.status_code}, {response.text}")

Java

String apiUrl = "https://queueservice.service.kr-west1.e.samsungsdcloud.com";
String accessKey = "2sd2gg=2agbdSD26svcD"
String signature = "fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef="
String timestamp = "1605290625682"
String clientType = "user-api"
String scpTarget = "ScpQS.SendMessage"

public static String getAPI(String token, String apiUrl) throws IOException {
        CloseableHttpClient httpClient = HttpClients.createDefault();
        HttpGet getRequest = new HttpGet(apiUrl);
        getRequest.addHeader("Scp-Accesskey", accessKey);
        getRequest.addHeader("Scp-Signature", signature);
        getRequest.addHeader("Scp-Timestamp", timestamp);
        getRequest.addHeader("Scp-ClientType", clientType);
        getRequest.addHeader("Scp-Target", scpTarget);

        HttpResponse response = httpClient.execute(getRequest);
        int statusCode = response.getStatusLine().getStatusCode();

        if (statusCode == 200) {
            String responseBody = EntityUtils.toString(response.getEntity());
            httpClient.close();
            return responseBody;
        } else {
            String responseBody = EntityUtils.toString(response.getEntity());
            httpClient.close();
            throw new RuntimeException("Failed to Request: " + statusCode + ", " + responseBody);
        }
    }

Queue Service API

SendMessage

POST https://queueservice.service.kr-west1.e.samsungsdscloud.com

Description

Send message

Parameters

MessageAttribute

Responses

Example HTTP request

Request Header

"Scp-Accesskey:2sd2gg=2agbdSD26svcD","
"Scp-Signature:fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=","


"Scp-Timestamp:1605290625682",
"Scp-ClientType:user-api","
Scp-Target:ScpQS.SendMessage

Request Body

{
  "QueueUrl": "https://queueservice.kr-west1.e.samsungsdscloud.com/123e54b7303749f38ca59a5c6d419a75/test",
  "MessageBody": "Hello SQS!",
  "MessageAttributes": {
    "Special": {
      "DataType": "string",
      "StingValue": "testBodyString12345678910!/wow$#@!"
    }
  }
}

Example HTTP response

200 Response

{
  "MD5OfMessageAttributes": "139818cac45117a07428826a8c533c01",
  "MD5OfMessageBody": "098f6bcd4621d373cade4e832627b4f6",
  "MessageId": "14b37b86-8117-484a-aea4-1eae3b98d5d0",
  "SequenceNumber": "11764568839"
}

SendMessageBatch

POST https://queueservice.service.kr-west1.e.samsungsdscloud.com

Description

Bulk message sending

Parameters

SendMessageBatchRequestEntry

Responses

Example HTTP request

Request Header

“Scp-Accesskey:2sd2gg=2agbdSD26svcD”, “Scp-Signature:fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=”,"

“Scp-Timestamp:1605290625682”," “Scp-ClientType:user-api”," Scp-Target:ScpQS.SendMessageBatch

###### Request Body
```json
{
   "QueueUrl": "https://queueservice.kr-west1.dev3.samsungsdscloud.com/123e54b7303749f38ca59a5c6d419a75/test",
   "Entries": [
      {
         "Id": "1",
         "MessageBody": "test-body-1"
      },
      {
         "Id": "2",
         "MessageBody": "test-body-2"
      }
   ]
}

Example HTTP response

200 Response

{
   "Failed": [],
   "Successful": [
      {
         "Id": "2",
         "MD5OfMessageAttributes": "d41d8cd98f00b204e9800998ecf8427e",
         "MD5OfMessageBody": "82ddf04637119b9a77e9b44095f5ba11",
         "MessageId": "68aa4629-bfbc-4bb0-898b-52db94438526",
         "SequenceNumber": "31764583416"
      },
      {
         "Id": "1",
         "MD5OfMessageAttributes": "d41d8cd98f00b204e9800998ecf8427e",
         "MD5OfMessageBody": "8344ca2f91203b151e4d0aafc9248a8b",
         "MessageId": "3523740f-9e7c-429e-8514-5ec21b1d3cd8",
         "SequenceNumber": "41764583416"
      }
   ]
}

ReceiveMessage

POST https://queueservice.service.kr-west1.e.samsungsdscloud.com

Description

Message reception

Parameters

Responses

Example HTTP request

Request Header

"Scp-Accesskey:2sd2gg=2agbdSD26svcD","
"Scp-Signature:fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp:1605290625682","
"Scp-ClientType:user-api",
Scp-Target:ScpQS.ReceiveMessage

Request Body

{
   "QueueUrl": "https://queueservice.kr-west1.dev3.samsungsdscloud.com/123e54b7303749f38ca59a5c6d419a75/test",
   "MaxNumberOfMessages": "2"
}

Example HTTP response

200 Response

{
   "messages": [
      {
         "MessageId": "14b37b86-8117-484a-aea4-1eae3b98d5d0",
         "Body": "sample-body-1",
         "Attributes": {},
         "MessageAttributes": {
            "Special": {
               "DataType": "string",
               "StingValue": "testBodyString12345678910!/wow$#@!"
            }
         },
         "MD5OfBody": "098f6bcd4621d373cade4e832627b4f6",
         "MD5OfMessageAttributes": "139818cac45117a07428826a8c533c01",
         "ReceiptHandle": "400tf1nY4HbXEP7UX4OtxPVIPlq9vw1eeKDFwNMeNiEuZvMSbvdPCBOF/P96FUF9XT7TALMzP91ViCxQjnOIyBWw+fr4EhihdJ0Z2QHau1LMHbxD+GngcM2Pv6d5HM4KCmBgB2GxFA5qpUFBPPI="
      },
      {
         "MessageId": "aee85517-1437-4877-8de8-00eee69e11dc",
         "Body": "sample-body-2",
         "Attributes": {},
         "MD5OfBody": "ad0234829205b9033196ba818f7a872b",
         "MD5OfMessageAttributes": "139818cac45117a07428826a8c533c01",
         "ReceiptHandle": "400tf1nY4HbXEP7UX4OtxPVIPlq9vw1eeKDFwNMeNiEuZvMSbvdPCBPVrfhxFxZ0XD7aBbEzP91Vi3pQ13KMxBWxrP74REyhKcgd2VLauFLMHbxD+GngcM2Pv6d5HCzyqhEoB9DHI5NmOhgaOJ4="
      }
   ]
}

DeleteMessage

POST https://queueservice.service.kr-west1.e.samsungsdscloud.com

Description

Delete message

Parameters

Responses

Example HTTP request

Request Header

“Scp-Accesskey:2sd2gg=2agbdSD26svcD”," “Scp-Signature:fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=”, “Scp-Timestamp:1605290625682”, “Scp-ClientType:user-api”," Scp-Target:ScpQS.DeleteMessage

###### Request Body
```json
{
   "QueueUrl": "https://queueservice.kr-west1.dev3.samsungsdscloud.com/123e54b7303749f38ca59a5c6d419a75/test",
   "ReceiptHandle": "400tf1nY4HbXEP7UX4OtxPVIPlq9vw1eeKDFwNMeNiEuZvMSbvdPCBPVrfhxFxZ0XD7aBbEzP91Vi3pQ13KMxBWxrP74REyhKcgd2VLauFLMHbxD+GngcM2Pv6d5HCzyqhEoB9DHI5NmOhgaOJ4="
}

Example HTTP response

200 Response

DeleteMessageBatch

aiignore POST https://queueservice.service.kr-west1.e.samsungsdscloud.com

#### Description
Bulk message deletion

#### Parameters
| Field Name      | Required | Type                                      | Description |
|----------|-------|-----------------------------------------|----|
| Entries  | true  | array of DeleteMessageBatchRequestEntry |    |
| QueueUrl | true  | string                                  |    |

##### DeleteMessageBatchRequestEntry
| Field Name           | Required | Type     | Description |
|---------------|-------|--------|----|
| Id            | true  | string |    |
| ReceiptHandle | true  | string |    |

#### Responses

| HTTP  Code | Description	 | Schema |
|------------|--------------|--------|
| 200        | 	Created	    |        |
| 400        | 	Bad Request |        |
| 403        | 	Forbidden	  |        |


#### Example HTTP request

###### Request Header

“Scp-Accesskey:2sd2gg=2agbdSD26svcD”," Scp-Signature:fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=, “Scp-Timestamp:1605290625682”, “Scp-ClientType:user-api”," Scp-Target:ScpQS.DeleteMessageBatch

###### Request Body
```json
{
   "QueueUrl": "https://queueservice.kr-west1.dev3.samsungsdscloud.com/123e54b7303749f38ca59a5c6d419a75/test",
   "Entries": [
      {
         "Id": "1",
         "ReceiptHandle": "400tf1nY4HbXEP7UX4OtxPVIPlq9vw1eeKDFwNMeNiEuZvMSbvdPCBOF/P96FUF9XT7TALMzP91ViCxQjnOIyBWw+fr4EhihdJ0Z2QHau1LMHbxD+GngcMyJvqN5F17gym/YF4JoroeBXMSvIG0="
      },
      {
         "Id": "2",
         "ReceiptHandle": "400tf1nY4HbXEP7UX4OtxPVIPlq9vw1eeKDFwNMeNiEuZvMSbvdPCBOC8PwoFhV3Uj6JV+BnP90P3n1Q1y/RnhW0rv//GE6sf8EZjwfauVLMHbxD+GngcMyJvqN5F1Hs5T3vAZxgIV20IPdscTQ="
      }
   ]
}

Example HTTP response

200 Response

{
   "Failed": [],
   "Successful": [
      {
         "Id": "1"
      },
      {
         "Id": "2"
      }
   ]
}

2.2 - How to guides

Create Queue Service

You can create and use a Queue Service from the Samsung Cloud Platform Console.
To create a Queue Service, follow these steps.

1. Click the All Services > Application > Queue Service menu. Go to the Service Home page of Queue Service.
2. Click the Create Queue button on the Service Home page. It navigates to the Create Queue page.
3. After entering the information required to create the service on the Queue creation page, click the Confirm button.

4. When the popup notifying creation opens, click the Confirm button.

Queue is charged based on usage.

Queue Service Check detailed information

You can view detailed information and messages about the Queue Service.
To view detailed information of the Queue Service, follow the steps below.

1. All Services > Application > Queue Service Click the menu. Go to the Service Home page of Queue Service.
2. Click the Queue menu on the Service Home page. It moves to the Queue List page.
3. Click the resource to view detailed information on the Queue list page. It moves to the Queue details page.
   • Queue Details page displays status information and additional feature information, and consists of Details, Message Management, Tags, Task History tabs.

Detailed Information

On the Queue list page, you can view detailed information of the selected resource and, if necessary, edit the information.

Message Management

Queue list page allows you to view and manage the message list of the selected resource.

Tag

On the Queue list page, you can view the tag information of the selected resource, and you can add, modify, or delete it.

Work History

Queuee 목록 page allows you to view the operation history of the selected resource.

Queue configuration setup

You can reconfigure the settings configured when creating the Queue Service.
To reset the Queue configuration, follow these steps.

1. Click the All Services > Application > Queue Service menu. Go to the Service Home page of Queue Service.
2. Click the Queue menu on the Service Home page. Navigate to the Queue list page.
3. Queue List page, click the resource to reconfigure the Queue. Queue Details page will be opened.
4. Click the Edit button of the Configuration Settings item. The Edit Configuration Settings popup window opens.
5. Modify Configuration Settings After modifying the configuration information in the popup window, click the Confirm button.

Manage IP Access Allowance

You can manage IPs that can access the Queue Service.

Add Accessible IP

To add an accessible IP, follow the steps below.

1. All Services > Application > Queue Service Click the menu. Go to the Service Home page of Queue Service.
2. Click the Queue menu on the Service Home page. It navigates to the Queue List page.
3. On the Queue list page, click the resource to add an accessible IP. It navigates to the Queue details page.
4. Click the Add IP Address button of the IP Access Allow List item. The Add IP Address popup opens.
5. After entering the IP to add to the IP Access Allow List, click the Confirm button.
   • Click the + button to add multiple IPs at once (up to 10).
6. When the popup notifying the addition of IP opens, click the Confirm button.

Exclude accessible IP

To exclude IPs registered in the IP Access Allow List, follow the steps below.

1. All Services > Application > Queue Service Click the menu. Navigate to the Service Home page of Queue Service.
2. Service Home page, click the Queue menu. Navigate to the Queue list page.
3. Click the resource to exclude the accessible IP on the Queue List page. You will be taken to the Queue Details page.
4. IP Access Allow List After checking the IP to exclude from the item, click the Delete button at the top of the list.

• IP Access Allow List you can also individually exclude by clicking the Delete button of the IP you want to remove.

5. When the popup notifying IP deletion opens, click the Confirm button.

Message Management

You can send or manage queue messages.

Send Message

To send a Queue message, follow the steps below.

1. All Services > Application > Queue Service Click the menu. Go to the Service Home page of Queue Service.
2. Click the Queue menu on the Service Home page. Move to the Queue list page.
3. Click the resource to send a Queue message on the Queue List page. You will be taken to the Queue Details page.
4. Queue Details page’s Message Management tab, click it.
5. Click the More > Send Message button at the top of the message list. The Send Message popup window will open.
6. Message Sending After entering the message information to be sent in the popup window, click the Confirm button.

Delete individual messages

You can delete Queue messages individually. To delete a message, follow the steps below.

1. All Services > Application > Queue Service Click the menu. Go to the Service Home page of Queue Service.
2. Click the Queue menu on the Service Home page. Navigate to the Queue List page.
3. On the Queue List page, click the resource to delete the Queue message. You will be taken to the Queue Details page.
4. Click the Message Management tab on the Queue Details page.
5. After selecting all messages to delete from the message list, click the More > Delete button at the top of the list.
   • You can also delete individually by clicking the Delete button at the far right of the message you want to delete in the message list.
6. If a popup window notifying message deletion opens, click the Confirm button.

Remove all messages

You can delete all messages in the queue.

To delete all messages, follow the steps below.

1. All Services > Application > Queue Service Click the menu. Navigate to the Service Home page of Queue Service.
2. Click the Queue menu on the Service Home page. Go to the Queue List page.
3. Queue List page, click the resource to remove the Queue message. Navigate to the Queue Details page.
4. Click the Message Management tab on the Queue Details page.
5. Click the More > Remove Message button at the top of the message list.
6. When the popup notifying message deletion opens, click the Confirm button.

Queue Service Cancel

You can reduce operating costs by canceling the unused Queue Service.
However, if you terminate the service, the currently operating service may be discontinued immediately, so you should proceed with the termination after fully considering the impact that may occur when the service is discontinued.

To cancel the Queue Service, follow the steps below.

1. All Services > Application > Queue Service Click the menu. Navigate to the Service Home page of Queue Service.
2. Click the Queue menu on the Service Home page. It moves to the Queue List page.
3. Queue List page, after selecting the resource to cancel, click the Cancel Service button.
   • After moving to the Queue Details page of the resource to be terminated, you can also terminate individually by clicking the Terminate Service button.
4. If a popup notifying service termination opens, click the Confirm button.

PrivateLink Service Integration

Queue Service can be used by integrating with PrivateLink Service, allowing direct communication with Queue Service from the user’s VPC instead of internet communication, thereby enhancing security.

PrivateLink Endpoint Create and Connect

Follow the steps below to integrate the Queue Service with the PrivateLink Service.

1. Check the PrivateLink Service ID of the Queue Service for creating a PrivateLink Endpoint.
   • The PrivateLink Service ID of Queue Service can be obtained by contacting us.
2. Create a PrivateLink Endpoint.
   • PrivateLink Endpoint creation method is refer to Creating PrivateLink Endpoint.

2.3 - Overview

Service Overview

Queue Service is a service that efficiently manages and delivers messages or tasks, supporting message transmission between systems.
This service smooths the data flow between the Producer that generates messages and the Consumer that receives messages, and provides a FIFO (First-In-First-Out) function that guarantees message order. Through this, it distributes system load caused by messages, allowing efficient message management in microservice architectures or event-driven systems.

Features

• Efficient message processing : By processing and managing the simultaneous sending and receiving of a large number of messages, you can efficiently handle the message processing tasks of the user system.
• Fast Service Processing : Producer and Consumer operate independently of each other, allowing for improved responsiveness and processing speed.
• Message Order Guarantee : Ensures the order of received messages to maintain data consistency.
• Strong security and reliability : Protects sensitive information through encryption during message transmission and storage, and provides reliable message management.

Service Diagram

Provided Features

Queue Service provides the following features.

• Queue creation: Create a Queue of type basic or FIFO that guarantees message order, depending on the message reception handling method.
  • If using FIFO type, the Queue Service sorts messages in order of receipt time.
• Message Transmission: The Producer sends the message to be delivered to the Consumer to the Queue.
• Message Reception: Consumer receives the Producer’s message from the Queue.
• Message Management: Check and manage messages stored in the Queue.
• Message Encryption: Encrypt messages within the Queue by integrating with the KMS service.
  • We support preventing message exposure by configuring message encryption.

Components

Producer

Create and send messages using Queue Service.

Consumer

Receive and process messages from the Queue Service.

Message Manager

You can check the loaded messages in the Queue Service and manage them, such as deleting them.

Region-specific provision status

Queue Service can be provided in the environment below.

Pre-service

Queue Service has no preceding service.

2.3.1 - ServiceWatch Metrics

Queue Service sends metrics to ServiceWatch. The metrics provided by default monitoring are data collected at a 1‑minute interval.

Basic Indicators

The following are the default metrics for the Queue Service namespace.

2.4 - CLI Reference

2.5 - API Reference

2.6 - Release Note

Queue Service