AutoBackup API
AutoBackup provides GraphQL API for any kind of automation. To interact with the
API you need to generate an API key and provide it in the x-api-key header.
Path to the endpoint: https://api.backup.nordcloudapp.com/graphql
The API allows to:
register an account,
trigger a scan on registered accounts and check the scan’s status,
list resources,
create, remove and list backup policies,
create, remove, update and list backup setups,
attach backup setups and policies to resources,
enable backup on resources.
How to make a call
You can use cURL or GraphQL client to make a call for data. Below is the example of the query using cURL:
curl --location --request POST 'https://api.backup.nordcloudapp.com/graphql' \--header 'x-api-key: api-key' \--header 'Content-Type: application/json' \--data-raw '{"query": "query acc {accounts(searchCriteria: {customerId: \"customerid\"}) {data {id }}}"}'
Basically, in case of cURL - you have to put your query into a JSON:
{"query": "...query..."}
How to get the API schema
As any GraphQL API, you can introspect the schema using several available tools. For example, GraphQL playground offers schema introspection. For authentication, use the API key.
Example of processes
Add new AWS cloud account
In order to add new cloud account, first, you have to upload role or use the existing role.
You can get the role cloudformation template by query awsAccountAccessRoleTemplate
query roleTemplate {awsAccountAccessRoleTemplate(input: {customerId: "customerId",accountId: "AWS Account ID",accountType: PROTECTED})}
Where you have to fill the following values:
customerIdis unique ID of the customer in the AutoBackupaccountIdis the numeric value of AWS account which you want to add to AutoBackupaccountTypecan be PROTECTED or VAULT
In response, you will get:
{"data": {"awsAccountAccessRoleTemplate": "https://nc-backup-templates-bucket-production.s3-eu-west-1.amazonaws.com/generated-templates/role-customerid-hash.yml"}}
If you applied the template then you can add the account to the AutoBackup
mutation addAccount {createAccountAws(input: {customerId: "customerId",number: "aws account id",name: "The account name",accountType: PROTECTED}) {accountId}}
If everything is correct then you will get in response the account id.
Scan account
To scan a single account you can use the following mutation:
mutation scanAccount {triggerScanOnCloudAccount(input: {customerId: "customerId",accountId: "accountId"}) {scanId}}
To get the scan status:
query scanStatus {scanStatusAccount(input: {customerId: "customerId", accountId: "accountId"}) {scanIdstatus}}
Attach the backup policy and setup to the resource
The backup policy and/or setups can be attached in two ways.
Either for the specific list of resources, given in resourceIDs attribute or to resources selected by the filter defined in filters.
The last property is identical to the one passed to resource query.
mutation attachBackupPolicySetup {changeBackupPolicyAndSetups(input: {customerId: "customerId",backupPolicyId: "policy-id-1",setupsIds: ["setup-id-1", "setup-id-2"],filters: [{id: "RESOURCE_TYPE", values: ["aws-ebs", "aws-s3"]}]})}
In the above example, you filter your resources to EBS and S3 and attach to all of them a policy with id policy-id-1 and setups setup-id-1, setup-id-2.
The system, based on the resource type for which the setup is defined, will choose the appropriate setup for the filtered resources.
Enable/disable backup
The backup can be enabled, or disabled, similarly as you attach backup policy and setups. Basically, you can either change backup state for the specific list of resources or to the resources defined by the filters.
mutation changeBackupSetup {changeBackupState(input: {customerId: "customerId",resourceIDs: ["res-1", "res-2"],state: true})}
By running the above example, you will enable backup for resources res-1 and res-2.
To disable the backup you have to change the state property to false.