How to macht account management Tenant id to Resource Tenant ID.

A new API endpoint should start to work after the 21.03 release to process big int ids to UUIDs.
 

Before that, please use /api/1/group/{any_id} to retrieve UUID from id or vise-versa. If you need mass processing, like all children for a specific tenant, use /api/1/group/{any_id}/children.  In the return JSON array, id is big int id for a tenant, and uuid is GUID/UUID id of a tenant.  

Hello,

I'm also struggling with this. I followed your suggestion and now I have the 'short' id for all my tenants. Next I want to get all the devices for a single tenant (my goal is to retrieve backup status for all devices on every tenant).

So I follow instructions on https://developer.acronis.com/blog/posts/protection-status-report-for-acronis-cyber-cloud-protected-workloads/ and try filtering by 'tenant_id' and 'type' = 'resource.machine'.

But I get empty results. Inspecting the output without any filtering, I can see a lot of resources, but the value of 'context->tenant_id' which should be the short id of any tenant doesn't match with any of our tenants.

I'm thinking that maybe there's another layer I'm missing? I believe the data structure is:

Main tenant -> tenant -> resources (machines)

but maybe there's something between tenant and resources I'm missing?

Thanks!

When you exchange a token to protection scoped tenant-scoped token, you already limit output to the scoped tenant. It means that you can filter only by a tenant in the output (underneath scoped tenant). What kind of additional tenant filtering do you need? A personal tenant for a user? Could you please describe your scenario?

Hello, thanks for your support!

Our scenario is: we're a small MSP, we have a Cyber Protect account and a growing list of users under that account, set up as tenants. We're trying to integrate Acronis into our in-house backup reporting tool (where we check the backup status for different machines, using different backup technologies).

We're testing with an api key from the master tenant, so we should be able to check all devices for our customers (sub-tenants). Our software is doing like this:

1. Authenticate with Acronis
2. Get master tenant data (endpoint: /api/2/clients/{api_client_id})
3. Get master tenant group data (to get the short id, endpoint: /api/1/groups/{tenant_uuid})
4. Get all groups data (to get the short id for the sub-tenants, endpoint: /api/1/groups/{tenant_uuid}/children/)
5. Get a list of sub-tenants (endpoint: /api/2/tenants, with parameter 'parent_id' = {tenant_uuid})
6. Asign the short id for every sub-tenant with the one taken from point 4.
7. [Not working] Get a list of devices for every sub-tenant, using the short id and the endpoint /api/resource/management/v4/resource_statuses and parameter 'tenant_id' the short id of the sub tenant and 'type' = 'resource.machine'
8. [todo] For every device, get a list of tasks, and check if they've been completed succesfully or not (taken from this blog post)
9. [todo] Get quota status for every sub-tenant

I hope this describes our use case.

The issue we're facing is that for any sub-tenant, we have an uuid and a short id. When we ask the endpoint for a list of resources, we get something like:

[
  "context" => array:9 [
    "id" => "a280681c-265f-4f21-830b-xxxxxxxxxx"
    "created_at" => "2021-04-13T02:07:51.267805837Z"
    "updated_at" => "2021-05-03T06:29:45.153120626Z"
    "tenant_id" => "yyyyyy"
    "external_id" => "a280681c-265f-4f21-830b-xxxxxxxx@yyyyyy"
    "type" => "resource.machine"
    "agent_id" => "d212cd08-6321-4d1e-ab13-8ca02609a18b"
    "name" => "Resource name"
    "user_defined_name" => "my.resource.name"
  ]
  "aggregate" => array:2 [
    "status" => "idle"
    "names" => "Backups Cloud"
  ]
  "policies" => array:1 [
    0 => array:4 [
      "type" => "policy.backup.machine"
      "next_run" => "2021-05-04T02:38:13Z"
      "last_run" => "2021-05-03T02:43:44Z"
      "last_success_run" => "2021-05-03T02:43:44Z"
    ]
  ]
]

And that short id yyyyyy is not on the list i get from point 4, so I get an empty array from the endpoint.

Thanks!

Oh, I see. You need to make a token exchange for receiving status data for the specific customer. Check the Authorization Essentials section from this blog post https://developer.acronis.com/blog/posts/protection-status-report-for-acronis-cyber-cloud-protected-workloads/

Thank you, I did miss that (I thought that once logged-in as the main tenant, the token would suffice for all the sub-tenants).

Yes, it's enough for all partner account management operations and some protection operations. For customer protection level operations, you need a specific scope. It's planned to be united with the original endpoint /api/2/idp, but now you need to make this token exchange. You are still logged with the main token; just change the scope.

You can't receive with partner-issued token information regarding the protection of the underneath customers, the same on the web UI. You re-entered into another console.

Hello,
I also need the resources list for each child in the tenant list:
/api/2/tenants/xxxxx-9dfc-48e8-af07-7f4a1f754bec/children?include_details=true

unfortunately i can't get a connection of the results from:
/api/resource_management/v4/resource_statuses

with tenant_id of the child.

I created a new token based on the article:
/bc/idp/token
(scope = urn%3Aacronis.com%3Atenant-id%xxxxx-xxxx-xxxx-9f42-4aaee4d0f5bc)
xxxxx-xxxx-xxxx-9f42-4aaee4d0f5bc = the tenant_id of the tenant i want the resources.

https://developer.acronis.com/blog/posts/protection-status-report-for-a…

I successfully get a new token. How do I get the list of resources that belong to this token/tenant_id?

I hope you can assist me here.

best regards
nils

Hello Nils,

We can't include resources' details into the response of /api/2/tenants/<tenant_id>/children?include_details=true - you need to go over each child 1 by 1 recursively issuing the scoped access token with /bc/idp/token for each one of them and when fetching the list of resources with /api/resource_management/v4/resource_statuses or with /api/resource_management/v4/resources the response will have these resources filtered and belonging already to that specific child (for the one the scoped token is issued).

Do the same for each child:
1. Issue scoped access token with /bc/idp/token using the tenant uuid from the list of children - better from the response of /api/2/tenants/<tenant_id>/children without including their details.
2. GET the resources with /api/resource_management/v4/resources or /api/resource_management/v4/resource_statuses

Thank you.