Calling the API by making HTTP Query requests
This section contains general information about using the Query API for Amazon Account Management. For details about the API operations and errors, see the API Reference.
Note
Instead of making direct calls to the Amazon Account Management Query API, you can use one of the
Amazon SDKs. The Amazon SDKs consist of libraries and sample code for various programming
languages and platforms (Java, Ruby, .NET, iOS, Android, and more). The SDKs provide a
convenient way to create programmatic access to Amazon Account Management and Amazon. For example, the
SDKs take care of tasks such as cryptographically signing requests, managing errors, and
retrying requests automatically. For information about the Amazon SDKs, including how to
download and install them, see Tools for
Amazon Web Services
With the Query API for Amazon Account Management, you can call service actions. Query API requests are
HTTPS requests that must contain an Action parameter to indicate the operation
to be performed. Amazon Account Management supports GET and POST requests for all
operations. That is, the API doesn't require you to use GET for some actions
and POST for others. However, GET requests are subject to the
limitation size of a URL. Although this limit is browser dependent, a typical limit is 2,048
bytes. Therefore, for Query API requests that require larger sizes, you must use a
POST request.
The response is an XML document. For details about the response, see the individual action pages in the API Reference.
Endpoints
Amazon Account Management has a single global API endpoint that is hosted in the US East (N. Virginia) Amazon Web Services Region.
For more information about Amazon endpoints and Regions for all services, see Regions and Endpoints in the Amazon Web Services General Reference.
HTTPS required
Because the Query API can return sensitive information such as security credentials, you must use HTTPS to encrypt all API requests.
Signing Amazon Account Management API requests
Requests must be signed using an access key ID and a secret access key. We strongly recommend that you don't use your Amazon root account credentials for everyday work with Amazon Account Management. You can use the credentials for an Amazon Identity and Access Management (IAM) user or temporary credentials such as you use with an IAM role.
To sign your API requests, you must use Amazon Signature Version 4. For information about using Signature Version 4, see Signing Amazon API requests in the IAM User Guide.
For more information, see the following:
-
Amazon Security Credentials – Provides general information about the types of credentials that you can use to access Amazon.
-
Security best practices in IAM – Offers suggestions for using the IAM service to help secure your Amazon resources, including those in Amazon Account Management.
-
Temporary security credentials in IAM – Describes how to create and use temporary security credentials.