The OpenStack Identity administrative API operations enable service developers to get and validate access tokens, manage users, tenants, roles, and service endpoints.
Most administrative API calls require authentication. The only calls available without authentication are the calls to discover the service – getting version info, WADL contract, dev guide, help, and so on – and the call to authenticate and get a token.
Authentication is performed by passing in a valid token in
the X-Auth-Token header on the request from the
client. The Identity API will verify the token has (or
belongs to a user that has) the Admin role.
See the README file or administrator guides for how to bootstrap the Identity API and create your first administrator.
| Header Type | Name | Value |
| HTTP/1.1 Request | X-Auth-Token | txfa8426a08eaf |
The OpenStack Identity administrative API v2.0 calls are:
| Method | URI | Description |
|---|---|---|
| Token Operations | ||
| POST | /v2.0/tokens | Authenticates and generates a token. |
| GET | /v2.0/tokens/{tokenId}{?belongsTo} | Validates a token and confirms that it belongs to a specified tenant. |
| HEAD | /v2.0/tokens/{tokenId}{?belongsTo} | Validates a token and confirms that it belongs to a specified tenant, for performance. |
| GET | /v2.0/tokens/{tokenId}/endpoints | Lists the endpoints associated with a specified token. |
| User Operations | ||
| GET | /v2.0/users/{?name} | Gets detailed information about a specified user by user name. |
| GET | /v2.0/users/{user_id} | Gets detailed information about a specified user by user ID. |
| GET | /v2.0/users/{user_id}/roles | Lists global roles for a specified user. Excludes tenant roles. |
| Tenant Operations | ||
| GET | /v2.0/tenants{?marker,limit} | Lists tenants to which the specified token has access. |
| GET | /v2.0/tenants{?marker,limit,name} | Gets detailed information about a specified tenant by name. |
| GET | /v2.0/tenants/{tenantId} | Gets detailed information about a specified tenant by ID. |
| GET | /v2.0/tenants/{tenantId}/users/{userId}/roles | Lists roles for a specified user on a specified tenant. Excludes global roles. |
