Authenticate for Admin API

 
MethodURIDescription
POST/v2.0/tokens

Authenticates and generates a token.

Client authentication is provided through a ReST interface by using the POST method with v2.0/tokens supplied as the path. Include a payload of credentials in the body.

The Identity API is a ReSTful web service. It is the entry point to all service APIs. To access the Identity API, you must know its URL.

Each ReST request against the Identity API requires the X-Auth-Token header. Clients obtain this token, along with the URL to other service APIs, by first authenticating against the Identity Service with valid credentials.

If the authentication token has expired, a 401 response code is returned.

If the subject token has expired, this call returns a 404 response code.

The Identity API treats expired tokens as invalid tokens.

The deployment determines how long expired tokens are stored.

As the following example responses show, the response to an authentication request returns the token ID in the X-Subject-Token header instead of in the token data.

Normal response codes: 200, 203

Error response codes: identityFault (400, 500, ), userDisabled (403), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

 Request

 

Example 3.1. Authenticate with credentials: JSON request

{
    "auth":{
        "passwordCredentials":{
            "username":"test_user",
            "password":"mypass"
        },
        "tenantName":"customer-x"
    }
}

 

Example 3.2. Authenticate with credentials: XML request

<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns="http://docs.openstack.org/identity/api/v2.0"
 tenantName="customer-x">
  <passwordCredentials username="test_user" password="test"/>
</auth>

 Response

 

Example 3.3. Authenticate with credentials: JSON response

{
    "access":{
        "token":{
            "id": "ab48a9efdfedb23ty3494",
            "expires": "2010-11-01T03:32:15-05:00",
            "tenant":{
                "id": "t1000",
                "name": "My Project"
            }
        },
        "user":{
            "id": "u123",
            "name": "jqsmith",
            "roles":[{
                    "id": "100",
                    "name": "compute:admin"
                },
                {
                    "id": "101",
                    "name": "object-store:admin",
                    "tenantId": "t1000"
                }
            ],
            "roles_links":[]
        },
        "serviceCatalog":[{
                "name": "Cloud Servers",
                "type": "compute",
                "endpoints":[{
                        "tenantId": "t1000",
                        "publicURL": "https://compute.north.host.com/v1/t1000",
                        "internalURL": "https://compute.north.internal/v1/t1000",
                        "region": "North",
                        "versionId": "1",
                        "versionInfo": "https://compute.north.host.com/v1/",
                        "versionList": "https://compute.north.host.com/"
                    },
                    {
                        "tenantId": "t1000",
                        "publicURL": "https://compute.north.host.com/v1.1/t1000",
                        "internalURL": "https://compute.north.internal/v1.1/t1000",
                        "region": "North",
                        "versionId": "1.1",
                        "versionInfo": "https://compute.north.host.com/v1.1/",
                        "versionList": "https://compute.north.host.com/"
                    }
                ],
                "endpoints_links":[]
            },
            {
                "name": "Cloud Files",
                "type": "object-store",
                "endpoints":[{
                        "tenantId": "t1000",
                        "publicURL": "https://storage.north.host.com/v1/t1000",
                        "internalURL": "https://storage.north.internal/v1/t1000",
                        "region": "North",
                        "versionId": "1",
                        "versionInfo": "https://storage.north.host.com/v1/",
                        "versionList": "https://storage.north.host.com/"
                    },
                    {
                        "tenantId": "t1000",
                        "publicURL": "https://storage.south.host.com/v1/t1000",
                        "internalURL": "https://storage.south.internal/v1/t1000",
                        "region": "South",
                        "versionId": "1",
                        "versionInfo": "https://storage.south.host.com/v1/",
                        "versionList": "https://storage.south.host.com/"
                    }
                ]
            },
            {
                "name": "DNS-as-a-Service",
                "type": "dnsextension:dns",
                "endpoints":[{
                        "tenantId": "t1000",
                        "publicURL": "https://dns.host.com/v2.0/t1000",
                        "versionId": "2.0",
                        "versionInfo": "https://dns.host.com/v2.0/",
                        "versionList": "https://dns.host.com/"
                    }
                ]
            }
        ]
    }
}

 

Example 3.4. Authenticate with credentials: XML response

<?xml version="1.0" encoding="UTF-8"?>
<access xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://docs.openstack.org/identity/api/v2.0">
    <token id="ab48a9efdfedb23ty3494" expires="2010-11-01T03:32:15-05:00">
        <tenant id="t1000" name="My Project" />
    </token>
    <user id="u123" name="jqsmith">
        <roles>
            <role id="100" name="compute:admin"/>
            <role id="101" name="object-store:admin" tenantId="t1000"/>
        </roles>
    </user>
    <serviceCatalog>
        <service type="compute" name="Cloud Servers">
            <endpoint
        tenantId="t1000"
                region="North"
                publicURL="https://compute.north.host.com/v1/t1000"
                internalURL="https://compute.north.host.internal/v1/t1000">
                <version
                id="1"
                info="https://compute.north.host.com/v1/"
                list="https://compute.north.host.com/"
                />
            </endpoint>
            <endpoint
        tenantId="t1000"
                region="North"
                publicURL="https://compute.north.host.com/v1.1/t1000"
                internalURL="https://compute.north.host.internal/v1.1/t1000">
                <version
                id="1.1"
                info="https://compute.north.host.com/v1.1/"
                list="https://compute.north.host.com/" />
            </endpoint>
        </service>
        <service type="object-store" name="Cloud Files">
            <endpoint
        tenantId="t1000"
                region="North"
                publicURL="https://storage.north.host.com/v1/t1000"
                internalURL="https://storage.north.host.internal/v1/t1000">
                <version
                id="1"
                info="https://storage.north.host.com/v1/"
                list="https://storage.north.host.com/" />
            </endpoint>
            <endpoint
        tenantId="t1000"
                region="South"
                publicURL="https://storage.south.host.com/v1/t1000"
                internalURL="https://storage.south.host.internal/v1/t1000">
                <version
                id="1"
                info="https://storage.south.host.com/v1/"
                list="https://storage.south.host.com/" />
            </endpoint>
        </service>
        <service type="dnsextension:dns" name="DNS-as-a-Service">
            <endpoint
        tenantId="t1000"
                publicURL="https://dns.host.com/v2.0/t1000">
                <version
                id="2.0"
                info="https://dns.host.com/v2.0/"
                list="https://dns.host.com/" />
            </endpoint>
        </service>
    </serviceCatalog>
</access>

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...