Method | URI | Description |
---|---|---|
POST | /v2.0/tokens | Authenticates and generates a token. |
The Identity API is a ReSTful web service. It is the entry point to all service APIs. To access the Identity API, you must know its URL.
Each ReST request against the Identity API requires the X-Auth-Token header. Clients obtain this token, along with the URL to other service APIs, by first authenticating against the Identity API with valid credentials.
To authenticate, you must provide either a user ID and password or a token.
If the authentication token has expired, a 401 response code is returned.
If the token specified in the request has expired, this call returns a 404 response code.
The Identity API treats expired tokens as invalid tokens.
The deployment determines how long expired tokens are stored.
Normal response codes: 200, 203
Error response codes: identityFault (400, 500, …), userDisabled (403), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Example 2.3. Authenticate with user name and password credentials: JSON request
{ "auth":{ "passwordCredentials":{ "username":"test_user", "password":"mypass" }, "tenantName":"customer-x" } }
Example 2.4. Authenticate with user name and password credentials: XML request
<?xml version="1.0" encoding="UTF-8"?> <auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.openstack.org/identity/api/v2.0" tenantName="customer-x"> <passwordCredentials username="test_user" password="test"/> </auth>
Example 2.5. Authenticate with user name and password credentials: JSON response
{ "access":{ "token":{ "id": "ab48a9efdfedb23ty3494", "expires": "2010-11-01T03:32:15-05:00", "tenant":{ "id": "t1000", "name": "My Project" } }, "user":{ "id": "u123", "name": "jqsmith", "roles":[{ "id": "100", "name": "compute:admin" }, { "id": "101", "name": "object-store:admin", "tenantId": "t1000" } ], "roles_links":[] }, "serviceCatalog":[{ "name": "Cloud Servers", "type": "compute", "endpoints":[{ "tenantId": "t1000", "publicURL": "https://compute.north.host.com/v1/t1000", "internalURL": "https://compute.north.internal/v1/t1000", "region": "North", "versionId": "1", "versionInfo": "https://compute.north.host.com/v1/", "versionList": "https://compute.north.host.com/" }, { "tenantId": "t1000", "publicURL": "https://compute.north.host.com/v1.1/t1000", "internalURL": "https://compute.north.internal/v1.1/t1000", "region": "North", "versionId": "1.1", "versionInfo": "https://compute.north.host.com/v1.1/", "versionList": "https://compute.north.host.com/" } ], "endpoints_links":[] }, { "name": "Cloud Files", "type": "object-store", "endpoints":[{ "tenantId": "t1000", "publicURL": "https://storage.north.host.com/v1/t1000", "internalURL": "https://storage.north.internal/v1/t1000", "region": "North", "versionId": "1", "versionInfo": "https://storage.north.host.com/v1/", "versionList": "https://storage.north.host.com/" }, { "tenantId": "t1000", "publicURL": "https://storage.south.host.com/v1/t1000", "internalURL": "https://storage.south.internal/v1/t1000", "region": "South", "versionId": "1", "versionInfo": "https://storage.south.host.com/v1/", "versionList": "https://storage.south.host.com/" } ] }, { "name": "DNS-as-a-Service", "type": "dnsextension:dns", "endpoints":[{ "tenantId": "t1000", "publicURL": "https://dns.host.com/v2.0/t1000", "versionId": "2.0", "versionInfo": "https://dns.host.com/v2.0/", "versionList": "https://dns.host.com/" } ] } ] } }
Example 2.6. Authenticate with user name and password credentials: XML response
<?xml version="1.0" encoding="UTF-8"?> <access xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.openstack.org/identity/api/v2.0"> <token id="ab48a9efdfedb23ty3494" expires="2010-11-01T03:32:15-05:00"> <tenant id="t1000" name="My Project" /> </token> <user id="u123" name="jqsmith"> <roles> <role id="100" name="compute:admin"/> <role id="101" name="object-store:admin" tenantId="t1000"/> </roles> </user> <serviceCatalog> <service type="compute" name="Cloud Servers"> <endpoint tenantId="t1000" region="North" publicURL="https://compute.north.host.com/v1/t1000" internalURL="https://compute.north.host.internal/v1/t1000"> <version id="1" info="https://compute.north.host.com/v1/" list="https://compute.north.host.com/" /> </endpoint> <endpoint tenantId="t1000" region="North" publicURL="https://compute.north.host.com/v1.1/t1000" internalURL="https://compute.north.host.internal/v1.1/t1000"> <version id="1.1" info="https://compute.north.host.com/v1.1/" list="https://compute.north.host.com/" /> </endpoint> </service> <service type="object-store" name="Cloud Files"> <endpoint tenantId="t1000" region="North" publicURL="https://storage.north.host.com/v1/t1000" internalURL="https://storage.north.host.internal/v1/t1000"> <version id="1" info="https://storage.north.host.com/v1/" list="https://storage.north.host.com/" /> </endpoint> <endpoint tenantId="t1000" region="South" publicURL="https://storage.south.host.com/v1/t1000" internalURL="https://storage.south.host.internal/v1/t1000"> <version id="1" info="https://storage.south.host.com/v1/" list="https://storage.south.host.com/" /> </endpoint> </service> <service type="dnsextension:dns" name="DNS-as-a-Service"> <endpoint tenantId="t1000" publicURL="https://dns.host.com/v2.0/t1000"> <version id="2.0" info="https://dns.host.com/v2.0/" list="https://dns.host.com/" /> </endpoint> </service> </serviceCatalog> </access>