Authenticate

MethodURIDescription
POST/v2.0/tokens

Authenticates and generates a token.

The Identity API is a ReSTful web service. It is the entry point to all service APIs. To access the Identity API, you must know its URL.

Each ReST request against the Identity API requires the X-Auth-Token header. Clients obtain this token, along with the URL to other service APIs, by first authenticating against the Identity API with valid credentials.

To authenticate, you must provide either a user ID and password or a token.

If the authentication token has expired, a 401 response code is returned.

If the token specified in the request has expired, this call returns a 404 response code.

The Identity API treats expired tokens as invalid tokens.

The deployment determines how long expired tokens are stored.

Normal response codes: 200, 203

Error response codes: identityFault (400, 500, ), userDisabled (403), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

 Request

 

Example 2.3. Authenticate with user name and password credentials: JSON request

{
    "auth":{
        "passwordCredentials":{
            "username":"test_user",
            "password":"mypass"
        },
        "tenantName":"customer-x"
    }
}

 

Example 2.4. Authenticate with user name and password credentials: XML request

<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns="http://docs.openstack.org/identity/api/v2.0"
 tenantName="customer-x">
  <passwordCredentials username="test_user" password="test"/>
</auth>

 Response

 

Example 2.5. Authenticate with user name and password credentials: JSON response

{
    "access":{
        "token":{
            "id": "ab48a9efdfedb23ty3494",
            "expires": "2010-11-01T03:32:15-05:00",
            "tenant":{
                "id": "t1000",
                "name": "My Project"
            }
        },
        "user":{
            "id": "u123",
            "name": "jqsmith",
            "roles":[{
                    "id": "100",
                    "name": "compute:admin"
                },
                {
                    "id": "101",
                    "name": "object-store:admin",
                    "tenantId": "t1000"
                }
            ],
            "roles_links":[]
        },
        "serviceCatalog":[{
                "name": "Cloud Servers",
                "type": "compute",
                "endpoints":[{
                        "tenantId": "t1000",
                        "publicURL": "https://compute.north.host.com/v1/t1000",
                        "internalURL": "https://compute.north.internal/v1/t1000",
                        "region": "North",
                        "versionId": "1",
                        "versionInfo": "https://compute.north.host.com/v1/",
                        "versionList": "https://compute.north.host.com/"
                    },
                    {
                        "tenantId": "t1000",
                        "publicURL": "https://compute.north.host.com/v1.1/t1000",
                        "internalURL": "https://compute.north.internal/v1.1/t1000",
                        "region": "North",
                        "versionId": "1.1",
                        "versionInfo": "https://compute.north.host.com/v1.1/",
                        "versionList": "https://compute.north.host.com/"
                    }
                ],
                "endpoints_links":[]
            },
            {
                "name": "Cloud Files",
                "type": "object-store",
                "endpoints":[{
                        "tenantId": "t1000",
                        "publicURL": "https://storage.north.host.com/v1/t1000",
                        "internalURL": "https://storage.north.internal/v1/t1000",
                        "region": "North",
                        "versionId": "1",
                        "versionInfo": "https://storage.north.host.com/v1/",
                        "versionList": "https://storage.north.host.com/"
                    },
                    {
                        "tenantId": "t1000",
                        "publicURL": "https://storage.south.host.com/v1/t1000",
                        "internalURL": "https://storage.south.internal/v1/t1000",
                        "region": "South",
                        "versionId": "1",
                        "versionInfo": "https://storage.south.host.com/v1/",
                        "versionList": "https://storage.south.host.com/"
                    }
                ]
            },
            {
                "name": "DNS-as-a-Service",
                "type": "dnsextension:dns",
                "endpoints":[{
                        "tenantId": "t1000",
                        "publicURL": "https://dns.host.com/v2.0/t1000",
                        "versionId": "2.0",
                        "versionInfo": "https://dns.host.com/v2.0/",
                        "versionList": "https://dns.host.com/"
                    }
                ]
            }
        ]
    }
}

 

Example 2.6. Authenticate with user name and password credentials: XML response

<?xml version="1.0" encoding="UTF-8"?>
<access xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://docs.openstack.org/identity/api/v2.0">
    <token id="ab48a9efdfedb23ty3494" expires="2010-11-01T03:32:15-05:00">
        <tenant id="t1000" name="My Project" />
    </token>
    <user id="u123" name="jqsmith">
        <roles>
            <role id="100" name="compute:admin"/>
            <role id="101" name="object-store:admin" tenantId="t1000"/>
        </roles>
    </user>
    <serviceCatalog>
        <service type="compute" name="Cloud Servers">
            <endpoint
        tenantId="t1000"
                region="North"
                publicURL="https://compute.north.host.com/v1/t1000"
                internalURL="https://compute.north.host.internal/v1/t1000">
                <version
                id="1"
                info="https://compute.north.host.com/v1/"
                list="https://compute.north.host.com/"
                />
            </endpoint>
            <endpoint
        tenantId="t1000"
                region="North"
                publicURL="https://compute.north.host.com/v1.1/t1000"
                internalURL="https://compute.north.host.internal/v1.1/t1000">
                <version
                id="1.1"
                info="https://compute.north.host.com/v1.1/"
                list="https://compute.north.host.com/" />
            </endpoint>
        </service>
        <service type="object-store" name="Cloud Files">
            <endpoint
        tenantId="t1000"
                region="North"
                publicURL="https://storage.north.host.com/v1/t1000"
                internalURL="https://storage.north.host.internal/v1/t1000">
                <version
                id="1"
                info="https://storage.north.host.com/v1/"
                list="https://storage.north.host.com/" />
            </endpoint>
            <endpoint
        tenantId="t1000"
                region="South"
                publicURL="https://storage.south.host.com/v1/t1000"
                internalURL="https://storage.south.host.internal/v1/t1000">
                <version
                id="1"
                info="https://storage.south.host.com/v1/"
                list="https://storage.south.host.com/" />
            </endpoint>
        </service>
        <service type="dnsextension:dns" name="DNS-as-a-Service">
            <endpoint
        tenantId="t1000"
                publicURL="https://dns.host.com/v2.0/t1000">
                <version
                id="2.0"
                info="https://dns.host.com/v2.0/"
                list="https://dns.host.com/" />
            </endpoint>
        </service>
    </serviceCatalog>
</access>

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...