forked from docs/doc-exports
Liu, Siying
61db61b4e5
Reviewed-by: Bobkova, Natalia <natalia.bobkova@t-systems.com> Co-authored-by: Liu, Siying <liusiying@noreply.gitea.eco.tsi-dev.otc-service.com> Co-committed-by: Liu, Siying <liusiying@noreply.gitea.eco.tsi-dev.otc-service.com>
53 lines
6.1 KiB
HTML
53 lines
6.1 KiB
HTML
<a name="cts_api_0004"></a><a name="cts_api_0004"></a>
|
|
|
|
<h1 class="topictitle1">Authentication</h1>
|
|
<div id="body8662426"><p id="cts_api_0004__en-us_topic_0192137671_p26613555143846">You can use either of the following authentication methods when calling APIs:</p>
|
|
<ul id="cts_api_0004__en-us_topic_0192137671_ul38195410143846"><li id="cts_api_0004__en-us_topic_0192137671_li8214375143846">Token-based authentication: Requests are authenticated using a token.</li><li id="cts_api_0004__en-us_topic_0192137671_li61384639143846">AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK pair. AK/SK-based authentication is recommended because it is more secure than token-based authentication.</li></ul>
|
|
<div class="section" id="cts_api_0004__en-us_topic_0192137671_section2417768214391"><h4 class="sectiontitle">Token-based Authentication</h4><div class="note" id="cts_api_0004__en-us_topic_0192137671_note133321911123"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cts_api_0004__en-us_topic_0192137671_p1254514271026">The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.</p>
|
|
</div></div>
|
|
<p id="cts_api_0004__en-us_topic_0192137671_p18703477214">A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to requests to get permissions for calling the API.</p>
|
|
<p id="cts_api_0004__en-us_topic_0192137671_p642519467582">You can obtain a token by calling the API used for <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0057845583.html" target="_blank" rel="noopener noreferrer">obtaining a user token</a>. When you call the API, set <strong id="cts_api_0004__en-us_topic_0192137671_b14997147142813">auth.scope</strong> in the request body to <strong id="cts_api_0004__en-us_topic_0192137671_b13997154716289">project</strong>.</p>
|
|
<pre class="screen" id="cts_api_0004__en-us_topic_0192137671_screen1830175615316">{
|
|
"auth": {
|
|
"identity": {
|
|
"methods": [
|
|
"password"
|
|
],
|
|
"password": {
|
|
"user": {
|
|
"name": "<em id="cts_api_0004__en-us_topic_0192137671_i315217719194"><strong id="cts_api_0004__en-us_topic_0192137671_b14500116161919">username</strong></em>",
|
|
"password": "<strong id="cts_api_0004__en-us_topic_0192137671_b2559181251918"><em id="cts_api_0004__en-us_topic_0192137671_i12803128192">********</em></strong>",
|
|
"domain": {
|
|
"name": "<em id="cts_api_0004__en-us_topic_0192137671_i1560271681911"><strong id="cts_api_0004__en-us_topic_0192137671_b17173191614194">domainname</strong></em>"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
<strong id="cts_api_0004__en-us_topic_0192137671_b938144454815"> "scope": {</strong>
|
|
<strong id="cts_api_0004__en-us_topic_0192137671_b1339104411483"> "project": {</strong>
|
|
<strong id="cts_api_0004__en-us_topic_0192137671_b1640194414810"> "name": "<em id="cts_api_0004__en-us_topic_0192137671_i96917422329">xxxxxxxx</em>"</strong>
|
|
<strong id="cts_api_0004__en-us_topic_0192137671_b1540144194815"> }</strong>
|
|
<strong id="cts_api_0004__en-us_topic_0192137671_b1240544114818"> }</strong>
|
|
}
|
|
}</pre>
|
|
<p id="cts_api_0004__en-us_topic_0192137671_p9691122114266">After a token is obtained, the <strong id="cts_api_0004__en-us_topic_0192137671_b134131585418">X-Auth-Token</strong> header field must be added to requests to specify the token when calling other APIs. For example, if the token is <span class="parmvalue" id="cts_api_0004__en-us_topic_0192137671_parmvalue1853693444117"><b>ABCDEFJ....</b></span>, <span class="parmvalue" id="cts_api_0004__en-us_topic_0192137671_parmvalue10537183410411"><b>X-Auth-Token: ABCDEFJ....</b></span> can be added to a request as follows:</p>
|
|
<pre class="screen" id="cts_api_0004__en-us_topic_0192137671_screen11189101154015">
|
|
Content-Type: application/json
|
|
<strong id="cts_api_0004__en-us_topic_0192137671_b172853338430">X-Auth-Token: ABCDEFJ....</strong></pre>
|
|
</div>
|
|
<div class="section" id="cts_api_0004__en-us_topic_0192137671_section5887143815518"><h4 class="sectiontitle">AK/SK-based Authentication</h4><div class="note" id="cts_api_0004__en-us_topic_0192137671_note26801820183918"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cts_api_0004__en-us_topic_0192137671_p12680102053918">AK/SK-based authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token-based authentication is recommended.</p>
|
|
</div></div>
|
|
<p id="cts_api_0004__en-us_topic_0192137671_p171211559122516">In AK/SK-based authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.</p>
|
|
<ul id="cts_api_0004__en-us_topic_0192137671_ul9783543561"><li id="cts_api_0004__en-us_topic_0192137671_li8787541560">AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.</li><li id="cts_api_0004__en-us_topic_0192137671_li47917548569">SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.</li></ul>
|
|
<div class="p" id="cts_api_0004__en-us_topic_0192137671_p1866949103516">In AK/SK-based authentication, you can use an AK/SK pair to sign requests based on the signature algorithm or use the signing SDK to sign requests.<div class="notice" id="cts_api_0004__en-us_topic_0192137671_note13908111122113"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="cts_api_0004__en-us_topic_0192137671_p11657124333720">The signing SDK is only used for signing requests and is different from the SDKs provided by services.</p>
|
|
</div></div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="cts_api_0006.html">Calling APIs</a></div>
|
|
</div>
|
|
</div>
|
|
|