vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dataartsstudio/api-ref/dataartsstudio_02_0010.html
Xiong, Chen Xiao 14a6d65e8c DataArts API 20240130 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: Xiong, Chen Xiao <chenxiaoxiong@huawei.com>
Co-committed-by: Xiong, Chen Xiao <chenxiaoxiong@huawei.com>
2024-03-01 11:46:15 +00:00

67 lines
11 KiB
HTML
Raw Permalink Blame History

<a name="dataartsstudio_02_0010"></a><a name="dataartsstudio_02_0010"></a>
<h1 class="topictitle1">Authentication</h1>
<div id="body8662426"><div class="p" id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_p26613555143846">Requests for calling an API can be authenticated using either of the following methods:<ul id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_ul38195410143846"><li id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_li8214375143846">Token-based authentication: Requests are authenticated using a token.</li><li id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_li61384639143846">AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK pair.</li></ul>
<div class="note" id="dataartsstudio_02_0010__note127591741175411"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="dataartsstudio_02_0010__p676134155414">An IAM user can pass the authentication and access <span id="dataartsstudio_02_0010__dataartsstudio_02_0005_text57841510161910">DataArts Studio</span> through an API or SDK only if <strong id="dataartsstudio_02_0010__dataartsstudio_02_0005_b1834015273813">Programmatic access</strong> is selected for <strong id="dataartsstudio_02_0010__dataartsstudio_02_0005_b146218599421">Access Type</strong> during the creation of the IAM user.</p>
</div></div>
</div>
<div class="section" id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_section2417768214391"><h4 class="sectiontitle">Token-based Authentication</h4><div class="note" id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_note133321911123"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_p1254514271026">The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.</p>
</div></div>
<p id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_p18703477214">A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to a request to get permissions for calling the API.</p>
<p id="dataartsstudio_02_0010__p587418197597">When calling the API to obtain a user token, you must set <strong id="dataartsstudio_02_0010__b1859819251283">auth.scope</strong> in the request body to <strong id="dataartsstudio_02_0010__b9598192515285">project</strong>.</p>
<pre class="screen" id="dataartsstudio_02_0010__screen1891571453115">{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "<em id="dataartsstudio_02_0010__i1274635725119"><strong id="dataartsstudio_02_0010__b841820569516">username</strong></em>",
"password": "<em id="dataartsstudio_02_0010__i144512185214"><strong id="dataartsstudio_02_0010__b283550105213">********</strong></em>",
"domain": {
"name": "<em id="dataartsstudio_02_0010__i1220191035315"><strong id="dataartsstudio_02_0010__b186363916535">domainname</strong></em>"
}
}
}
},
"scope": {
"project": {
"id": "<em id="dataartsstudio_02_0010__i12245175475720"><strong id="dataartsstudio_02_0010__b985218522578">xxxxxxxxxxxxxxxxxx</strong></em>"
}
}
}
}</pre>
<p id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_p9691122114266">After a token is obtained, the X-Auth-Token header field must be added to requests to specify the token when calling other APIs, for example, the API used to query a connection list. For example, if the token is <span class="parmvalue" id="dataartsstudio_02_0010__en-us_topic_0181281305_parmvalue986910577527"><b>ABCDEFJ....</b></span>, <span class="parmvalue" id="dataartsstudio_02_0010__en-us_topic_0181281305_parmvalue158694579527"><b>X-Auth-Token: ABCDEFJ....</b></span> can be added to a request as follows:</p>
<pre class="screen" id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_screen11189101154015">
GET https://{{endpoint}}/v1/{project_id}/connections
Content-Type: application/json
<strong id="dataartsstudio_02_0010__b68753263013">X-Auth-Token: ABCDEFJ....</strong></pre>
</div>
<div class="section" id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_section5887143815518"><h4 class="sectiontitle">AK/SK-based Authentication</h4><div class="note" id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_note26801820183918"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_p12680102053918">AK/SK-based authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token-based authentication is recommended.</p>
</div></div>
<p id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_p171211559122516">In AK/SK-based authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.</p>
<ul id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_ul9783543561"><li id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_li8787541560">AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.</li><li id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_li47917548569">SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.</li></ul>
<div class="p" id="dataartsstudio_02_0010__p576822119389">To obtain an access key, perform the following steps:<ol id="dataartsstudio_02_0010__en-us_topic_0000001668118762_en-us_topic_0183643042_ol535183018588"><li id="dataartsstudio_02_0010__en-us_topic_0000001668118762_en-us_topic_0183643042_li1535103025819">Log in to the management console, move the cursor to the username in the upper right corner, and select <strong id="dataartsstudio_02_0010__en-us_topic_0000001668118762_b1586023610364">My Credentials</strong> from the drop-down list.</li><li id="dataartsstudio_02_0010__en-us_topic_0000001668118762_en-us_topic_0183643042_li173533018584">On the <strong id="dataartsstudio_02_0010__en-us_topic_0000001668118762_b149721128172418">My Credentials</strong> page, choose <strong id="dataartsstudio_02_0010__en-us_topic_0000001668118762_b15803656132414">Access Keys</strong>, and click <strong id="dataartsstudio_02_0010__en-us_topic_0000001668118762_b2452152020258">Create Access Key</strong>. See <a href="#dataartsstudio_02_0010__en-us_topic_0000001668118762_en-us_topic_0183643042_fig1552229194615">Figure 1</a>.<div class="fignone" id="dataartsstudio_02_0010__en-us_topic_0000001668118762_en-us_topic_0183643042_fig1552229194615"><a name="dataartsstudio_02_0010__en-us_topic_0000001668118762_en-us_topic_0183643042_fig1552229194615"></a><a name="en-us_topic_0000001668118762_en-us_topic_0183643042_fig1552229194615"></a><span class="figcap"><b>Figure 1 </b>Clicking Create Access Key</span><br><span><img id="dataartsstudio_02_0010__en-us_topic_0000001668118762_image20389043111611" src="en-us_image_0000001668278494.png" width="274.3125" height="82.927362" title="Click to enlarge" class="imgResize"></span></div>
</li><li id="dataartsstudio_02_0010__en-us_topic_0000001668118762_en-us_topic_0183643042_li1535530185815">Click <strong id="dataartsstudio_02_0010__en-us_topic_0000001668118762_b8340319122819">OK</strong> and save the access key file as prompted. The access key file will be saved to your browser's configured download location. Open the <strong id="dataartsstudio_02_0010__en-us_topic_0000001668118762_b1940852512813">credentials.csv</strong> file to view <strong id="dataartsstudio_02_0010__en-us_topic_0000001668118762_b191574128718">Access Key Id</strong> and <strong id="dataartsstudio_02_0010__en-us_topic_0000001668118762_b175769149718">Secret Access Key</strong>.<div class="note" id="dataartsstudio_02_0010__en-us_topic_0000001668118762_note4554158201"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="dataartsstudio_02_0010__en-us_topic_0000001668118762_ul25541081906"><li id="dataartsstudio_02_0010__en-us_topic_0000001668118762_li175541819018">Only two access keys can be added for each user.</li><li id="dataartsstudio_02_0010__en-us_topic_0000001668118762_li3554138305">To ensure access key security, the access key is automatically downloaded only when it is generated for the first time and cannot be obtained from the management console later. Keep them properly.</li></ul>
</div></div>
</li></ol>
</div>
<div class="p" id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_p1866949103516">In AK/SK-based authentication, you can use an AK/SK to sign requests based on the signature algorithm or use the signing SDK to sign requests. For details about how to sign requests and use the signature SDK, see API Request Signing Guide.<div class="notice" id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_note13908111122113"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="dataartsstudio_02_0010__en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_p11657124333720">The signing SDKs are only used for signing requests and different from the SDKs provided by services.</p>
</div></div>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dataartsstudio_02_0008.html">Calling APIs</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink