forked from docs/doc-exports
Hongwei, King Wang
32c06a10a2
Reviewed-by: Sarda, Priya <prsarda@noreply.gitea.eco.tsi-dev.otc-service.com> Co-authored-by: Hongwei, King Wang <king.wanghongwei@huawei.com> Co-committed-by: Hongwei, King Wang <king.wanghongwei@huawei.com>
83 lines
11 KiB
HTML
83 lines
11 KiB
HTML
<a name="EN-US_TOPIC_0000001854169129"></a><a name="EN-US_TOPIC_0000001854169129"></a>
|
|
|
|
<h1 class="topictitle1">Authentication</h1>
|
|
<div id="body8662426"><div class="p" id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_p18810153341120">Requests for calling an API can be authenticated using either of the following methods:<ul id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_ul178111133141112"><li id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_li108111233181115">Token authentication: Requests are authenticated using tokens.</li><li id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_li1381111330119">AK/SK authentication: Requests are encrypted using AK/SK pairs. AK/SK authentication is recommended as it is more secure than token authentication.</li></ul>
|
|
</div>
|
|
<p id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_p1481173321116"><strong id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_b1811123341118">Token Authentication</strong></p>
|
|
<div class="note" id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_note065218219136"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_p3811133181118">A token is valid for 24 hours. When using a token for authentication, cache it to avoid frequent calling.</p>
|
|
</div></div>
|
|
<p id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_p7811113317112">A token is used to acquire temporary permissions. During API authentication using a token, the token is added to the request header to get permissions for calling the API. You can obtain a token by calling the API used to obtain a user token.</p>
|
|
<p id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_p118115336117">A cloud service can be deployed as either a project-level service or global service.</p>
|
|
<ul id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_ul14811153312119"><li id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_li8811123381112">For a project-level service, you need to obtain a project-level token by setting <strong id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_b208221657145812">auth.scope</strong> in the request body to <strong id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_b138221857165812">project</strong>.</li><li id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_li1681118333117">For a global service, you need to obtain a global token by setting <strong id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_b5231174217215">auth.scope</strong> in the request body to <strong id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_b723184211213">domain</strong>.</li></ul>
|
|
<p id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_p158111033141119">A project-level token is required for calling APIs of the VPN service. As such, set <strong id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_b041544616599">auth.scope</strong> in the request body to <strong id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_b13416446185918">project</strong> when you call the API for obtaining a user token.</p>
|
|
<div class="codecoloring" codetype="Json" id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_screen13273815102419"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
|
|
<span class="normal"> 2</span>
|
|
<span class="normal"> 3</span>
|
|
<span class="normal"> 4</span>
|
|
<span class="normal"> 5</span>
|
|
<span class="normal"> 6</span>
|
|
<span class="normal"> 7</span>
|
|
<span class="normal"> 8</span>
|
|
<span class="normal"> 9</span>
|
|
<span class="normal">10</span>
|
|
<span class="normal">11</span>
|
|
<span class="normal">12</span>
|
|
<span class="normal">13</span>
|
|
<span class="normal">14</span>
|
|
<span class="normal">15</span>
|
|
<span class="normal">16</span>
|
|
<span class="normal">17</span>
|
|
<span class="normal">18</span>
|
|
<span class="normal">19</span>
|
|
<span class="normal">20</span>
|
|
<span class="normal">21</span>
|
|
<span class="normal">22</span>
|
|
<span class="normal">23</span></pre></div></td><td class="code"><div><pre><span></span><span class="p">{</span>
|
|
<span class="w"> </span><span class="nt">"auth"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
|
|
<span class="w"> </span><span class="nt">"identity"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
|
|
<span class="w"> </span><span class="nt">"methods"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
|
|
<span class="w"> </span><span class="s2">"password"</span>
|
|
<span class="w"> </span><span class="p">],</span>
|
|
<span class="w"> </span><span class="nt">"password"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
|
|
<span class="w"> </span><span class="nt">"user"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
|
|
<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"username"</span><span class="p">,</span>
|
|
<span class="w"> </span><span class="nt">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"********"</span><span class="p">,</span>
|
|
<span class="w"> </span><span class="nt">"domain"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
|
|
<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"domainname"</span>
|
|
<span class="w"> </span><span class="p">}</span>
|
|
<span class="w"> </span><span class="p">}</span>
|
|
<span class="w"> </span><span class="p">}</span>
|
|
<span class="w"> </span><span class="p">},</span>
|
|
<span class="w"> </span><span class="nt">"scope"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
|
|
<span class="w"> </span><span class="nt">"project"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
|
|
<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"xxxxxxxx"</span>
|
|
<span class="w"> </span><span class="p">}</span>
|
|
<span class="w"> </span><span class="p">}</span>
|
|
<span class="w"> </span><span class="p">}</span>
|
|
<span class="p">}</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
<p id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_p15934153242113">After obtaining a token, add the <strong id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_b156512520612">X-Auth-Token</strong> field specifying the token to the request header when calling other APIs. For example, when the token is <strong id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_b146281658128">ABCDEFJ...</strong>, add <strong id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_b56288571214">X-Auth-Token: ABCDEFJ...</strong> to the request header as follows:</p>
|
|
<div class="codecoloring" codetype="Json" id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_screen448826102316"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
|
|
<span class="normal">2</span>
|
|
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="err">POST</span><span class="w"> </span><span class="err">h</span><span class="kc">tt</span><span class="err">ps</span><span class="p">:</span><span class="c1">//iam.eu-de.otc.t-systems.com/v3/auth/tokens</span>
|
|
<span class="err">Co</span><span class="kc">ntent</span><span class="mi">-</span><span class="err">Type</span><span class="p">:</span><span class="w"> </span><span class="err">applica</span><span class="kc">t</span><span class="err">io</span><span class="kc">n</span><span class="err">/jso</span><span class="kc">n</span>
|
|
<span class="err">X</span><span class="mi">-</span><span class="err">Au</span><span class="kc">t</span><span class="err">h</span><span class="mi">-</span><span class="err">Toke</span><span class="kc">n</span><span class="p">:</span><span class="w"> </span><span class="err">ABCDEFJ....</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
<p id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_p893413320212"><strong id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_b20934732132118">AK/SK Authentication</strong></p>
|
|
<div class="note" id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_note1694232442212"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_p694272492210">AK/SK authentication supports API requests with a body size not larger than 12 MB. For API requests with larger sizes, use token authentication.</p>
|
|
</div></div>
|
|
<p id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_p1934143210216">In AK/SK-based authentication, AK/SK is used to sign requests, and the signature is then added to the request header for authentication.</p>
|
|
<ul id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_ul393453215210"><li id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_li893433242116">AK: access key, which is a unique identifier used together with an SK to sign requests cryptographically.</li><li id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_li393493219219">SK: secret access key, which is used together with an AK to sign requests cryptographically. It identifies a request sender and prevents the requests from being modified.</li></ul>
|
|
<p id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_p2093433222120">In AK/SK authentication, you can use an AK/SK to sign requests based on the signature algorithm or using the signing SDK. </p>
|
|
<div class="note" id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_note1886594572112"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000001854169129__en-us_topic_0000001594352985_p148661451219">Different from the SDKs provided by services, the signing SDK is used only for signing.</p>
|
|
</div></div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="vpn_api_0008.html">Calling APIs</a></div>
|
|
</div>
|
|
</div>
|
|
|