vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/sfs/api-ref/sfs_02_0011.html
zhangyue 49ac6fa9ce SFS HPC API DOC 
Reviewed-by: Miskanin, Jan <jan.miskanin@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2024-08-16 12:25:57 +00:00

58 lines
7.1 KiB
HTML
Raw Blame History

<a name="sfs_02_0011"></a><a name="sfs_02_0011"></a>
<h1 class="topictitle1">Authentication</h1>
<div id="body1559725760180"><div class="p" id="sfs_02_0011__en-us_topic_0121671869_p26613555143846">Requests for calling an API can be authenticated using either of the following methods:<ul id="sfs_02_0011__en-us_topic_0121671869_ul38195410143846"><li id="sfs_02_0011__en-us_topic_0121671869_li61384639143846">AK/SK authentication: Requests are encrypted using AK/SK pairs. AK/SK authentication is recommended because it is more secure than token authentication.</li><li id="sfs_02_0011__en-us_topic_0121671869_li8214375143846">Token authentication: Requests are authenticated using tokens.</li></ul>
</div>
<div class="section" id="sfs_02_0011__en-us_topic_0121671869_section5887143815518"><h4 class="sectiontitle">AK/SK Authentication</h4><div class="note" id="sfs_02_0011__en-us_topic_0121671869_note26801820183918"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="sfs_02_0011__en-us_topic_0121671869_p12680102053918">AK/SK authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token authentication is recommended.</p>
</div></div>
<p id="sfs_02_0011__en-us_topic_0121671869_p171211559122516">In AK/SK authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.</p>
<ul id="sfs_02_0011__en-us_topic_0121671869_ul9783543561"><li id="sfs_02_0011__en-us_topic_0121671869_li8787541560">AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.</li><li id="sfs_02_0011__en-us_topic_0121671869_li47917548569">SK: secret access key, which is used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.</li></ul>
<p id="sfs_02_0011__en-us_topic_0121671869_p1866949103516">In AK/SK authentication, you can use an AK/SK to sign requests based on the signature algorithm or using the signing SDK. </p>
<div class="note" id="sfs_02_0011__en-us_topic_0121671869_note1225618420315"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="sfs_02_0011__en-us_topic_0121671869_p1325674263111">The signing SDK is only used for signing requests and is different from the SDKs provided by services.</p>
</div></div>
</div>
<div class="section" id="sfs_02_0011__en-us_topic_0121671869_section2417768214391"><h4 class="sectiontitle">Token Authentication</h4><div class="note" id="sfs_02_0011__en-us_topic_0121671869_note133321911123"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="sfs_02_0011__en-us_topic_0121671869_p1254514271026">The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.</p>
</div></div>
<p id="sfs_02_0011__en-us_topic_0121671869_p24084172174">A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to requests to get permissions for calling the API. You can obtain a token by calling the <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0057845583.html" target="_blank" rel="noopener noreferrer">Obtaining User Token</a> API.</p>
<p id="sfs_02_0011__en-us_topic_0121671869_p18703477214">IMS is a project-level service. When you call the API, set <strong id="sfs_02_0011__en-us_topic_0121671869_b1442622113014">auth.scope</strong> in the request body to <strong id="sfs_02_0011__en-us_topic_0121671869_b9433321123019">project</strong>.</p>
<p id="sfs_02_0011__en-us_topic_0121671869_p5296182518188"></p>
<pre class="screen" id="sfs_02_0011__en-us_topic_0121671869_screen1830175615316">{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "<em id="sfs_02_0011__en-us_topic_0121671869_i315217719194"><strong id="sfs_02_0011__en-us_topic_0121671869_b14500116161919">username</strong></em>", // IAM user name
"password": <em id="sfs_02_0011__en-us_topic_0121671869_i15727114912154"><strong id="sfs_02_0011__en-us_topic_0121671869_b87274494151">$ADMIN_PASS</strong></em>, //IAM user password. You are advised to store it in ciphertext in the configuration file or an environment variable and decrypt it when needed to ensure security.
"domain": {
"name": "<em id="sfs_02_0011__en-us_topic_0121671869_i1560271681911"><strong id="sfs_02_0011__en-us_topic_0121671869_b17173191614194">domainname</strong></em>" // Name of the domain to which the IAM user belongs
}
}
}
},
<strong id="sfs_02_0011__en-us_topic_0121671869_b28781733191612">"scope": {</strong>
<strong id="sfs_02_0011__en-us_topic_0121671869_b18664134414161">"project": {</strong>
<strong id="sfs_02_0011__en-us_topic_0121671869_b145484513165">"name": "<em id="sfs_02_0011__en-us_topic_0121671869_i4548165119166">xxxxxxxx</em>"</strong> // Project name
<strong id="sfs_02_0011__en-us_topic_0121671869_b5551165531613">}</strong>
<strong id="sfs_02_0011__en-us_topic_0121671869_b18740155861611">}</strong>
}
}</pre>
<p id="sfs_02_0011__en-us_topic_0121671869_p9691122114266">After a token is obtained, the <strong id="sfs_02_0011__en-us_topic_0121671869_b147976273481">X-Auth-Token</strong> header field must be added to requests to specify the token when calling other APIs. For example, if the token is <span class="parmvalue" id="sfs_02_0011__en-us_topic_0121671869_parmvalue36546471362"><b>ABCDEFJ....</b></span>, <span class="parmvalue" id="sfs_02_0011__en-us_topic_0121671869_parmvalue10655144717611"><b>X-Auth-Token: ABCDEFJ....</b></span> can be added to a request as follows:</p>
<div class="codecoloring" codetype="Java" id="sfs_02_0011__en-us_topic_0121671869_screen11189101154015"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="n">POST</span><span class="w"> </span><span class="n">https</span><span class="p">:</span><span class="c1">//{{endpoint}}/v3/auth/projects</span>
<span class="n">Content</span><span class="o">-</span><span class="n">Type</span><span class="p">:</span><span class="w"> </span><span class="n">application</span><span class="o">/</span><span class="n">json</span>
<span class="n">X</span><span class="o">-</span><span class="n">Auth</span><span class="o">-</span><span class="n">Token</span><span class="p">:</span><span class="w"> </span><span class="n">ABCDEFJ</span><span class="p">....</span>
</pre></div></td></tr></table></div>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="sfs_02_0008.html">Calling APIs</a></div>
</div>
</div>
View Git Blame Copy Permalink