vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/iam/api-ref/en-us_topic_0057845583.html
Wei, Hongmin c7cf8ac24f IAM API 0711 Version 
Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com>
Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com>
Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
2024-07-11 11:57:45 +00:00

500 lines
38 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<a name="en-us_topic_0057845583"></a><a name="en-us_topic_0057845583"></a>
<h1 class="topictitle1">Obtaining a User Token</h1>
<div id="body1559206849798"><div class="section" id="en-us_topic_0057845583__s5888597838b0425a92e3419fb766c7f5"><h4 class="sectiontitle">Function</h4><p id="en-us_topic_0057845583__p1691133013483">This API is used to obtain a token through username/password authentication. A token is a system object encapsulating the identity and permissions of a user. When calling the APIs of IAM or other cloud services, you can use this API to obtain a token for authentication.</p>
<div class="note" id="en-us_topic_0057845583__note6480102712573"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><div class="p" id="en-us_topic_0057845583__p49441123175220">Tokens are valid for 24 hours and you can cache them to reduce the number of API calls needed. Ensure that the token is valid while you use it. Using a token that will soon expire may cause API calling failures. Obtaining a new token does not affect the validity of the existing token. The following operations will invalidate the existing token. After these operations are performed, obtain a new token.<ul id="en-us_topic_0057845583__ul183961935103512"><li id="en-us_topic_0057845583__li73961935173511">Changing the password or access key of your account or an IAM user: The token of your account or the user is invalidated.</li><li id="en-us_topic_0057845583__li339683512356">Deleting or disabling an IAM user: The token of the user is invalidated.</li><li id="en-us_topic_0057845583__li15396123513359">Changing the permissions of an IAM user: The token of the user is invalidated. For example, when the user is added to or removed from a user group, or when permissions of the group which the user belongs to are modified.</li></ul>
</div>
</div></div>
</div>
<div class="section" id="en-us_topic_0057845583__s46d3616bd4c54e55ba97a528518a5890"><h4 class="sectiontitle">URI</h4><p id="en-us_topic_0057845583__a80e962a80e7749d3b159c2c7380021bf">POST /v3/auth/tokens</p>
</div>
<div class="section" id="en-us_topic_0057845583__se7fe5cac0d544e119c49322cc1707eb6"><h4 class="sectiontitle">Request Parameters</h4><ul id="en-us_topic_0057845583__en-us_topic_0026585112_ul3226198"><li id="en-us_topic_0057845583__l7c4919f55ea849a9bb59e1454113085c">Parameters in the request header
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0057845583__t68c7bd10e66a4380a1e6cdc78ca95669" frame="border" border="1" rules="all"><thead align="left"><tr id="en-us_topic_0057845583__r584496594a404ce18918a40e6e57c2ec"><th align="left" class="cellrowborder" valign="top" width="17.818218178182182%" id="mcps1.3.3.2.1.1.1.5.1.1"><p id="en-us_topic_0057845583__ac3a989cc5d3a405889eabb47dee84b04">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.568243175682433%" id="mcps1.3.3.2.1.1.1.5.1.2"><p id="en-us_topic_0057845583__a69a20ac00b86496aa8418517c542b0da">Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.108189181081894%" id="mcps1.3.3.2.1.1.1.5.1.3"><p id="en-us_topic_0057845583__a92c23d4441054df0972e025aeb3a8d7f">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="46.5053494650535%" id="mcps1.3.3.2.1.1.1.5.1.4"><p id="en-us_topic_0057845583__abe6882c44cf4402d8ed7706b9278f33b">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="en-us_topic_0057845583__r5d63069d6a8a426e8b25b94d1b4d302a"><td class="cellrowborder" valign="top" width="17.818218178182182%" headers="mcps1.3.3.2.1.1.1.5.1.1 "><p id="en-us_topic_0057845583__ad4fb6253385c46ab8720a0e13f573694">Content-Type</p>
</td>
<td class="cellrowborder" valign="top" width="17.568243175682433%" headers="mcps1.3.3.2.1.1.1.5.1.2 "><p id="en-us_topic_0057845583__a6b33800bcb2a446695b1d33a2d751554">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18.108189181081894%" headers="mcps1.3.3.2.1.1.1.5.1.3 "><p id="en-us_topic_0057845583__ab34a5e95b76b4b79a72da0734025f211">String</p>
</td>
<td class="cellrowborder" valign="top" width="46.5053494650535%" headers="mcps1.3.3.2.1.1.1.5.1.4 "><p id="en-us_topic_0057845583__a716277ae541d4553bb10490f9c02593d">Fill <span class="parmvalue" id="en-us_topic_0057845583__parmvalue17621591774"><b>application/json;charset=utf8</b></span> in this field.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="en-us_topic_0057845583__en-us_topic_0026585112_li29035785">Parameters in the request body
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0057845583__table1472672314012" frame="border" border="1" rules="all"><thead align="left"><tr id="en-us_topic_0057845583__row372613231901"><th align="left" class="cellrowborder" valign="top" width="18.04%" id="mcps1.3.3.2.2.1.1.5.1.1"><p id="en-us_topic_0057845583__p127271523609">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.51%" id="mcps1.3.3.2.2.1.1.5.1.2"><p id="en-us_topic_0057845583__p10727523607">Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.07%" id="mcps1.3.3.2.2.1.1.5.1.3"><p id="en-us_topic_0057845583__p672717232020">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="46.379999999999995%" id="mcps1.3.3.2.2.1.1.5.1.4"><p id="en-us_topic_0057845583__p4727142310020">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="en-us_topic_0057845583__row117274231708"><td class="cellrowborder" valign="top" width="18.04%" headers="mcps1.3.3.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__p117271323403">identity</p>
</td>
<td class="cellrowborder" valign="top" width="17.51%" headers="mcps1.3.3.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__p07279236010">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18.07%" headers="mcps1.3.3.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__p1072715231201">JSON object</p>
</td>
<td class="cellrowborder" valign="top" width="46.379999999999995%" headers="mcps1.3.3.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__p12733551037">Authentication parameters, including: <strong id="en-us_topic_0057845583__b1092964216403">methods</strong> and <strong id="en-us_topic_0057845583__b3319240124015">password</strong>.</p>
<pre class="screen" id="en-us_topic_0057845583__screen4242448102819">"identity": {
"methods": ["password"],
"password": {</pre>
</td>
</tr>
<tr id="en-us_topic_0057845583__row14766951175411"><td class="cellrowborder" valign="top" width="18.04%" headers="mcps1.3.3.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__p81848145559">methods</p>
</td>
<td class="cellrowborder" valign="top" width="17.51%" headers="mcps1.3.3.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__p19184101415559">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18.07%" headers="mcps1.3.3.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__p8184131410553">String Array</p>
</td>
<td class="cellrowborder" valign="top" width="46.379999999999995%" headers="mcps1.3.3.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__p101851414175513">Authentication method. The value of this field is <span class="parmvalue" id="en-us_topic_0057845583__parmvalue3689104031514"><b>password</b></span>. If virtual MFAbased login authentication is enabled, the value of this field is <strong id="en-us_topic_0057845583__b227184080213039">["password","totp"]</strong>.</p>
</td>
</tr>
<tr id="en-us_topic_0057845583__row102161954175410"><td class="cellrowborder" valign="top" width="18.04%" headers="mcps1.3.3.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__p31853141551">password</p>
</td>
<td class="cellrowborder" valign="top" width="17.51%" headers="mcps1.3.3.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__p41851214175516">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18.07%" headers="mcps1.3.3.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__p6185514205514">JSON object</p>
</td>
<td class="cellrowborder" valign="top" width="46.379999999999995%" headers="mcps1.3.3.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__p171859142556">Authentication information. Example:</p>
<pre class="screen" id="en-us_topic_0057845583__screen19185191413550">"password": {
"user": {
"name": "<em id="en-us_topic_0057845583__i1690174081514">user A</em>",
"password": "<em id="en-us_topic_0057845583__i869074013155">**********</em>",
"domain": {
"name": "<em id="en-us_topic_0057845583__i166909402156">domain A</em>"</pre>
<ul id="en-us_topic_0057845583__ul2147135719418"><li id="en-us_topic_0057845583__li414710571749"><strong id="en-us_topic_0057845583__b1749944084213">user.name</strong>: Name of the user that wants to obtain the token. Obtain the username on the <strong id="en-us_topic_0057845583__b0207101810433">My Credentials</strong> page.</li><li id="en-us_topic_0057845583__li151471557847"><strong id="en-us_topic_0057845583__b181311636194319">password</strong>: Login password of the user.</li><li id="en-us_topic_0057845583__li101474572410"><strong id="en-us_topic_0057845583__b15949115334320">domain.name</strong>: Name of the domain that created the user. Obtain the domain name on the <strong id="en-us_topic_0057845583__b87551617445">My Credentials</strong> page.</li></ul>
</td>
</tr>
<tr id="en-us_topic_0057845583__row1135014915519"><td class="cellrowborder" valign="top" width="18.04%" headers="mcps1.3.3.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__p618618143556">totp</p>
</td>
<td class="cellrowborder" valign="top" width="17.51%" headers="mcps1.3.3.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__p1818641419559">No</p>
</td>
<td class="cellrowborder" valign="top" width="18.07%" headers="mcps1.3.3.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__p618651417559">JSON object</p>
</td>
<td class="cellrowborder" valign="top" width="46.379999999999995%" headers="mcps1.3.3.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__p4186114115512">Authentication information. This parameter is mandatory only when virtual MFAbased login authentication is enabled.</p>
<p id="en-us_topic_0057845583__p54078106508">You can specify either <strong id="en-us_topic_0057845583__b44654619277">user.id</strong> or <strong id="en-us_topic_0057845583__b13584204817275">user.name</strong>.</p>
<p id="en-us_topic_0057845583__p10186414155519">Example 1:</p>
<pre class="screen" id="en-us_topic_0057845583__screen143613914494">"totp": {
"user": {
"id": "b95b78b67fa045b38104c12fb...",
"passcode": "******"</pre>
<ul id="en-us_topic_0057845583__ul2368974911"><li id="en-us_topic_0057845583__li93616917494"><strong id="en-us_topic_0057845583__b139021043194611">user.id</strong>: User ID, which can be obtained on the <strong id="en-us_topic_0057845583__b8821233194619">My Credentials</strong> page.</li><li id="en-us_topic_0057845583__li133649104912"><strong id="en-us_topic_0057845583__b134597122817">passcode</strong>: MFA verification code, which can be obtained on the MFA App.</li></ul>
<p id="en-us_topic_0057845583__p8274650164814">Example 2:</p>
<pre class="screen" id="en-us_topic_0057845583__screen01571135184615">"totp": {
"user": {
"name": "user A",
"passcode": "******"</pre>
<ul id="en-us_topic_0057845583__ul85041943518"><li id="en-us_topic_0057845583__li195041541252"><strong id="en-us_topic_0057845583__b1564394482817">user.name</strong>: Name of the user that wants to obtain the token.</li><li id="en-us_topic_0057845583__li112898182448"><strong id="en-us_topic_0057845583__b8742941773">passcode</strong>: MFA verification code, which can be obtained on the MFA App.</li></ul>
</td>
</tr>
<tr id="en-us_topic_0057845583__row77278232020"><td class="cellrowborder" valign="top" width="18.04%" headers="mcps1.3.3.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__p124182557111">scope</p>
</td>
<td class="cellrowborder" valign="top" width="17.51%" headers="mcps1.3.3.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__p144209551918">No</p>
</td>
<td class="cellrowborder" valign="top" width="18.07%" headers="mcps1.3.3.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__p144236557120">JSON object</p>
</td>
<td class="cellrowborder" valign="top" width="46.379999999999995%" headers="mcps1.3.3.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__p8397345145417">Usage scope of the token. The value can be <strong id="en-us_topic_0057845583__b03311514506">project</strong> or <strong id="en-us_topic_0057845583__b466092125010">domain</strong>.</p>
<ul id="en-us_topic_0057845583__ul32091543195912"><li id="en-us_topic_0057845583__li1842613483596">Example 1: If this field is set to <strong id="en-us_topic_0057845583__b17568195342219">project</strong>, the token can be used to access only services in specific projects, such as ECS. You can specify either <strong id="en-us_topic_0057845583__b35661428102320">id</strong> or <strong id="en-us_topic_0057845583__b14573162819236">name</strong>.<pre class="screen" id="en-us_topic_0057845583__screen842664845912">"scope": {
"project": {
"id": "0b95b78b67fa045b38104c12fb..."
}
}</pre>
</li><li id="en-us_topic_0057845583__li761211595616">Example 2: If this field is set to <strong id="en-us_topic_0057845583__b12685173812232">domain</strong>, the token can be used to access global services, such as OBS. Global services are not subject to any projects or regions. You can specify either <strong id="en-us_topic_0057845583__b254016962414">id</strong> or <strong id="en-us_topic_0057845583__b054799182418">name</strong>.<pre class="screen" id="en-us_topic_0057845583__screen59171740125811">"scope": {
"domain": {
"name": " domain A"
}
}</pre>
</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="en-us_topic_0057845583__en-us_topic_0026585112_li17042198">Example request<p id="en-us_topic_0057845583__a8fbaf401ac2d466888905fc593f3fc49"><a name="en-us_topic_0057845583__en-us_topic_0026585112_li17042198"></a><a name="en-us_topic_0026585112_li17042198"></a>The following is a sample request for obtaining a token for <strong id="en-us_topic_0057845583__b13931884549">user A</strong>. The login password of the user is <strong id="en-us_topic_0057845583__b155791839125411">**********</strong> and the domain name is <strong id="en-us_topic_0057845583__b929055511544">domain A</strong>. The scope of the token is <strong id="en-us_topic_0057845583__b148619112556">domain</strong>.</p>
<pre class="screen" id="en-us_topic_0057845583__screen165731206134">{
"auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "user A",
"password": "**********",
"domain": {
"name": "domain A"
}
}
}
},
"scope": {
"domain": {
"name": "domain A"
}
}
}
}</pre>
<p id="en-us_topic_0057845583__p13668471681">The following is a sample request for obtaining a token when virtual MFAbased login authentication is enabled.</p>
<pre class="screen" id="en-us_topic_0057845583__screen8267533164417">{
"auth": {
"identity": {
"methods": ["password", "totp"],
"password": {
"user": {
"name": "user A",
"password": "********",
"domain": {
"name": "domain A"
}
}
},
"totp" : {
"user": {
"name": "user A",
"passcode": "******"
}
}
},
"scope": {
"domain": {
"name": "domain A"
}
}
}
}</pre>
</li></ul>
</div>
<div class="section" id="en-us_topic_0057845583__s3a08e13bb5b34dc2ba4dcd84a0d51cf5"><h4 class="sectiontitle">Response Parameters</h4><ul id="en-us_topic_0057845583__en-us_topic_0026585112_ul10497152"><li id="en-us_topic_0057845583__en-us_topic_0026585112_li27365507">Parameters in the response header
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0057845583__en-us_topic_0026585112_table44962972" frame="border" border="1" rules="all"><thead align="left"><tr id="en-us_topic_0057845583__en-us_topic_0026585112_row49143529"><th align="left" class="cellrowborder" valign="top" width="22%" id="mcps1.3.4.2.1.1.1.5.1.1"><p id="en-us_topic_0057845583__en-us_topic_0026585112_p21202951">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="19.759999999999998%" id="mcps1.3.4.2.1.1.1.5.1.2"><p id="en-us_topic_0057845583__p1354817920213">Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.060000000000002%" id="mcps1.3.4.2.1.1.1.5.1.3"><p id="en-us_topic_0057845583__en-us_topic_0026585112_p39717481">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40.18%" id="mcps1.3.4.2.1.1.1.5.1.4"><p id="en-us_topic_0057845583__en-us_topic_0026585112_p62999416">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="en-us_topic_0057845583__en-us_topic_0026585112_row2679067"><td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.4.2.1.1.1.5.1.1 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p15677883">X-Subject-Token</p>
</td>
<td class="cellrowborder" valign="top" width="19.759999999999998%" headers="mcps1.3.4.2.1.1.1.5.1.2 "><p id="en-us_topic_0057845583__p954817912217">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18.060000000000002%" headers="mcps1.3.4.2.1.1.1.5.1.3 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p61948991">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.18%" headers="mcps1.3.4.2.1.1.1.5.1.4 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p51812368">Obtained token.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="en-us_topic_0057845583__le6d8886820e2488abb03d3baa7fb5ee4">Token format description
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0057845583__t9aa18688b0f44302a45f87a865a4f9d7" frame="border" border="1" rules="all"><thead align="left"><tr id="en-us_topic_0057845583__r4495c7bbf2c14d50a55a4ac402e189ca"><th align="left" class="cellrowborder" valign="top" width="22.06220622062206%" id="mcps1.3.4.2.2.1.1.5.1.1"><p id="en-us_topic_0057845583__a604782cae932448db4a5fe6032c0703e">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20.01200120012001%" id="mcps1.3.4.2.2.1.1.5.1.2"><p id="en-us_topic_0057845583__a6175c8a318d24e39837027e182baaed9">Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.711771177117715%" id="mcps1.3.4.2.2.1.1.5.1.3"><p id="en-us_topic_0057845583__a8ed9dc140ab940ae83066efac4a62450">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40.21402140214022%" id="mcps1.3.4.2.2.1.1.5.1.4"><p id="en-us_topic_0057845583__a7926893fadf64b0cba9adac5489deefd">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="en-us_topic_0057845583__rcc2f2253b42941d3976e9118b7899178"><td class="cellrowborder" valign="top" width="22.06220622062206%" headers="mcps1.3.4.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__a07a6ef85698e438b842d000b6bcbb235">methods</p>
</td>
<td class="cellrowborder" valign="top" width="20.01200120012001%" headers="mcps1.3.4.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__ab83556a39c894a0983c94c05bbe8a92d">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="17.711771177117715%" headers="mcps1.3.4.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__a558b3430e0444f97a88d96cdc036401e">Json Array</p>
</td>
<td class="cellrowborder" valign="top" width="40.21402140214022%" headers="mcps1.3.4.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__a7b9d6f974d1e4d44890be49309a0382f">Method for obtaining a token.</p>
</td>
</tr>
<tr id="en-us_topic_0057845583__r952955421b3345d29a03350797976bef"><td class="cellrowborder" valign="top" width="22.06220622062206%" headers="mcps1.3.4.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__aec3770aaf9384235aed7d5a3e9b61d34">expires_at</p>
</td>
<td class="cellrowborder" valign="top" width="20.01200120012001%" headers="mcps1.3.4.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__a2d5989348dcc4c34ab87e762205e3e25">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="17.711771177117715%" headers="mcps1.3.4.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__a06df05908d2046d6b318f3dbadcad5fa">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.21402140214022%" headers="mcps1.3.4.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__af0c635100ad74b489f89c886e157e49b">Expiration date of the token.</p>
</td>
</tr>
<tr id="en-us_topic_0057845583__r566af79660784b49a20126aeb8226599"><td class="cellrowborder" valign="top" width="22.06220622062206%" headers="mcps1.3.4.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__a99ee5815381b446bab5b3b871f0cd77f">issued_at</p>
</td>
<td class="cellrowborder" valign="top" width="20.01200120012001%" headers="mcps1.3.4.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__aa7051ea6df594043a3d18cfbdfb49dc8">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="17.711771177117715%" headers="mcps1.3.4.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__af1aa454ebf634d428c9498bb88dd9d45">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.21402140214022%" headers="mcps1.3.4.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p532161155713">Time when the token was issued.</p>
</td>
</tr>
<tr id="en-us_topic_0057845583__row4758268411"><td class="cellrowborder" valign="top" width="22.06220622062206%" headers="mcps1.3.4.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__p14758116249">mfa_authn_at</p>
</td>
<td class="cellrowborder" valign="top" width="20.01200120012001%" headers="mcps1.3.4.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__p27587613412">No</p>
</td>
<td class="cellrowborder" valign="top" width="17.711771177117715%" headers="mcps1.3.4.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__p37581861848">String</p>
</td>
<td class="cellrowborder" valign="top" width="40.21402140214022%" headers="mcps1.3.4.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__p17587611411">MFA authentication time. This field is displayed only when virtual MFAbased login authentication is enabled.</p>
</td>
</tr>
<tr id="en-us_topic_0057845583__r2bdea9cf4b4a40ea89733ee4ff3af64a"><td class="cellrowborder" valign="top" width="22.06220622062206%" headers="mcps1.3.4.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__a313ab3f0623c4e57a9160a072e6a22c9">user</p>
</td>
<td class="cellrowborder" valign="top" width="20.01200120012001%" headers="mcps1.3.4.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__a87695b24819042c8afa89bf8867ebdf5">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="17.711771177117715%" headers="mcps1.3.4.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__a27424032f78a40379dddacb5ab25166d">JSON object</p>
</td>
<td class="cellrowborder" valign="top" width="40.21402140214022%" headers="mcps1.3.4.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__a220a5e088be14830a1e9db57ad7e9d50">Example:</p>
<pre class="screen" id="en-us_topic_0057845583__s94858990e5764505971cc869331632fc">"user": {
"name": "user A",
"id": "b95b78b67fa045b38104...",
"password_expires_at":"2016-11-06T15:32:17.000000",
"domain": {
"name": "domain A",
"id": "fdec73ffea524aa1b373e40..."
}
}</pre>
<ul id="en-us_topic_0057845583__ul10538192315141"><li id="en-us_topic_0057845583__li4538122301415"><strong id="en-us_topic_0057845583__b1364916619591">user.name</strong>: Name of the user that wants to obtain the token.</li><li id="en-us_topic_0057845583__li125381323141418"><strong id="en-us_topic_0057845583__b7680648115912">user.id</strong>: ID of the user.</li><li id="en-us_topic_0057845583__li1553832316144"><strong id="en-us_topic_0057845583__b12342155618598">domain.name</strong>: Name of the domain that created the user.</li><li id="en-us_topic_0057845583__li1953818233140"><strong id="en-us_topic_0057845583__b25431719204">domain.id</strong>: ID of the domain.</li><li id="en-us_topic_0057845583__li953822341417"><strong id="en-us_topic_0057845583__b1275313386016">password_expires_at</strong>: Coordinated Universal Time (UTC) that the password will expire. <span class="parmvalue" id="en-us_topic_0057845583__parmvalue10697194081514"><b>null</b></span> indicates that the password will not expire.</li></ul>
</td>
</tr>
<tr id="en-us_topic_0057845583__rd33372d927214527ac870bb11715c536"><td class="cellrowborder" valign="top" width="22.06220622062206%" headers="mcps1.3.4.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__a66272c967cb547c09f7a7316b4ae754c">domain</p>
</td>
<td class="cellrowborder" valign="top" width="20.01200120012001%" headers="mcps1.3.4.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__a9183943cbe59479691b60e9c95a74a0d">No</p>
</td>
<td class="cellrowborder" valign="top" width="17.711771177117715%" headers="mcps1.3.4.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__a06d0695f36184007ab70f95018c90a92">JSON object</p>
</td>
<td class="cellrowborder" valign="top" width="40.21402140214022%" headers="mcps1.3.4.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__a72f97dddf8204ffb93f87e0d6ae2111f">This parameter is returned only when the <strong id="en-us_topic_0057845583__b206145262512">scope</strong> parameter in the request body has been set to <strong id="en-us_topic_0057845583__b1461511266519">domain</strong>.</p>
<p id="en-us_topic_0057845583__a4a60927497a74911bd2ab640524d9633">Example:</p>
<pre class="screen" id="en-us_topic_0057845583__s6426dc53b2a4457ea51cc7ea9e64f456">"domain": {
"name" : "domain A"
"id" : "fdec73ffea524aa1b373e40..."</pre>
<ul id="en-us_topic_0057845583__ul4940103212141"><li id="en-us_topic_0057845583__li7940143215141"><strong id="en-us_topic_0057845583__b165889173109">domain.name</strong>: Name of the domain that created the user.</li><li id="en-us_topic_0057845583__li6940103261414"><strong id="en-us_topic_0057845583__b67031141141018">domain.id</strong>: ID of the domain.</li></ul>
</td>
</tr>
<tr id="en-us_topic_0057845583__r3a914bf0c52c43e390883648cbe964ff"><td class="cellrowborder" valign="top" width="22.06220622062206%" headers="mcps1.3.4.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__a0e6de929a1ea4db0b88e97acb4287d5e">project</p>
</td>
<td class="cellrowborder" valign="top" width="20.01200120012001%" headers="mcps1.3.4.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__a346f8467c2e24793ab55c120fc37852f">No</p>
</td>
<td class="cellrowborder" valign="top" width="17.711771177117715%" headers="mcps1.3.4.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__af6953054960f4c59903b92961b10b426">JSON object</p>
</td>
<td class="cellrowborder" valign="top" width="40.21402140214022%" headers="mcps1.3.4.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__a41001b564477400f98aef711e86f0197">This parameter is returned only when the <strong id="en-us_topic_0057845583__b1275582720509">scope</strong> parameter in the request body has been set to <strong id="en-us_topic_0057845583__b976052785013">project</strong>.</p>
<p id="en-us_topic_0057845583__a2658c45981e64570b63c49c45cfdfac7">Example:</p>
<pre class="screen" id="en-us_topic_0057845583__s75cd01f2f3df45ada904958dc41f5307">"project": {
"name": "project A",
"id": "34c77f3eaf84c00aaf54...",
"domain": {
"name": "domain A",
"id": "fdec73ffea524aa1b373e40..."
}
}</pre>
<ul id="en-us_topic_0057845583__ul198562416149"><li id="en-us_topic_0057845583__li1985616417141"><strong id="en-us_topic_0057845583__b348834111119">project.name</strong>: Name of a project.</li><li id="en-us_topic_0057845583__li2857841171416"><strong id="en-us_topic_0057845583__b1376491921110">project.id</strong>: ID of the project.</li><li id="en-us_topic_0057845583__li6857164121412"><strong id="en-us_topic_0057845583__b13383123191115">domain.name</strong>: Domain name of the project.</li><li id="en-us_topic_0057845583__li9857144116141"><strong id="en-us_topic_0057845583__b143171418111215">domain.id</strong>: Domain ID of the project.</li></ul>
</td>
</tr>
<tr id="en-us_topic_0057845583__row31009604113628"><td class="cellrowborder" valign="top" width="22.06220622062206%" headers="mcps1.3.4.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__p22717013113628">catalog</p>
</td>
<td class="cellrowborder" valign="top" width="20.01200120012001%" headers="mcps1.3.4.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__p54936595113628">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="17.711771177117715%" headers="mcps1.3.4.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__p46529556113628">Json Array</p>
</td>
<td class="cellrowborder" valign="top" width="40.21402140214022%" headers="mcps1.3.4.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__p45368001113628">Endpoint information.</p>
<p id="en-us_topic_0057845583__p50787600113939">Example:</p>
<pre class="screen" id="en-us_topic_0057845583__screen17568328113914">"catalog": [{
"type": "identity",
"id": "1331e5cff2a74d76b03da1225910e...",
"name": "iam",
"endpoints": [{
"url": "<em id="en-us_topic_0057845583__i142175117316">https://sample.domain.com</em>/v3",
"region": "*",
"region_id": "*",
"interface": "public",
"id": "089d4a381d574308a703122d3ae73..."
}]
}]</pre>
<ul id="en-us_topic_0057845583__ul243124664420"><li id="en-us_topic_0057845583__li114314684416"><strong id="en-us_topic_0057845583__b448017569144">type</strong>: Type of the service which the API belongs to.</li><li id="en-us_topic_0057845583__li159252064510"><strong id="en-us_topic_0057845583__b9629121215162">id</strong>: ID of the service.</li><li id="en-us_topic_0057845583__li127961231114914"><strong id="en-us_topic_0057845583__b433910179168">name</strong>: Name of the service.</li><li id="en-us_topic_0057845583__li14683123154614"><strong id="en-us_topic_0057845583__b21941141620">endpoints</strong>: Endpoints that can be used to call the API.</li><li id="en-us_topic_0057845583__li1380613358453"><strong id="en-us_topic_0057845583__b2160141311715">url</strong>: URL used to call the API.</li><li id="en-us_topic_0057845583__li199891019184719"><strong id="en-us_topic_0057845583__b565712652115">region</strong>: Region in which the service can be accessed.</li><li id="en-us_topic_0057845583__li1717451419506"><strong id="en-us_topic_0057845583__b73317352212">region_id</strong>: ID of the region.</li><li id="en-us_topic_0057845583__li196428513471"><strong id="en-us_topic_0057845583__b4280125332216">interface</strong>: Type of the API. The value <strong id="en-us_topic_0057845583__b6806182019239">public</strong> means that the API is open for access.</li><li id="en-us_topic_0057845583__li1885414118505"><strong id="en-us_topic_0057845583__b1174116495233">id</strong>: ID of the API.</li></ul>
</td>
</tr>
<tr id="en-us_topic_0057845583__r57913d5a1da24c699a412dced6a7b573"><td class="cellrowborder" valign="top" width="22.06220622062206%" headers="mcps1.3.4.2.2.1.1.5.1.1 "><p id="en-us_topic_0057845583__a45bd202186b249bfa8fc87bbcbf05bb9">roles</p>
</td>
<td class="cellrowborder" valign="top" width="20.01200120012001%" headers="mcps1.3.4.2.2.1.1.5.1.2 "><p id="en-us_topic_0057845583__ae5cf82a55c21452aa028ff59e6973404">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="17.711771177117715%" headers="mcps1.3.4.2.2.1.1.5.1.3 "><p id="en-us_topic_0057845583__aa1fb3d35fbda45208e6e58dbbbc00b01">JSON object</p>
</td>
<td class="cellrowborder" valign="top" width="40.21402140214022%" headers="mcps1.3.4.2.2.1.1.5.1.4 "><p id="en-us_topic_0057845583__a18bf24a442094153ab2a8f7391737d06">Permissions information of the token.</p>
<p id="en-us_topic_0057845583__ace14d3d704ae4d41abdcfc9ae99def0f">Example:</p>
<pre class="screen" id="en-us_topic_0057845583__s71b72ebcaad84e58881c80352e028dff">"roles" : [{
"name" : "role1",
"id" : "roleid1"
}, {
"name" : "role2",
"id" : "roleid2"
}
] </pre>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="en-us_topic_0057845583__lf3c28402a2ee4844bc99946ea67bf82d">Example response<div class="p" id="en-us_topic_0057845583__p01640289481"><a name="en-us_topic_0057845583__lf3c28402a2ee4844bc99946ea67bf82d"></a><a name="lf3c28402a2ee4844bc99946ea67bf82d"></a>The following is a sample request for obtaining a token for <strong id="en-us_topic_0057845583__b768692903">user A</strong>. The login password of the user is <strong id="en-us_topic_0057845583__b1111803765">**********</strong> and the domain name is <strong id="en-us_topic_0057845583__b1869074879">domain A</strong>. The scope of the token is <strong id="en-us_topic_0057845583__b972327800">domain</strong>.<pre class="screen" id="en-us_topic_0057845583__screen0241121164815">Token information stored in the response header:
X-Subject-Token:MIIDkgYJKoZIhvcNAQcCoIIDgzCCA38CAQExDTALBglghkgBZQMEAgEwgXXXXX...
Token information stored in the response body:
{
"token" : {
"methods" : ["password"],
"expires_at" : "2015-11-09T01:42:57.527363Z",
"issued_at" : "2015-11-09T00:42:57.527404Z",
"user" : {
"domain" : {
"id" : "ded485def148s4e7d2se41d5se...",
"name" : "domain A"
},
"id" : "ee4dfb6e5540447cb37419051...",
"name" : "user A",
"password_expires_at":"2016-11-06T15:32:17.000000",
},
"domain" : {
"name" : "domain A",
"id" : "dod4ed5e8d4e8d2e8e8d5d2d..."
},
"catalog": [{
"type": "identity",
"id": "1331e5cff2a74d76b03da12259...",
"name": "iam",
"endpoints": [{
"url": "<em id="en-us_topic_0057845583__i10340154237">https://sample.domain.com</em>/v3",
"region": "*",
"region_id": "*",
"interface": "public",
"id": "089d4a381d574308a703122d3a..."
}]
}],
"roles" : [{
"name" : "role1",
"id" : "roleid1"
}, {
"name" : "role2",
"id" : "roleid2"
}
]
}
}</pre>
</div>
<p id="en-us_topic_0057845583__p12906728497">The following is a sample request for obtaining a token when virtual MFAbased login authentication is enabled.</p>
<pre class="screen" id="en-us_topic_0057845583__screen2910740175712">Token information stored in the response header:
X-Subject-Token:MIIDkgYJKoZIhvcNAQcCoIIDgzCCA38CAQExDTALBglghkgBZQMEAgEwgXXXXX...
Token information stored in the response body:
{
"token": {
"expires_at": "2020-09-05T06:50:44.390000Z",
"mfa_authn_at": "2020-09-04T06:50:44.390000Z",
"issued_at": "2020-09-04T06:50:44.390000Z",
"methods": [
"password",
"totp"
],
"catalog": [
{
"endpoints": [
{
"id": "33e1cbdd86d34e89a63cf8ad16a5f...",
"interface": "public",
"region": "*",
"region_id": "*",
"url": "<em id="en-us_topic_0057845583__i15950841634">https://sample.domain.com</em>/v3.0"
}
],
"id": "100a6a3477f1495286579b819d399...",
"name": "iam",
"type": "iam"
},
],
"domain": {
"id": "e6505630658e49649784759cdf251...",
"name": "domain A"
},
"roles": [
{
"name" : "role1",
"id" : "roleid1"
},{
"name" : "role1",
"id" : "roleid1"
}
],
"user": {
"domain": {
"id": "e6505630658e49649784759cdf251...",
"name": "domain A"
},
"id": "092ac6365a0025b11f76c01e90100...",
"name": "user A",
"password_expires_at": ""
}
}
}</pre>
</li></ul>
</div>
<div class="section" id="en-us_topic_0057845583__sbfe93ca4c2b9427dbb2218a4e72da6a8"><h4 class="sectiontitle">Status Codes</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0057845583__en-us_topic_0026585112_table34550710" frame="border" border="1" rules="all"><thead align="left"><tr id="en-us_topic_0057845583__en-us_topic_0026585112_row8352109"><th align="left" class="cellrowborder" valign="top" width="27.52%" id="mcps1.3.5.2.1.3.1.1"><p id="en-us_topic_0057845583__en-us_topic_0026585112_p5432205">Status Code</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="72.48%" id="mcps1.3.5.2.1.3.1.2"><p id="en-us_topic_0057845583__en-us_topic_0026585112_p37355470">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="en-us_topic_0057845583__en-us_topic_0026585112_row5894231"><td class="cellrowborder" valign="top" width="27.52%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p7670737">201</p>
</td>
<td class="cellrowborder" valign="top" width="72.48%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p17349988">The request is successful.</p>
</td>
</tr>
<tr id="en-us_topic_0057845583__en-us_topic_0026585112_row21932166"><td class="cellrowborder" valign="top" width="27.52%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p31674992">400</p>
</td>
<td class="cellrowborder" valign="top" width="72.48%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p15537542">The server failed to process the request.</p>
</td>
</tr>
<tr id="en-us_topic_0057845583__r22bf632ff3984ffbaa2734a029063cfb"><td class="cellrowborder" valign="top" width="27.52%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p947606916650">401</p>
</td>
<td class="cellrowborder" valign="top" width="72.48%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845583__a3a62e2f9d6c84b4083dfb8b2ade8e14c">Authentication failed.</p>
</td>
</tr>
<tr id="en-us_topic_0057845583__r41d0d854619349f898c16f7c61792083"><td class="cellrowborder" valign="top" width="27.52%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p762821816657">403</p>
</td>
<td class="cellrowborder" valign="top" width="72.48%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845583__a0261fc1955104ca3b1f0a46388724624">Access denied.</p>
</td>
</tr>
<tr id="en-us_topic_0057845583__rea66e1a745ee4e0882be6b9f5349ac4d"><td class="cellrowborder" valign="top" width="27.52%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p486971841676">404</p>
</td>
<td class="cellrowborder" valign="top" width="72.48%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p521578261676">The requested resource cannot be found.</p>
</td>
</tr>
<tr id="en-us_topic_0057845583__r230ba1b5ddec4cd0a41a5c37806e60f5"><td class="cellrowborder" valign="top" width="27.52%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845583__af8f4513c90d344e3b90952b53e3ee015">500</p>
</td>
<td class="cellrowborder" valign="top" width="72.48%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845583__a19c27fd6b377464898ec6cae5778ec80">Internal server error. The format may be incorrect.</p>
</td>
</tr>
<tr id="en-us_topic_0057845583__en-us_topic_0026585112_row6824316711"><td class="cellrowborder" valign="top" width="27.52%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845583__en-us_topic_0026585112_p61418816711">503</p>
</td>
<td class="cellrowborder" valign="top" width="72.48%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845583__a4bc003bda05e465eb3a3f0f989888213">Service unavailable.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0057845626.html">Token Management</a></div>
</div>
</div>
View Git Blame Copy Permalink