vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/iam/api-ref/iam_02_0510.html
Wei, Hongmin 80f18fd272 IAM API 2.6 Version 
Reviewed-by: Kabai, Zoltán Gábor <zoltan-gabor.kabai@t-systems.com>
Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com>
Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
2023-08-03 03:34:59 +00:00

53 lines
4.6 KiB
HTML
Raw Blame History

<a name="iam_02_0510"></a><a name="iam_02_0510"></a>
<h1 class="topictitle1">Authentication</h1>
<div id="body1602512924297"><p id="iam_02_0510__p26613555143846">Requests for calling an API can be authenticated using either of the following methods:</p>
<ul id="iam_02_0510__ul38195410143846"><li id="iam_02_0510__li8214375143846">Token-based authentication: Requests are authenticated using a token.</li><li id="iam_02_0510__li61384639143846">AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK pair.</li></ul>
<div class="section" id="iam_02_0510__section2417768214391"><h4 class="sectiontitle">Token-based Authentication</h4><div class="note" id="iam_02_0510__note133321911123"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_02_0510__p1254514271026">The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.</p>
</div></div>
<p id="iam_02_0510__p18703477214">A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to request headers to get permissions for calling the API.</p>
<p id="iam_02_0510__p15319174104917">You can obtain a token by calling the API described in <a href="en-us_topic_0057845583.html">Obtaining a User Token</a>. IAM APIs can be called only by using a global service token. To call the API described in <a href="en-us_topic_0057845583.html">Obtaining a User Token</a>, set <strong id="iam_02_0510__b516512161512">auth.scope</strong> to <strong id="iam_02_0510__b4165201131517">domain</strong> in the request body as follows:</p>
<pre class="screen" id="iam_02_0510__screen1131913419490">{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"domain": {
"name": "IAMDomain"
},
"name": "IAMUser",
"password": "IAMPassword"
}
}
},
"scope": {
"domain": {
"name": "IAMDomain"
}
}
}
}</pre>
<p id="iam_02_0510__p9691122114266">After a token is obtained, the <span class="parmname" id="iam_02_0510__parmname995014426158"><b>X-Auth-Token</b></span> header field must be added to requests to specify the token when calling other APIs. For example, if the token is <span class="parmvalue" id="iam_02_0510__parmvalue123214589152"><b>ABCDEFJ....</b></span>, <span class="parmvalue" id="iam_02_0510__parmvalue83275818159"><b>X-Auth-Token: ABCDEFJ....</b></span> can be added to a request as follows:</p>
<pre class="screen" id="iam_02_0510__screen11189101154015">
POST https://www.example.com/v3/auth/tokens</pre>
</div>
<div class="section" id="iam_02_0510__section9211058144012"><h4 class="sectiontitle">AK/SK-based Authentication</h4><div class="note" id="iam_02_0510__note26801820183918"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_02_0510__p12680102053918">AK/SK-based authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token-based authentication is recommended.</p>
</div></div>
<p id="iam_02_0510__p171211559122516">In AK/SK-based authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.</p>
<ul id="iam_02_0510__ul9783543561"><li id="iam_02_0510__li8787541560">AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.</li><li id="iam_02_0510__li47917548569">SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.</li></ul>
<div class="p" id="iam_02_0510__p1866949103516">In AK/SK-based authentication, you can use an AK/SK pair to sign requests based on the signature algorithm or use the signing SDK to sign requests. <div class="notice" id="iam_02_0510__note13908111122113"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="iam_02_0510__p11657124333720">The signing SDK is only used for signing requests and is different from the SDKs provided by services.</p>
</div></div>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="iam_02_0000.html">Calling APIs</a></div>
</div>
</div>
View Git Blame Copy Permalink