vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/apiu/guidelines/apig-en-api-180328003.html
Chen, Junjie 97b6825626 APIU Guidelines 20240812 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Chen, Junjie <chenjunjie@huawei.com>
Co-committed-by: Chen, Junjie <chenjunjie@huawei.com>
2024-08-13 10:31:24 +00:00

80 lines
7.4 KiB
HTML
Raw Blame History

<a name="apig-en-api-180328003"></a><a name="apig-en-api-180328003"></a>
<h1 class="topictitle1">Token Authentication</h1>
<div id="body1537441075328"><div class="section" id="apig-en-api-180328003__section5608799912249"><h4 class="sectiontitle">Application Scenarios</h4><p id="apig-en-api-180328003__p4683410312249">If API requests are authenticated using tokens, the request header must contain <strong id="apig-en-api-180328003__b842352706161232">X-Auth-Token</strong> (token information).</p>
<p id="apig-en-api-180328003__p1885374512249">This section describes how to call an API for token authentication.</p>
</div>
<div class="section" id="apig-en-api-180328003__section3546598312249"><h4 class="sectiontitle">Procedure</h4><ol id="apig-en-api-180328003__ol5417235112249"><li id="apig-en-api-180328003__li7201450105021">Send <strong id="apig-en-api-180328003__b034312224917">POST https://</strong><em id="apig-en-api-180328003__i20265928093">IAM endpoint</em><strong id="apig-en-api-180328003__b1356462520912">/v3/auth/tokens</strong> to obtain the IAM endpoint and the region name in the message body.<p id="apig-en-api-180328003__p29157503105024">See <a href="https://docs.otc.t-systems.com/regions-and-endpoints/index.html" target="_blank" rel="noopener noreferrer">Regions and Endpoints</a>.</p>
<p id="apig-en-api-180328003__p126473211266"></p>
<p id="apig-en-api-180328003__p066712334263">A cloud service can be deployed globally or at the project level.</p>
<ul id="apig-en-api-180328003__ul11667123332614"><li id="apig-en-api-180328003__li17667173382616">A project-level service requires a project-level token. When you call the API, set <strong id="apig-en-api-180328003__b18431516468">auth.scope</strong> in the request body to <strong id="apig-en-api-180328003__b5845158464">project</strong>. The following services are at the project level: AOM, APIG, AS, BMS, CBR, CCE, Cloud Eye, CSBS, CSS, CTS, DataArts Studio, DC, DCS, DDS, Dedicated WAF, DeH, DIS, DLI, DMS, DNS, DRS, DWS, ECS, EIP, ELB, EVS, GaussDB (for MySQL), GaussDB NoSQL, IMS, KMS, LTS, ModelArts, MRS, NAT, PLAS, RDS, RTS, SDRS, SFS, SMN, SWR, VBS, VPC, VPCEP, VPN, and WAF.</li><li id="apig-en-api-180328003__li7667233182615">A global service requires a global token. When you call the API, set <strong id="apig-en-api-180328003__b16642105915485">auth.scope</strong> in the request body to <strong id="apig-en-api-180328003__b364265915485">domain</strong>. The following services are global ones: Anti-DDoS, IAM, OBS, TMS, and TMS.</li></ul>
<div class="p" id="apig-en-api-180328003__p4434491412249">The following shows an example of a project-level service request:<div class="note" id="apig-en-api-180328003__note6355990812249"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="apig-en-api-180328003__p3516826412249">Replace the texts in italic with actual ones. For details, see <em id="apig-en-api-180328003__i842352697155127">Identity and Access Management API Reference</em>.</p>
<p id="apig-en-api-180328003__p1770474713271">Log in to the management console, click your username in the upper right corner, and choose <strong id="apig-en-api-180328003__b1424175514817">My Credential</strong> from the drop-down list. On the <strong id="apig-en-api-180328003__b362886114912">My Credentials</strong> page, obtain your username, domain name, and project ID.</p>
</div></div>
<pre class="screen" id="apig-en-api-180328003__screen18966866105917">{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "<em id="apig-en-api-180328003__i3005717212249"><strong id="apig-en-api-180328003__b34061845415">username</strong></em>", // IAM username
"password": "<em id="apig-en-api-180328003__i207909212249"><strong id="apig-en-api-180328003__b626512207546">password</strong></em>", // IAM user password
"domain": {
"name": "<em id="apig-en-api-180328003__i1871183512249"><strong id="apig-en-api-180328003__b7805102111542">domainname</strong></em>" // Name of the domain to which the IAM user belongs
}
}
}
},
"scope": {
"<strong id="apig-en-api-180328003__b563015402144">project</strong>": {
"id": "<strong id="apig-en-api-180328003__b4301132835416"><em id="apig-en-api-180328003__i1191627165415">0215ef11e49d4743be23dd97a1561e91</em></strong>" // Project ID
}
}
}
}</pre>
</div>
<p id="apig-en-api-180328003__p1847182114579">The following shows an example of a global service request:</p>
<pre class="screen" id="apig-en-api-180328003__screen184324210584">{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "<em id="apig-en-api-180328003__i1589423111011"><strong id="apig-en-api-180328003__b1589423112012">username</strong></em>", // IAM username
"password": "<em id="apig-en-api-180328003__i7932938307"><strong id="apig-en-api-180328003__b149328381909">password</strong></em>", // IAM user password
"domain": {
"name": "<em id="apig-en-api-180328003__i34335451306"><strong id="apig-en-api-180328003__b343319451304">domainname</strong></em>" // Name of the domain to which the IAM user belongs
}
}
}
},
"scope": {
"<strong id="apig-en-api-180328003__b191917362143">domain</strong>": {
"name": "<em id="apig-en-api-180328003__i13403382119"><strong id="apig-en-api-180328003__b74031884120">domainname</strong></em>" // Name of the domain to which the IAM user belongs
}
}
}
}</pre>
</li><li id="apig-en-api-180328003__li2615608112249"><a name="apig-en-api-180328003__li2615608112249"></a><a name="li2615608112249"></a>Obtain the token. For details, see section "Obtaining the User Token" in the <em id="apig-en-api-180328003__i9409102014312">Identity and Access Management API Reference</em>. If the request is successful, the value of the X-Subject-Token header in the response is the token.<p id="apig-en-api-180328003__p183451053025">The following figures illustrate how to use Postman to manually obtain a token.</p>
<div class="fignone" id="apig-en-api-180328003__fig423411369101"><span class="figcap"><b>Figure 1 </b>Example request</span><br><span><img id="apig-en-api-180328003__image1460602112316" src="en-us_image_0139098594.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="fignone" id="apig-en-api-180328003__fig1097673441212"><span class="figcap"><b>Figure 2 </b>Obtain <strong id="apig-en-api-180328003__b89061138185418">X-Subject-Token</strong> from the header of the response message.</span><br><span><img id="apig-en-api-180328003__image10464847153010" src="en-us_image_0139099203.png" title="Click to enlarge" class="imgResize"></span></div>
</li><li id="apig-en-api-180328003__li3407814412249">Call a service API, add the <strong id="apig-en-api-180328003__b208194011610">X-Auth-Token</strong> header with the token obtained in <a href="#apig-en-api-180328003__li2615608112249">2</a>.</li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="apig-en-api-180925010.html">Calling APIs</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink