youjiageng1/doc-exports
1
0
Fork 0
forked from laiweijian4/doc-exports
Code Pull Requests Activity
doc-exports/docs/dis/api-ref/dis_02_0517.html
gtema 6bc123a554 Reimplementation of docs/doc-exports#263 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: gtema <artem.goncharov@gmail.com>
Co-committed-by: gtema <artem.goncharov@gmail.com>
2022-11-11 12:03:08 +00:00

63 lines
9.8 KiB
HTML
Raw Blame History

<a name="dis_02_0517"></a><a name="dis_02_0517"></a>
<h1 class="topictitle1">Authentication</h1>
<div id="body8662426"><div class="p" id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_p26613555143846">Requests for calling an API can be authenticated using either of the following methods:<ul id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_ul38195410143846"><li id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_li8214375143846">Token-based authentication: Requests are authenticated using a token.</li><li id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_li61384639143846">AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK pair. AK/SK-based authentication is recommended because it is more secure than token-based authentication.</li></ul>
</div>
<div class="section" id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_section2417768214391"><a name="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_section2417768214391"></a><a name="en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_section2417768214391"></a><h4 class="sectiontitle">Token-based Authentication</h4><div class="note" id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_note133321911123"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_p1254514271026">The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.</p>
</div></div>
<p id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_p18703477214">A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to a request to get permissions for calling the API.</p>
<p id="dis_02_0517__en-us_topic_0183235768_p587418197597">When calling the API to obtain a user token, you must set <strong id="dis_02_0517__en-us_topic_0183235768_b2812192612464">auth.scope</strong> in the request body to <strong id="dis_02_0517__en-us_topic_0183235768_b148128265461">project</strong>.</p>
<pre class="screen" id="dis_02_0517__en-us_topic_0183235768_screen1891571453115">{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "<em id="dis_02_0517__en-us_topic_0183235768_i1274635725119"><strong id="dis_02_0517__en-us_topic_0183235768_b841820569516">username</strong></em>",
"password": "<em id="dis_02_0517__en-us_topic_0183235768_i144512185214"><strong id="dis_02_0517__en-us_topic_0183235768_b283550105213">********</strong></em>",
"domain": {
"name": "<em id="dis_02_0517__en-us_topic_0183235768_i1220191035315"><strong id="dis_02_0517__en-us_topic_0183235768_b186363916535">domainname</strong></em>"
}
}
}
},
"scope": {
"project": {
"id": "<em id="dis_02_0517__en-us_topic_0183235768_i12245175475720"><strong id="dis_02_0517__en-us_topic_0183235768_b985218522578">xxxxxxxxxxxxxxxxxx</strong></em>"
}
}
}
}</pre>
<p id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_p9691122114266">After a token is obtained, the X-Auth-Token header field must be added to requests to specify the token when calling other APIs, for example, the API used to query a connection list. For example, if the token is <span class="parmvalue" id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_parmvalue986910577527"><b>ABCDEFJ....</b></span>, <span class="parmvalue" id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_parmvalue158694579527"><b>X-Auth-Token: ABCDEFJ....</b></span> can be added to a request as follows:</p>
<pre class="screen" id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_screen11189101154015">
GET https://{{endpoint}}/v1/{project_id}/connections
Content-Type: application/json
<strong id="dis_02_0517__en-us_topic_0183235768_b68753263013">X-Auth-Token: ABCDEFJ....</strong></pre>
</div>
<div class="section" id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_section5887143815518"><h4 class="sectiontitle">AK/SK-based Authentication</h4><div class="note" id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_note26801820183918"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_p12680102053918">AK/SK-based authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token-based authentication is recommended.</p>
</div></div>
<p id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_p171211559122516">In AK/SK-based authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.</p>
<ul id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_ul9783543561"><li id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_li8787541560">AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.</li><li id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_li47917548569">SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.</li></ul>
<div class="p" id="dis_02_0517__en-us_topic_0183235768_p576822119389">To obtain an access key, perform the following steps:<ol id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_en-us_topic_0183643042_ol535183018588"><li id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_en-us_topic_0183643042_li1535103025819">Log in to the management console, move the cursor to the username in the upper right corner, and select <strong id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_b1710114073118">My Credentials</strong> from the drop-down list.</li><li id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_en-us_topic_0183643042_li173533018584">On the <strong id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_b149721128172418">My Credentials</strong> page, choose <strong id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_b15803656132414">Access Keys</strong>, and click <strong id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_b2452152020258">Create Access Key</strong>. See <a href="#dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_en-us_topic_0183643042_fig1552229194615">Figure 1</a>.<div class="fignone" id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_en-us_topic_0183643042_fig1552229194615"><a name="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_en-us_topic_0183643042_fig1552229194615"></a><a name="en-us_topic_0183235768_en-us_topic_0000001129241845_en-us_topic_0183643042_fig1552229194615"></a><span class="figcap"><b>Figure 1 </b>Clicking Create Access Key</span><br><span><img id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_image20389043111611" src="en-us_image_0000001135802808.png" title="Click to enlarge" class="imgResize"></span></div>
</li><li id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_en-us_topic_0183643042_li1535530185815">Click <strong id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_b8340319122819">OK</strong> and save the access key file as prompted. The access key file will be saved to your browser's configured download location. Open the <strong id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_b1940852512813">credentials.csv</strong> file to view <strong id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_b191574128718">Access Key Id</strong> and <strong id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_b175769149718">Secret Access Key</strong>.</li></ol>
</div>
<div class="p" id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_p1866949103516">In AK/SK-based authentication, you can use an AK/SK to sign requests based on the signature algorithm or use the signing SDK to sign requests. <div class="notice" id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_note13908111122113"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_p11657124333720">The signing SDKs are only used for signing requests and different from the SDKs provided by services.</p>
</div></div>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dis_02_0516.html">Calling APIs</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink