DRAFT -  DRAFT -  DRAFT -  DRAFT -  DRAFT -  DRAFT -  DRAFT -  DRAFT - 

 3.1.1.1. Authenticate for Service API

VerbURIDescription
POSTv2.0/tokens Authenticate to generate a token.

Normal Response Code(s): 200, 203

Error Response Code(s): identityFault (400, 500, ), userDisabled (403), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

This call will return a token if successful. Each ReST request against other services (or other calls on Keystone such as the GET /tenants call) requires the inclusion of a specific authorization token HTTP x-header, defined as X-Auth-Token. Clients obtain this token, along with the URL to other service APIs, by first authenticating against the Keystone Service and supplying valid credentials.

Client authentication is provided via a ReST interface using the POST method, with v2.0/tokens supplied as the path. A payload of credentials must be included in the body.

The Keystone Service is a ReSTful web service. It is the entry point to all service APIs. To access the Keystone Service, you must know URL of the Keystone service.

 

Example 3.1. Authenticate for Service API Request: XML

<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns="http://docs.openstack.org/identity/api/v2.0"
 tenantName="customer-x">
  <passwordCredentials username="test_user" password="test"/>
</auth>

 

Example 3.2. Authenticate for Service API Request: XML

<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns="http://docs.openstack.org/identity/api/v2.0"
 tenantName="customer-x">
  <token id="abcdefghijk" />
</auth>


 

Example 3.3. Authenticate for Service API Request: JSON

{
    "auth":{
        "passwordCredentials":{
            "username":"test_user",
            "password":"mypass"
        },
        "tenantName":"customer-x"
    }
}

 

Example 3.4. Authenticate for Service API Request: JSON

{
    "auth": {
        "tenantName": "customer-x",
        "token": {
            "id": "abcdefghijk"
        }
    }
}

 

Example 3.5. Authenticate for Service API Response: XML

<?xml version="1.0" encoding="UTF-8"?>
<access xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://docs.openstack.org/identity/api/v2.0">
    <token id="ab48a9efdfedb23ty3494" expires="2010-11-01T03:32:15-05:00">
        <tenant id="t1000" name="My Project" />
    </token>
    <user id="u123" name="jqsmith">
        <roles>
            <role id="100" name="compute:admin"/>
            <role id="101" name="object-store:admin" tenantId="t1000"/>
        </roles>
    </user>
    <serviceCatalog>
        <service type="compute" name="Cloud Servers">
            <endpoint
        tenantId="t1000"
                region="North"
                publicURL="https://compute.north.host.com/v1/t1000"
                internalURL="https://compute.north.host.internal/v1/t1000">
                <version
                id="1"
                info="https://compute.north.host.com/v1/"
                list="https://compute.north.host.com/"
                />
            </endpoint>
            <endpoint
        tenantId="t1000"
                region="North"
                publicURL="https://compute.north.host.com/v1.1/t1000"
                internalURL="https://compute.north.host.internal/v1.1/t1000">
                <version
                id="1.1"
                info="https://compute.north.host.com/v1.1/"
                list="https://compute.north.host.com/" />
            </endpoint>
        </service>
        <service type="object-store" name="Cloud Files">
            <endpoint
        tenantId="t1000"
                region="North"
                publicURL="https://storage.north.host.com/v1/t1000"
                internalURL="https://storage.north.host.internal/v1/t1000">
                <version
                id="1"
                info="https://storage.north.host.com/v1/"
                list="https://storage.north.host.com/" />
            </endpoint>
            <endpoint
        tenantId="t1000"
                region="South"
                publicURL="https://storage.south.host.com/v1/t1000"
                internalURL="https://storage.south.host.internal/v1/t1000">
                <version
                id="1"
                info="https://storage.south.host.com/v1/"
                list="https://storage.south.host.com/" />
            </endpoint>
        </service>
        <service type="dnsextension:dns" name="DNS-as-a-Service">
            <endpoint
        tenantId="t1000"
                publicURL="https://dns.host.com/v2.0/t1000">
                <version
                id="2.0"
                info="https://dns.host.com/v2.0/"
                list="https://dns.host.com/" />
            </endpoint>
        </service>
    </serviceCatalog>
</access>

 

Example 3.6. Authenticate for Service API Response: JSON

{
    "access":{
        "token":{
            "id": "ab48a9efdfedb23ty3494",
            "expires": "2010-11-01T03:32:15-05:00",
            "tenant":{
                "id": "t1000",
                "name": "My Project"
            }
        },
        "user":{
            "id": "u123",
            "name": "jqsmith",
            "roles":[{
                    "id": "100",
                    "name": "compute:admin"
                },
                {
                    "id": "101",
                    "name": "object-store:admin",
                    "tenantId": "t1000"
                }
            ],
            "roles_links":[]
        },
        "serviceCatalog":[{
                "name": "Cloud Servers",
                "type": "compute",
                "endpoints":[{
                        "tenantId": "t1000",
                        "publicURL": "https://compute.north.host.com/v1/t1000",
                        "internalURL": "https://compute.north.internal/v1/t1000",
                        "region": "North",
                        "versionId": "1",
                        "versionInfo": "https://compute.north.host.com/v1/",
                        "versionList": "https://compute.north.host.com/"
                    },
                    {
                        "tenantId": "t1000",
                        "publicURL": "https://compute.north.host.com/v1.1/t1000",
                        "internalURL": "https://compute.north.internal/v1.1/t1000",
                        "region": "North",
                        "versionId": "1.1",
                        "versionInfo": "https://compute.north.host.com/v1.1/",
                        "versionList": "https://compute.north.host.com/"
                    }
                ],
                "endpoints_links":[]
            },
            {
                "name": "Cloud Files",
                "type": "object-store",
                "endpoints":[{
                        "tenantId": "t1000",
                        "publicURL": "https://storage.north.host.com/v1/t1000",
                        "internalURL": "https://storage.north.internal/v1/t1000",
                        "region": "North",
                        "versionId": "1",
                        "versionInfo": "https://storage.north.host.com/v1/",
                        "versionList": "https://storage.north.host.com/"
                    },
                    {
                        "tenantId": "t1000",
                        "publicURL": "https://storage.south.host.com/v1/t1000",
                        "internalURL": "https://storage.south.internal/v1/t1000",
                        "region": "South",
                        "versionId": "1",
                        "versionInfo": "https://storage.south.host.com/v1/",
                        "versionList": "https://storage.south.host.com/"
                    }
                ]
            },
            {
                "name": "DNS-as-a-Service",
                "type": "dnsextension:dns",
                "endpoints":[{
                        "tenantId": "t1000",
                        "publicURL": "https://dns.host.com/v2.0/t1000",
                        "versionId": "2.0",
                        "versionInfo": "https://dns.host.com/v2.0/",
                        "versionList": "https://dns.host.com/"
                    }
                ]
            }
        ]
    }
}