| Verb | URI | Description |
|---|---|---|
| POST | v2.0/tokens | Authenticate to generate a token. |
Normal Response Code(s): 200, 203
Error Response Code(s): identityFault (400, 500, …), userDisabled (403), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
This call will return a token if successful. Each ReST request against other services (or other calls on Keystone such as the GET /tenants call) requires the inclusion of a specific authorization token HTTP x-header, defined as X-Auth-Token. Clients obtain this token, along with the URL to other service APIs, by first authenticating against the Keystone Service and supplying valid credentials.
Client authentication is provided via a ReST interface using the POST method, with v2.0/tokens supplied as the path. A payload of credentials must be included in the body.
The Keystone Service is a ReSTful web service. It is the entry point to all service APIs. To access the Keystone Service, you must know URL of the Keystone service.
Example 3.1. Authenticate for Service API Request: XML
<?xml version="1.0" encoding="UTF-8"?> <auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.openstack.org/identity/api/v2.0" tenantId="1234"> <passwordCredentials username="test_user" password="test"/> </auth>
Example 3.2. Authenticate for Service API Request: JSON
{
"auth":{
"passwordCredentials":{
"username":"test_user",
"password":"mypass"
},
"tenantId":"1234"
}
}Example 3.3. Authenticate for Service API Response: XML
<?xml version="1.0" encoding="UTF-8"?>
<access xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://docs.openstack.org/identity/api/v2.0">
<token expires="2010-11-01T03:32:15-05:00"
id="ab48a9efdfedb23ty3494"/>
<user id="testId" name="test">
<roles>
<role id="123" name="compute:admin"/>
<role id="234" name="object-store:admin" tenantId="1"/>
</roles>
</user>
<serviceCatalog>
<service type="compute" name="Computers in the Cloud">
<endpoint
tenantId="3456"
region="North"
publicURL="https://north.compute.public.com/v2.0/1234"
internalURL="https://north.compute.internal.com/v2.0/1234">
<version
id="2.0"
info="https://north.compute.public.com/v2.0/"
list="https://north.compute.public.com/"
tenantId="1"/>
</endpoint>
<endpoint
tenantId="3456"
region="South"
publicURL="https://south.compute.public.com/v2.0/3456"
internalURL="https://south.compute.internal.com/v2.0/3456">
<version
id="2.0"
info="https://south.compute.public.com/v2.0/"
list="https://south.compute.public.com/" />
</endpoint>
</service>
<service type="object-store" name="HTTP Object Store">
<endpoint
tenantId="3456"
region="North"
publicURL="https://north.object-store.public.com/v1/1234"
internalURL="https://north.object-store.internal.com/v1/1234">
<version
id="1"
info="https://north.object-store.public.com/v1/"
list="https://north.object-store.public.com/" />
</endpoint>
<endpoint
tenantId="3456"
region="South"
publicURL="https://south.object-store.public.com/v2.0/3456"
internalURL="https://south.object-store.internal.com/v2.0/3456">
<version
id="2.0"
info="https://south.object-store.public.com/v1/"
list="https://south.object-store.public.com/" />
</endpoint>
</service>
<service type="dnsextension:dns" name="DNS-as-a-Service">
<endpoint
tenantId="3456"
publicURL="https://dns.public.com/v2.0/blah-blah">
<version
id="2.0"
info="https://dns.public.com/v2.0/"
list="https://dns.public.com/" />
</endpoint>
</service>
</serviceCatalog>
</access>
Example 3.4. Authenticate for Service API Response: JSON
{
"access":{
"token":{
"id":"asdasdasd-adsasdads-asdasdasd-adsadsasd",
"expires":"2010-11-01T03:32:15-05:00"
},
"user":{
"id":"123",
"name":"testName",
"roles":[{
"id":"234",
"name":"compute:admin"
},
{
"id":"235",
"name":"object-store:admin",
"tenantId":"1"
}
],
"roles_links":[]
},
"serviceCatalog":[{
"name":"Cloud Servers",
"type":"compute",
"endpoints":[{
"tenantId":"1",
"publicURL":"https://compute.north.host/v1/1234",
"internalURL":"https://compute.north.host/v1/1234",
"region":"North",
"versionId":"1.0",
"versionInfo":"https://compute.north.host/v1.0/",
"versionList":"https://compute.north.host/"
},
{
"tenantId":"2",
"publicURL":"https://compute.north.host/v1.1/3456",
"internalURL":"https://compute.north.host/v1.1/3456",
"region":"North",
"versionId":"1.1",
"versionInfo":"https://compute.north.host/v1.1/",
"versionList":"https://compute.north.host/"
}
],
"endpoints_links":[]
},
{
"name":"Cloud Files",
"type":"object-store",
"endpoints":[{
"tenantId":"11",
"publicURL":"https://compute.north.host/v1/blah-blah",
"internalURL":"https://compute.north.host/v1/blah-blah",
"region":"South",
"versionId":"1.0",
"versionInfo":"uri",
"versionList":"uri"
},
{
"tenantId":"2",
"publicURL":"https://compute.north.host/v1.1/blah-blah",
"internalURL":"https://compute.north.host/v1.1/blah-blah",
"region":"South",
"versionId":"1.1",
"versionInfo":"https://compute.north.host/v1.1/",
"versionList":"https://compute.north.host/"
}
],
"endpoints_links":[{
"rel":"next",
"href":"https://identity.north.host/v2.0/endpoints?marker=2"
}
]
}
],
"serviceCatalog_links":[{
"rel":"next",
"href":"https://identity.host/v2.0/endpoints?session=2hfh8Ar&marker=2"
}
]
}
}
