vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/ims/api-ref/en-us_topic_0121671869.html
guoyanyan 4e812dec9e ims_api_0209 
Reviewed-by: Muller, Martin <martin.muller@t-systems.com>
Co-authored-by: guoyanyan <guoyanyan3@huawei.com>
Co-committed-by: guoyanyan <guoyanyan3@huawei.com>
2023-02-28 10:54:22 +00:00

60 lines
7.2 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0121671869"></a><a name="EN-US_TOPIC_0121671869"></a>
<h1 class="topictitle1">Authentication</h1>
<div id="body1531451523290"><div class="p" id="EN-US_TOPIC_0121671869__p26613555143846">Requests for calling an API can be authenticated using either of the following methods:<ul id="EN-US_TOPIC_0121671869__ul38195410143846"><li id="EN-US_TOPIC_0121671869__li8214375143846">Token authentication: Requests are authenticated using tokens.</li><li id="EN-US_TOPIC_0121671869__li61384639143846">AK/SK authentication: Requests are encrypted using AK/SK pairs. AK/SK authentication is recommended because it is more secure than token authentication.</li></ul>
</div>
<div class="section" id="EN-US_TOPIC_0121671869__section2417768214391"><h4 class="sectiontitle">Token Authentication</h4><div class="note" id="EN-US_TOPIC_0121671869__note133321911123"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0121671869__p1254514271026">The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.</p>
</div></div>
<p id="EN-US_TOPIC_0121671869__p24084172174">A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to requests to get permissions for calling the API. You can obtain a token by calling the <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0057845583.html" target="_blank" rel="noopener noreferrer">Obtaining User Token</a> API.</p>
<div class="p" id="EN-US_TOPIC_0121671869__p1478102521719">A cloud service can be deployed as either a project-level service or global service.<ul id="EN-US_TOPIC_0121671869__ul1142883320175"><li id="EN-US_TOPIC_0121671869__li14281733181719">For a project-level service, you need to obtain a project-level token. When you call the API, set <strong id="EN-US_TOPIC_0121671869__b16234131819310">auth.scope</strong> in the request body to <strong id="EN-US_TOPIC_0121671869__b11354326153117">project</strong>.</li><li id="EN-US_TOPIC_0121671869__li1942814333179">For a global service, you need to obtain a global token. When you call the API, set <strong id="EN-US_TOPIC_0121671869__b1690782318467">auth.scope</strong> in the request body to <strong id="EN-US_TOPIC_0121671869__b16907132334618">domain</strong>.</li></ul>
</div>
<p id="EN-US_TOPIC_0121671869__p18703477214">IMS is a project-level service. When you call the API, set <strong id="EN-US_TOPIC_0121671869__b1442622113014">auth.scope</strong> in the request body to <strong id="EN-US_TOPIC_0121671869__b9433321123019">project</strong>.</p>
<pre class="screen" id="EN-US_TOPIC_0121671869__screen1830175615316">{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "<em id="EN-US_TOPIC_0121671869__i315217719194"><strong id="EN-US_TOPIC_0121671869__b14500116161919">username</strong></em>",
"password": "<strong id="EN-US_TOPIC_0121671869__b2559181251918"><em id="EN-US_TOPIC_0121671869__i12803128192">********</em></strong>",
"domain": {
"name": "<em id="EN-US_TOPIC_0121671869__i1560271681911"><strong id="EN-US_TOPIC_0121671869__b17173191614194">domainname</strong></em>"
}
}
}
},
<strong id="EN-US_TOPIC_0121671869__b28781733191612">"scope": {</strong>
<strong id="EN-US_TOPIC_0121671869__b18664134414161">"project": {</strong>
<strong id="EN-US_TOPIC_0121671869__b145484513165">"name": "<em id="EN-US_TOPIC_0121671869__i4548165119166">xxxxxxxx</em>"</strong>
<strong id="EN-US_TOPIC_0121671869__b5551165531613">}</strong>
<strong id="EN-US_TOPIC_0121671869__b18740155861611">}</strong>
}
}</pre>
<p id="EN-US_TOPIC_0121671869__p9691122114266">After a token is obtained, the <strong id="EN-US_TOPIC_0121671869__b147976273481">X-Auth-Token</strong> header field must be added to requests to specify the token when calling other APIs. For example, if the token is <span class="parmvalue" id="EN-US_TOPIC_0121671869__parmvalue36546471362"><b>ABCDEFJ....</b></span>, <span class="parmvalue" id="EN-US_TOPIC_0121671869__parmvalue10655144717611"><b>X-Auth-Token: ABCDEFJ....</b></span> can be added to a request as follows:</p>
<div class="codecoloring" codetype="Java" id="EN-US_TOPIC_0121671869__screen11189101154015"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="n">POST</span><span class="w"> </span><span class="n">https</span><span class="p">:</span><span class="c1">//{{endpoint}}/v3/auth/projects</span>
<span class="n">Content</span><span class="o">-</span><span class="n">Type</span><span class="p">:</span><span class="w"> </span><span class="n">application</span><span class="o">/</span><span class="n">json</span>
<span class="n">X</span><span class="o">-</span><span class="n">Auth</span><span class="o">-</span><span class="n">Token</span><span class="p">:</span><span class="w"> </span><span class="n">ABCDEFJ</span><span class="p">....</span>
</pre></div></td></tr></table></div>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0121671869__section5887143815518"><h4 class="sectiontitle">AK/SK Authentication</h4><div class="note" id="EN-US_TOPIC_0121671869__note26801820183918"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0121671869__p12680102053918">AK/SK authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token authentication is recommended.</p>
</div></div>
<p id="EN-US_TOPIC_0121671869__p171211559122516">In AK/SK authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.</p>
<ul id="EN-US_TOPIC_0121671869__ul9783543561"><li id="EN-US_TOPIC_0121671869__li8787541560">AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.</li><li id="EN-US_TOPIC_0121671869__li47917548569">SK: secret access key, which is used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.</li></ul>
<p id="EN-US_TOPIC_0121671869__p1866949103516">In AK/SK authentication, you can use an AK/SK to sign requests based on the signature algorithm or using the signing SDK. </p>
<div class="note" id="EN-US_TOPIC_0121671869__note1225618420315"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0121671869__p1325674263111">The signing SDK is only used for signing requests and is different from the SDKs provided by services.</p>
</div></div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0121671868.html">Calling APIs</a></div>
</div>
</div>
View Git Blame Copy Permalink