Token-based Authentication
Application Scenario
If you use a token for authentication, you must obtain the user token and add X-Auth-Token to the request message header of the service API when making an API call.
This section describes how to call an API to complete token authentication.
Procedure
- Send POST https://IAM endpoint/v3/auth/tokens to obtain the endpoint of the Identity and Access Management (IAM) service and the region name in the message body. For details, see Regions and Endpoints.
The validity period of a token is 24 hours. If a token is required, the system caches the token to avoid frequent calling.
Replace fields in italic in the following example with actual values. For details, see the Identity and Access Management API Reference.
A token specifies temporary permissions in a computer system. Token-based authentication adds a token in a request as its header during API calling to obtain the permissions for operating APIs on IAM.
When you call an API to obtain a user token, you must set auth.scope in the request body to project.
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", "password": "password", "domain": { "name": "domainname" } } } }, "scope": { "project": { "name": "cn-north-1" //The region name cn-north-1 is used as an example. } } } } - Obtain a token. For details, see section "Obtaining a User Token" in the Identity and Access Management API Reference.
After fulfilling the API request, IAM returns the token in the header parameter X-Subject-Token of the success response.
- Call a service API and add the X-Auth-Token header with the token obtained in 2.
After obtaining a token, clear the operation records to prevent information leakage.
Last Article: Authentication
Next Article: AK/SK-based Authentication
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.