Verifying a Token
Function
This API can be used by the administrator to verify the token of an IAM user or used by an IAM user to verify their own token. The administrator can only verify the token of an IAM user created using the account. If the token is valid, the detailed information about the token is returned.
The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
URI
GET /v3/auth/tokens
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
nocatalog |
No |
String |
If this parameter is set, no catalog information will be displayed in the response. Any character string set for this parameter indicates that no catalog information will be displayed. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
|
X-Auth-Token |
Yes |
String |
A token with Security Administrator permissions is required if the administrator is requesting to verify the token of an IAM user. The user token (no special permission requirements) of an IAM user is required if the user is requesting to verify their own token. |
|
X-Subject-Token |
Yes |
String |
Token to be verified. |
Example Request
GET https://iam.myhuaweicloud.com/v3/auth/tokens
Response Parameters
|
Parameter |
Type |
Description |
|---|---|---|
|
X-Subject-Token |
String |
Verified token. |
|
Parameter |
Type |
Description |
|---|---|---|
|
Object |
Token information. |
|
Parameter |
Type |
Description |
|---|---|---|
|
Array of objects |
Catalog information. |
|
|
Object |
Account information of the IAM user whose token is to be verified. This parameter is returned only when the scope parameter in the request body has been set to domain. |
|
|
expires_at |
String |
Time when the token will expire. |
|
issued_at |
String |
Time when the token was issued. |
|
methods |
Array of strings |
Method for obtaining the token. |
|
Object |
Project information of the IAM user. This parameter is returned only when the scope parameter in the request body has been set to project. |
|
|
Array of objects |
Permissions information of the token. |
|
|
Object |
Information about the IAM user who requests for the token. |
|
Parameter |
Type |
Description |
|---|---|---|
|
Array of objects |
Endpoint information. |
|
|
id |
String |
Service ID. |
|
name |
String |
Service name. |
|
type |
String |
Type of the service to which the API belongs. |
|
Parameter |
Type |
Description |
|---|---|---|
|
id |
String |
Endpoint ID. |
|
interface |
String |
Visibility of the API. public indicates that the API is available for public access. |
|
region |
String |
Region to which the endpoint belongs. |
|
region_id |
String |
Region ID. |
|
url |
String |
Endpoint URL. |
|
Parameter |
Type |
Description |
|---|---|---|
|
Object |
Account information of the project. |
|
|
id |
String |
Project ID. |
|
name |
String |
Project name. |
|
Parameter |
Type |
Description |
|---|---|---|
|
id |
String |
Account ID. |
|
name |
String |
Account name. |
|
Parameter |
Type |
Description |
|---|---|---|
|
name |
String |
Permission name. |
|
id |
String |
Permission ID. The default value is 0, which does not correspond to any permission. |
|
Parameter |
Type |
Description |
|---|---|---|
|
name |
String |
IAM user name. |
|
id |
String |
IAM user ID. |
|
password_expires_at |
String |
UTC time when the password will expire. If this parameter is empty, it indicates that the password has unlimited validity. |
|
Object |
Information about the account used to create the IAM user. |
|
Parameter |
Type |
Description |
|---|---|---|
|
name |
String |
Name of the account used to create the IAM user. |
|
id |
String |
Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
Example Response
Status code: 200
The request is successful.
Parameters in the response header X-Subject-Token:MIIatAYJKoZIhvcNAQcCoIIapTCCGqECAQExDTALB...
Parameters in the response body
{
"token": {
"expires_at": "2020-01-04T09:08:49.965000Z",
"methods": [
"password"
],
"catalog": [
{
"endpoints": [
{
"id": "33e1cbdd86d34e89a63cf8ad16a5f49f",
"interface": "public",
"region": "*",
"region_id": "*",
"url": "https://iam.myhuaweicloud.com/v3.0"
}
],
"id": "100a6a3477f1495286579b819d399e36",
"name": "iam",
"type": "iam"
},
{
"endpoints": [
{
"id": "29319cf2052d4e94bcf438b55d143832",
"interface": "public",
"region": "*",
"region_id": "*",
"url": "https://bss.myhuaweicloud.com/v1.0"
}
],
"id": "c6db69fabbd549908adcb861c7e47ca4",
"name": "bssv1",
"type": "bssv1"
}
],
"domain": {
"id": "d78cbac186b744899480f25bd022f468",
"name": "IAMDomain"
},
"roles": [
{
"id": "0",
"name": "te_admin"
},
{
"id": "0",
"name": "secu_admin"
},
{
"id": "0",
"name": "te_agency"
}
],
"issued_at": "2020-01-03T09:08:49.965000Z",
"user": {
"domain": {
"id": "d78cbac186b744899480f25bd022f468",
"name": "IAMDomain"
},
"id": "7116d09f88fa41908676fdd4b039e95b",
"name": "IAMUser",
"password_expires_at": ""
}
}
}
Status code: 404
The requested resource cannot be found.
{
"error": {
"code": 404,
"message": "X-Subject-Token is invalid in the request",
"title": "Not Found"
}
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
The request is successful. |
|
401 |
Authentication failed. |
|
403 |
Access denied. |
|
404 |
The requested resource cannot be found. |
|
500 |
Internal server error. |
Error Codes
None
Last Article: Obtaining an Agency Token
Next Article: Access Key Management
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.