Updated on 2023-11-09 GMT+08:00

Authentication

You can use either of the following authentication methods to call APIs:
  • Token authentication: Requests are authenticated using a token.
  • AK/SK authentication: Requests are encrypted using AK/SK pairs. AK/SK-based authentication is recommended because it is more secure than token-based authentication.

Token Authentication

A token is valid for 24 hours. If a token is required, the system caches the token to avoid frequent calling.

A token specifies certain permissions in a computer system. During token-based API authentication, the token is added to requests to get permissions for calling the API.

You can obtain a token by calling the Obtaining a User Token API. When you call the API, set auth.scope in the request body to project.

{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "name": "username",
                    "password": "********",
                    "domain": {
                        "name": "domainname"
                    }
                }
            }
        },
        "scope": {
            "project": {
                "name": "xxxxxxxx"
            }
        }
    }
}

After a token is obtained, the X-Auth-Token header field must be added to requests to specify the token when other APIs are called. For example, if the token is ABCDEFJ...., X-Auth-Token: ABCDEFJ.... can be added to a request as follows:

1
2
3
POST https://iam.cn-north-4.myhuaweicloud.com/v3/auth/projects
Content-Type: application/json
X-Auth-Token: ABCDEFJ....