Obtaining a Token and Checking the Validity Period of the Token
Scenarios
The validity period of a token is 24 hours. After obtaining a token, store it to prevent frequent API calling. The original token will remain valid until it expires regardless of whether a new token has been obtained. Ensure that the token is valid when you use it. Using a token that will soon expire may cause API calling failures.
This section describes how to obtain a token and check its validity period to resolve the API calling failures caused by token expiration.
If the token is about to expire (cannot complete an API call or a set of API calls), you need to obtain a new token to prevent the call from being interrupted due to token expiration.
Obtaining a Token
You need to obtain a token for authentication before calling an API. The X-Auth-Token value in the request header is the token value.
The following is an example to show how to obtain the token of the EU-Dublin region.
- Request URI: POST https://iam.eu-west-101.myhuaweicloud.com/v3/auth/tokens
- Request header: Content-Type=application/json
- Request message body:
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "Enter a username", "password": "Enter the password for login.", "domain": { "name": "Enter the account name." } } } }, "scope": { "project": { "name": "Enter a region name. In this example, the region is .eu-west-101" } } } }
- To view the obtained token, click the response header. The value of x-subject-token is the obtained token. Keep the token secure because it will be used in the request header for creating ECSs.
General: Request URL: https://iam.eu-west-101.myhuaweicloud.com/v3/auth/tokens Request Method: POST Status Code: 201 Response Headers: cache-control: no-cache, no-store, must-revalidate connection: keep-alive content-length: 18401 content-type: application/json; charset=UTF-8 date: Thu, 27 May 2021 01:24:49 GMT expires: Thu, 01 Jan 1970 00:00:00 GMT pragma: no-cache server: api-gateway strict-transport-security: max-age=31536000; includeSubdomains; via: proxy A x-content-type-options: nosniff x-download-options: noopen x-frame-options: SAMEORIGIN x-iam-trace-id: token_eu-west-101_null_9bbec3983f3c7a5c146e709251760467 x-request-id: d7796611318416bc8ffb2948a47fede8 x-subject-token: MIISMAYJKoZIhvcNAQ...7xMUw== x-xss-protection: 1; mode=block;
- The expires_at value in the response body is the token expiration time.
{ "token": { "expires_at": "2021-05-28T01:24:49.905000Z", ... } }
Checking the Token Validity Period
When making an API call, the system checks whether the validity period of the token is long enough. If your application has cached the token, it is recommended that the token be refreshed every 12 hours to ensure that is has a long enough validity period.
You can query the expiration time of a token by referring to Verifying a Token.
The following is an example to show how to verify the token of the EU-Dublin region.
- Request URI: GET https://iam.eu-west-101.myhuaweicloud.com/v3/auth/tokens
- Request header:
- Content-Type=application/json;charset=utf8
- X-Auth-Token: A token with Security Administrator permissions is required if the administrator is requesting to verify the token of an IAM user.
The user token (no special permission requirements) of an IAM user is required if the user is requesting to verify their own token.
This example uses the IAM user and therefore the X-Auth-Token is the same as the token to be verified
- X-Subject-Token: Token to be verified.
- The expires_at value in the response body is the token expiration time.
If the token is about to expire (cannot complete an API call or a set of API calls), you need to obtain a new token to prevent the call from being interrupted due to token expiration.
{ "token": { "expires_at": "2021-05-28T01:24:49.905000Z", ... } }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
