Help Center/ Elastic Cloud Server/ API Reference/ Application Examples/ Obtaining a Token and Checking the Validity Period of the Token
Updated on 2022-09-23 GMT+08:00

Obtaining a Token and Checking the Validity Period of the Token

Scenarios

The validity period of a token is 24 hours. After obtaining a token, store it to prevent frequent API calling. The original token will remain valid until it expires regardless of whether a new token has been obtained. Ensure that the token is valid when you use it. Using a token that will soon expire may cause API calling failures.

This section describes how to obtain a token and check its validity period to resolve the API calling failures caused by token expiration.

If the token is about to expire (cannot complete an API call or a set of API calls), you need to obtain a new token to prevent the call from being interrupted due to token expiration.

Obtaining a Token

You need to obtain a token for authentication before calling an API. The X-Auth-Token value in the request header is the token value.

The following is an example to show how to obtain the token of the EU-Dublin region.

  • Request URI: POST https://iam.eu-west-101.myhuaweicloud.com/v3/auth/tokens
  • Request header: Content-Type=application/json
  • Request message body:
    {
        "auth": {
            "identity": {
                "methods": [
                    "password"
                ],
                "password": {
                    "user": {
                        "name": "Enter a username",
                        "password": "Enter the password for login.",
                        "domain": {
                            "name": "Enter the account name."
                        }
                    }
                }
            },
            "scope": {
                "project": {
                    "name": "Enter a region name. In this example, the region is .eu-west-101"
                }
            }
        }
    }

  • To view the obtained token, click the response header. The value of x-subject-token is the obtained token. Keep the token secure because it will be used in the request header for creating ECSs.
    General:
       Request URL: https://iam.eu-west-101.myhuaweicloud.com/v3/auth/tokens
       Request Method: POST
       Status Code: 201
    Response Headers:
       cache-control: no-cache, no-store, must-revalidate
       connection: keep-alive
       content-length: 18401
       content-type: application/json; charset=UTF-8
       date: Thu, 27 May 2021 01:24:49 GMT
       expires: Thu, 01 Jan 1970 00:00:00 GMT
       pragma: no-cache
       server: api-gateway
       strict-transport-security: max-age=31536000; includeSubdomains;
       via: proxy A
       x-content-type-options: nosniff
       x-download-options: noopen
       x-frame-options: SAMEORIGIN
       x-iam-trace-id: token_eu-west-101_null_9bbec3983f3c7a5c146e709251760467
       x-request-id: d7796611318416bc8ffb2948a47fede8
       x-subject-token: MIISMAYJKoZIhvcNAQ...7xMUw==
       x-xss-protection: 1; mode=block;
  • The expires_at value in the response body is the token expiration time.
    {
    	"token": {
    		"expires_at": "2021-05-28T01:24:49.905000Z",
            ...
    	}
    }

Checking the Token Validity Period

When making an API call, the system checks whether the validity period of the token is long enough. If your application has cached the token, it is recommended that the token be refreshed every 12 hours to ensure that is has a long enough validity period.

You can query the expiration time of a token by referring to Verifying a Token.

The following is an example to show how to verify the token of the EU-Dublin region.

  • Request URI: GET https://iam.eu-west-101.myhuaweicloud.com/v3/auth/tokens
  • Request header:
    • Content-Type=application/json;charset=utf8
    • X-Auth-Token: A token with Security Administrator permissions is required if the administrator is requesting to verify the token of an IAM user.

      The user token (no special permission requirements) of an IAM user is required if the user is requesting to verify their own token.

      This example uses the IAM user and therefore the X-Auth-Token is the same as the token to be verified

    • X-Subject-Token: Token to be verified.
  • The expires_at value in the response body is the token expiration time.

    If the token is about to expire (cannot complete an API call or a set of API calls), you need to obtain a new token to prevent the call from being interrupted due to token expiration.

    {
    	"token": {
    		"expires_at": "2021-05-28T01:24:49.905000Z",
            ...
    	}
    }