Verifying a Token
Function
This API can be used by the administrator to verify the token of an IAM user or used by an IAM user to verify their own token. The administrator can only verify the token of an IAM user created using the account. If the token is valid, the detailed information about the token is returned.
The API can be called using both the global endpoint and region-specific endpoints.
URI
GET /v3/auth/tokens
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
nocatalog |
No |
String |
If this parameter is set, no catalog information will be displayed in the response. Any character string set for this parameter indicates that no catalog information will be displayed. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
X-Auth-Token |
Yes |
String |
A token with Security Administrator permissions is required if the administrator is requesting to verify the token of an IAM user. The user token (no special permission requirements) of an IAM user is required if the user is requesting to verify their own token. |
X-Subject-Token |
Yes |
String |
Token to be verified. |
Example Request
Request for verifying a token
GET https://iam.myhuaweicloud.eu/v3/auth/tokens
Response Parameters
Parameter |
Type |
Description |
---|---|---|
X-Subject-Token |
String |
Verified token. |
Parameter |
Type |
Description |
---|---|---|
Object |
Token information. |
Parameter |
Type |
Description |
---|---|---|
Array of objects |
Catalog information. |
|
Object |
Account information of the IAM user whose token is to be verified. This parameter is returned only when the scope parameter in the request body has been set to domain. |
|
expires_at |
String |
Time when the token will expire.
NOTE:
The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
issued_at |
String |
Time when the token was issued.
NOTE:
The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
methods |
Array of strings |
Method for obtaining the token. |
Object |
Project information of the IAM user. This parameter is returned only when the scope parameter in the request body has been set to project. |
|
Array of objects |
Permissions information of the token. |
|
Object |
Information about the IAM user who requests for the token. |
Parameter |
Type |
Description |
---|---|---|
Array of objects |
Endpoint information. |
|
id |
String |
Service ID. |
name |
String |
Service name. |
type |
String |
Type of the service to which the API belongs. |
Parameter |
Type |
Description |
---|---|---|
id |
String |
Endpoint ID. |
interface |
String |
Visibility of the API. public indicates that the API is available for public access. |
region |
String |
Region to which the endpoint belongs. |
region_id |
String |
Region ID. |
url |
String |
Endpoint URL. |
Parameter |
Type |
Description |
---|---|---|
Object |
Account information of the project. |
|
id |
String |
Project ID. |
name |
String |
Project name. |
Parameter |
Type |
Description |
---|---|---|
id |
String |
Account ID. |
name |
String |
Account name. |
Parameter |
Type |
Description |
---|---|---|
name |
String |
Permission name. |
id |
String |
Permission ID. The default value is 0, which does not correspond to any permission. |
Parameter |
Type |
Description |
---|---|---|
name |
String |
IAM user name. |
id |
String |
IAM user ID. |
password_expires_at |
String |
Password expiration time. If this parameter is not specified, the password will never expire.
NOTE:
The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
Object |
Information about the account used to create the IAM user. |
Parameter |
Type |
Description |
---|---|---|
name |
String |
Name of the account used to create the IAM user. |
id |
String |
Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
Example Response
Status code: 200
The request is successful.
Parameters in the response header X-Subject-Token:MIIatAYJKoZIhvcNAQcCoIIapTCCGqECAQExDTALB...
Parameters in the response body
{
"token": {
"expires_at": "2020-01-04T09:08:49.965000Z",
"methods": [
"password"
],
"catalog": [
{
"endpoints": [
{
"id": "33e1cbdd86d34e89a63cf8ad16a5f49f",
"interface": "public",
"region": "*",
"region_id": "*",
"url": "https://iam.myhuaweicloud.eu/v3.0"
}
],
"id": "100a6a3477f1495286579b819d399e36",
"name": "iam",
"type": "iam"
},
{
"endpoints": [
{
"id": "29319cf2052d4e94bcf438b55d143832",
"interface": "public",
"region": "*",
"region_id": "*",
"url": "https://bss.sample.domain.com/v1.0"
}
],
"id": "c6db69fabbd549908adcb861c7e47ca4",
"name": "bssv1",
"type": "bssv1"
}
],
"domain": {
"id": "d78cbac186b744899480f25bd022f468",
"name": "IAMDomain"
},
"roles": [
{
"id": "0",
"name": "te_admin"
},
{
"id": "0",
"name": "secu_admin"
},
{
"id": "0",
"name": "te_agency"
}
],
"issued_at": "2020-01-03T09:08:49.965000Z",
"user": {
"domain": {
"id": "d78cbac186b744899480f25bd022f468",
"name": "IAMDomain"
},
"id": "7116d09f88fa41908676fdd4b039e95b",
"name": "IAMUser",
"password_expires_at": ""
}
}
}
Status code: 404
The requested resource cannot be found.
{ "error": { "code": 404, "message": "X-Subject-Token is invalid in the request", "title": "Not Found" } }
Status Codes
Status Code |
Description |
---|---|
200 |
The request is successful. |
401 |
Authentication failed. |
403 |
Access denied. |
404 |
The requested resource cannot be found. |
500 |
Internal server error. |
Error Codes
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.