Help Center/ API Gateway/ Developer Guide/ Calling APIs Through IAM Authentication/ Token Authentication
Updated on 2023-04-06 GMT+08:00
View PDF

Token Authentication

Scenarios

To call APIs using a token, add the token to the X-Auth-Token header in API requests.

You can use either of the following authentication methods to call APIs:

  • Token authentication: Requests are authenticated using a token.
  • AK/SK authentication: Requests are encrypted using an access key ID (AK) and a secret access key (SK).

Calling an API Through Token Authentication

  1. Obtain a token. For details, see "chapter "Obtaining a User Token"" in the Identity and Access Management API Reference. After the request is processed, the value of X-Subject-Token in the message header is the token value.

    The following figures show how to obtain a token using an API testing tool.

    Figure 1 Example request
    Figure 2 Obtaining the X-Subject-Token response header
  2. Call a service API and add the X-Auth-Token request header to specify the token obtained in 1.

Example

This section describes the basic procedure for using an API.

  1. Obtain the required information.

    Contact technical support to obtain the IAM endpoint.

  2. On the management console, hover the mouse pointer over the username in the upper right corner, choose My Credentials from the drop-down list, and then view the project ID on the displayed page.
  3. Call the token authentication API to obtain a token, and set an environment variable to pass the token. This token will be used for authentication of other APIs. For details, see chapter "Obtaining a User Token".
    1. Run the following commands to obtain a token: 
      curl -X POST https://{iam_endpoint}/v3/auth/tokens -H 'content-type: application/json' -d '{
	"auth": {
		"identity": {
			"methods": [
				"password"
			],
			"password": {
				"user": {
				"name": "{user_name}",
					"domain": {
						"name": "{user_name}"
					},
			"password": "{password}"
				}
			}
		},
		"scope": {
			"project": {
				"id": "{project_id}"
			}
		}
	}
}' -vk

      Modify the following parameters by referring to Identity and Access Management API Reference:

      • {iam_endpoint}: Replace this parameter with the IAM endpoint.
      • {project_id}: Replace this parameter with the project ID.
      • {user_name} and {password}: Replace these two parameters respectively with the username and password of the IAM server.

      The value of the X-Subject-Token response header is the token.

      X-Subject-Token:MIIDkgYJKoZIhvcNAQcCoIIDgzCCAxxxxxx38CAQExDTALBglghkgBZQMEAgEwg
    2. Run the following command to set an environment variable for passing the token:

      export Token={X-Subject-Token}

      X-Subject-Token is the token obtained in 3.a. Example:

      export Token=MIIDkgYJKoZIhvcNAQcCoIIDgzCCAxxxxxx38CAQExDTALBglghkgBZQMEAgEwg
  4. Call an API. Configure required parameters, and obtain the domain name, request method, and URL by referring to Preparation. 
    curl -X Request_method Domain name+URL  -H "x-auth-token: $Token" -vk