Help Center/ Identity and Access Management/ API Reference/ API/ Token Management/ Verifying a Token

Updated on 2024-07-30 GMT+08:00

View PDF

Verifying a Token

Function

This API can be used by the administrator to verify the token of an IAM user or used by an IAM user to verify their own token. The administrator can only verify the token of an IAM user created using the account. If the token is valid, the detailed information about the token is returned.

The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.

Debugging

You can debug this API in API Explorer.

URI

GET /v3/auth/tokens

**Table 1** Query parameters
Parameter	Mandatory	Type	Description
nocatalog	No	String	If this parameter is set, no catalog information will be displayed in the response. Any character string set for this parameter indicates that no catalog information will be displayed.

Request Parameters

**Table 2** Parameters in the request header
Parameter	Mandatory	Type	Description
Content-Type	Yes	String	Fill application/json;charset=utf8 in this field.
X-Auth-Token	Yes	String	A token with Security Administrator permissions is required if the administrator is requesting to verify the token of an IAM user. The user token (no special permission requirements) of an IAM user is required if the user is requesting to verify their own token.
X-Subject-Token	Yes	String	Token to be verified.

Example Request

Request for verifying a token

GET https://iam.myhuaweicloud.com/v3/auth/tokens

Response Parameters

**Table 3** Parameters in the response header
Parameter	Type	Description
X-Subject-Token	String	Verified token.

**Table 4** Parameters in the response body
Parameter	Type	Description
token	Object	Token information.

**Table 5** token
Parameter	Type	Description
catalog	Array of objects	Catalog information.
domain	Object	Account information about the IAM user whose token is to be verified. This parameter is returned only when the scope parameter in the request body has been set to domain.
expires_at	String	Time when the token will expire. NOTE: The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601.
issued_at	String	Time when the token was issued. NOTE: The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601.
methods	Array of strings	Method for obtaining the token.
project	Object	Project information about the IAM user. This parameter is returned only when the scope parameter in the request body has been set to project.
roles	Array of objects	Permissions information of the token.
user	Object	Information about the IAM user who requests for the token.

**Table 6** token.catalog
Parameter	Type	Description
endpoints	Array of objects	Endpoint information.
id	String	Service ID.
name	String	Service name.
type	String	Type of the service which the API belongs to.

**Table 7** token.catalog.endpoints
Parameter	Type	Description
id	String	Endpoint ID.
interface	String	Visibility of the API. public indicates that the API is available for public access.
region	String	Region which the endpoint belongs to.
region_id	String	Region ID.
url	String	Endpoint URL.

**Table 8** token.domain
Parameter	Type	Description
name	String	Account name.
id	String	Account ID.

**Table 9** token.project
Parameter	Type	Description
domain	Object	Account information about the project.
id	String	Project ID.
name	String	Project name.

**Table 10** token.project.domain
Parameter	Type	Description
id	String	Account ID.
name	String	Account name.

**Table 11** token.roles
Parameter	Type	Description
name	String	Permission name.
id	String	Permission ID. The default value is 0, which does not correspond to any permission.

**Table 12** token.user
Parameter	Type	Description
name	String	IAM username.
id	String	IAM user ID.
password_expires_at	String	Password expiration time. If this parameter is not specified, the password will never expire. NOTE: The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601.
domain	Object	Information about the account used to create the IAM user.

**Table 13** token.user.domain
Parameter	Type	Description
name	String	Name of the account used to create the IAM user.
id	String	Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.

Example Response

Status code: 200

The request is successful.

Parameters in the response header
X-Subject-Token:MIIatAYJKoZIhvcNAQcCoIIapTCCGqECAQExDTALB...

Parameters in the response body
{
    "token": {
        "expires_at": "2020-01-04T09:08:49.965000Z",
        "methods": [
            "password"
        ],
        "catalog": [
            {
                "endpoints": [
                    {
                        "id": "33e1cbdd86d34e89a63cf8ad16a5f49f",
                        "interface": "public",
                        "region": "*",
                        "region_id": "*",
                        "url": "https://iam.myhuaweicloud.com/v3.0"
                    }
                ],
                "id": "100a6a3477f1495286579b819d399e36",
                "name": "iam",
                "type": "iam"
            },
            {
                "endpoints": [
                    {
                        "id": "29319cf2052d4e94bcf438b55d143832",
                        "interface": "public",
                        "region": "*",
                        "region_id": "*",
                        "url": "https://bss.sample.domain.com/v1.0"
                    }
                ],
                "id": "c6db69fabbd549908adcb861c7e47ca4",
                "name": "bssv1",
                "type": "bssv1"
            }
        ],
        "domain": {
            "id": "d78cbac186b744899480f25bd022f468",
            "name": "IAMDomain"
        },
        "roles": [
            {
                "id": "0",
                "name": "te_admin"
            },
            {
                "id": "0",
                "name": "secu_admin"
            },
            {
                "id": "0",
                "name": "te_agency"
            }
        ],
        "issued_at": "2020-01-03T09:08:49.965000Z",
        "user": {
            "domain": {
                "id": "d78cbac186b744899480f25bd022f468",
                "name": "IAMDomain"
            },
            "id": "7116d09f88fa41908676fdd4b039e95b",
            "name": "IAMUser",
            "password_expires_at": ""
        }
    }
}

Status code: 404

The requested resource cannot be found.

{
    "error": {
        "code": 404,
        "message": "X-Subject-Token is invalid in the request",
        "title": "Not Found"
    }
}

Status Codes

Status Code	Description
200	The request is successful.
401	Authentication failed.
403	Access denied.
404	The requested resource cannot be found.
500	Internal server error.

Error Codes

None

Parent topic: Token Management

Previous topic: Obtaining an Agency Token

Next topic: Access Key Management

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot