Help Center/ Partner Center/ API Reference/ Appendix/ How Can I Replace a Partner Token with a Customer Token

Updated on 2023-08-10 GMT+08:00

View PDF

How Can I Replace a Partner Token with a Customer Token

Operations

Invoke the IAM API to obtain your Huawei Cloud account token. For details, see Obtaining a User Token Through Password Authentication.

For details about the IAM API endpoints, see Regions and Endpoints. If the scope field in the request body is domain, use the endpoint with Region being All. If the scope field is set to project, you can use the endpoint with Region being All, or the endpoint of the region to which the project belongs.

In this step, no token needs to be transferred. You only need to add Content-Type to the header, and set its value to application/json. As shown in Figure 1, the x-subject-token field in the red box on the Headers tab is your account token.

Example request
```
{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "name": "Partner's Huawei Cloud account",
                    "domain": {
                    "name": "Partner's Huawei Cloud account",
                    },
                    "password": "XXXXX"
                }
            }
        },
        "scope": {
            "domain": {
                 "name": "Partner's Huawei Cloud account",
            }
        }
    }
}
```
Figure 1 Obtaining partner's HUAWEI CLOUD account token
Invoke the IAM API to obtain the customer account token. For details, see Obtaining an Agency Token.
Add Content-Type and X-Auth-Token to the request header. Set Content-Type to application/json and X-Auth-Token to the BP token obtained in 1. As shown in Figure 2, the x-subject-token field in the red box on the Headers tab is the customer account token. A partner can use the customer's HUAWEI CLOUD account token to perform operations on resources in the customer's HUAWEI CLOUD account.

Example request:
```
{
    "auth": {
        "identity": {
            "methods": [
                "assume_role"
            ],
            "assume_role": {
                 "domain_name": "Customer's Huawei Cloud account",
                "agency_name": "Agency name (xaccountType)"
            }
        },
        "scope": {
            "project": {
                "name": "The name of the project to which the customer's resources belong
            }
        }
    }
}
```
Figure 2 Obtaining customer's HUAWEI CLOUD account token

Response body descriptions
- readonly indicates that the account has the Tenant Guest permissions. te_admin indicates that the account has the Tenant Administrator permissions.
  Figure 3 Permissions descriptions
- Information marked in the red box in Figure 4 is the project ID.
  Figure 4 Project ID