Authentication of Management Plane APIs
Requests for calling a management plane API of GES can be authenticated using either of the following methods:
- Token-based authentication: Requests are authenticated using a token.
- AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK pair. AK/SK-based authentication is recommended because it is more secure.
Token-based Authentication
A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to requests to get permissions for calling the API.
When calling the API to obtain a user token, you must set auth.scope in the request body to project.
{"auth": {"identity": {"methods": ["password"],"password": {"user": {"name": "username","password": "********","domain": {"name": "domainname"}}}},"scope": {"project": {"name": "xxxxxxxx"}}}}
Note
- The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.
- To obtain the token, the GES scope must be project (cannot be domain).
After a token is obtained, the X-Auth-Token header field must be added to requests to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., X-Auth-Token: ABCDEFJ.... can be added to a request:
Parent topic: Authentication
- Token-based Authentication