| Verb | URI | Description |
|---|---|---|
| POST | v2.0/tokens | Authenticate to generate a token. |
Normal Response Code(s): 200, 203
Error Response Code(s): identityFault (400, 500, …), userDisabled (403), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
![[Note]](/auth-v2.0-auth-client-devguide/common/images/admon/note.png) | Note |
|---|---|
This call is available to users who have authenticated as a holder of either the admin role or the user role.
|
This call returns a token if successful. Each ReST request
requires the inclusion of a specific authorization token HTTP x-header, defined as X-Auth-Token.
The token must be supplied for calls
against other services and for other
calls to the authentication service, such as the GET /tenants call.
Clients obtain
X-Auth-Token and the URL endpoints for other service APIs by supplying their valid credentials
to the authentication service.
Client authentication is provided via a ReST interface using the POST method,
with v2.0/tokens supplied as the path. A payload of credentials must be included
in the body.
The authentication service is a ReSTful web service. It is the entry point to all service APIs. To access the authentication service, you must know its URL.
You can authenticate by providing any of several kinds of credentials:
username and API key
username, API key, and tenant ID
username, API key, and tenant name
username and password
username, password and tenant ID
username, password and tenant name
token
You can use whichever valid credentials you prefer. Unless you specify a tenant, the authentication service's response is not affected by which kind of credentials you use.
![[Important]](/auth-v2.0-auth-client-devguide/common/images/admon/important.png) | Important |
|---|---|
If you specify a tenant, the |
To see authentication requests and responses with annotations explaining key ideas, see the examples in the "General API Information" chapter's "Sample Authentication Request and Response" section.
The examples below demonstrate authentication with several kinds of credentials.
Example 4.25. Authenticate (with Username and API Key Credentials) Request: XML
<?xml version="1.0" encoding="UTF-8"?>
<auth>
<apiKeyCredentials
xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
username="demoauthor"
apiKey="aaaaa-bbbbb-ccccc-12345678"/>
</auth>Example 4.26. Authenticate (with Username, API Key, and Tenant ID Credentials) Request: XML
<?xml version="1.0" encoding="UTF-8"?>
<auth>
<apiKeyCredentials
xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
username="demoauthor"
apiKey="aaaaa-bbbbb-ccccc-12345678"
tenantId="1100111" />
</auth>Example 4.27. Authenticate (with Username and Password Credentials) Request: XML
<?xml version="1.0" encoding="UTF-8"?> <auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.openstack.org/identity/api/v2.0"> <passwordCredentials username="demoauthor" password="theUsersPassword"/> </auth>
Example 4.28. Authenticate (with Username, Password, and Tenant ID Credentials) Request: XML
<?xml version="1.0" encoding="UTF-8"?> <auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.openstack.org/identity/api/v2.0"> <passwordCredentials username="demoauthor" password="theUsersPassword" tenantId="1100111"/> </auth>
Example 4.29. Authenticate (with Tenant ID and Token Credentials) Request: XML
<?xml version="1.0" encoding="UTF-8"?> <auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.openstack.org/identity/api/v2.0" tenantId="1100111"> <token id="vvvvvvvv-wwww-xxxx-yyyy-zzzzzzzzzzzz" /> </auth>
Example 4.30. Authenticate (with Tenant Name and Token Credentials) Request: XML
<?xml version="1.0" encoding="UTF-8"?> <auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.openstack.org/identity/api/v2.0" tenantName="tenantabc"> <token id="vvvvvvvv-wwww-xxxx-yyyy-zzzzzzzzzzzz" /> </auth>
Example 4.31. Authenticate (with Username and API Key Credentials) Request: JSON
{
"auth": {
"RAX-KSKEY:apiKeyCredentials": {
"username": "demoauthor",
"apiKey": "aaaaa-bbbbb-ccccc-12345678"
}
}
}Example 4.32. Authenticate (with Username, API Key, and Tenant ID Credentials) Request: JSON
{
"auth": {
"RAX-KSKEY:apiKeyCredentials": {
"username": "demoauthor",
"apiKey": "aaaaa-bbbbb-ccccc-12345678"
},
"tenantId": "1100111"
}
}Example 4.33. Authenticate (with Username and Password Credentials) Request: JSON
{
"auth":{
"passwordCredentials":{
"username":"demoauthor",
"password":"theUsersPassword"
}
}
}Example 4.34. Authenticate (with Username, Password, and Tenant ID Credentials) Request: JSON
{
"auth":{
"passwordCredentials":{
"username":"demoauthor",
"password":"theUsersPassword"
},
"tenantId": "12345678"
}
}Example 4.35. Authenticate (with Tenant ID and Token Credentials) Request: JSON
{
"auth": {
"tenantId": "1100111",
"token": {
"id": "vvvvvvvv-wwww-xxxx-yyyy-zzzzzzzzzzzz"
}
}
}Example 4.36. Authenticate (with Tenant Name and Token Credentials) Request: JSON
{
"auth": {
"tenantName": "tenantabc",
"token": {
"id": "vvvvvvvv-wwww-xxxx-yyyy-zzzzzzzzzzzz"
}
}
} | Important |
|---|---|
The token's expiration time is formatted differently in the US and UK. |
Example 4.37. Authentication Response for US Endpoint: XML
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:common="http://docs.openstack.org/common/api/v1.0"
xmlns:ksgrp="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
xmlns:rax-kscatalog="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom">
<token
id="aaaaa-bbbbb-ccccc-dddd"
expires="2012-04-13T13:15:00.000-05:00"/>
<user
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
id="161418" name="demoauthor" rax-auth:defaultRegion="DFW">
<roles>
<role id="3" name="identity:user-admin"
description="User Admin Role."/>
</roles>
</user>
<serviceCatalog>
<service type="rax:database" name="cloudDatabases">
<endpoint region="DFW" tenantId="12345"
publicURL="https://dfw.databases.api.rackspacecloud.com/v1.0/12345"/>
<endpoint region="ORD" tenantId="12345"
publicURL="https://ord.databases.api.rackspacecloud.com/v1.0/12345"/>
</service>
<service type="rax:load-balancer" name="cloudLoadBalancers">
<endpoint region="ORD" tenantId="12345"
publicURL="https://ord.loadbalancers.api.rackspacecloud.com/v1.0/12345"/>
<endpoint region="DFW" tenantId="12345"
publicURL="https://dfw.loadbalancers.api.rackspacecloud.com/v1.0/12345"/>
</service>
<service type="rax:object-cdn" name="cloudFilesCDN">
<endpoint region="DFW" tenantId="MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
publicURL="https://cdn1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
/>
<endpoint region="ORD" tenantId="MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
publicURL="https://cdn2.clouddrive.com/v1/MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
/>
</service>
<service type="rax:monitor" name="cloudMonitoring">
<endpoint tenantId="12345"
publicURL="https://monitoring.api.rackspacecloud.com/v1.0/12345"/>
</service>
<service type="object-store" name="cloudFiles">
<endpoint region="DFW" tenantId="MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
publicURL="https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
internalURL="https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
/>
<endpoint region="ORD" tenantId="MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
publicURL="https://storage101.ord1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
internalURL="https://snet-storage101.ord1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
/>
</service>
<service type="compute" name="cloudServers">
<endpoint tenantId="12345"
publicURL="https://servers.api.rackspacecloud.com/v1.0/12345">
<version id="1.0" info="https://servers.api.rackspacecloud.com/v1.0"
list="https://servers.api.rackspacecloud.com/"/>
</endpoint>
</service>
<service type="compute" name="cloudServersOpenStack">
<endpoint region="DFW" tenantId="12345"
publicURL="https://dfw.servers.api.rackspacecloud.com/v2/12345">
<version id="2" info="https://dfw.servers.api.rackspacecloud.com/v2"
list="https://dfw.servers.api.rackspacecloud.com/"/>
</endpoint>
<endpoint region="ORD" tenantId="12345"
publicURL="https://ord.servers.api.rackspacecloud.com/v2/12345">
<version id="2" info="https://ord.servers.api.rackspacecloud.com/v2"
list="https://ord.servers.api.rackspacecloud.com/"/>
</endpoint>
</service>
<service type="rax:dns" name="cloudDNS">
<endpoint tenantId="12345"
publicURL="https://dns.api.rackspacecloud.com/v1.0/12345"/>
</service>
</serviceCatalog>
</access> | Important |
|---|---|
The token's expiration time is formatted differently in the US and UK. |
Example 4.38. Authentication Response for UK Endpoint: XML
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:common="http://docs.openstack.org/common/api/v1.0"
xmlns:ksgrp="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
xmlns:rax-kscatalog="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom">
<token
id="aaaaa-bbbbb-ccccc-dddd"
expires="2012-04-13T13:15:00.000Z"/>
<user
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
id="161418" name="demoauthor" rax-auth:defaultRegion="DFW">
<roles>
<role id="3" name="identity:user-admin"
description="User Admin Role."/>
</roles>
</user>
<serviceCatalog>
<service type="rax:database" name="cloudDatabases">
<endpoint region="DFW" tenantId="12345"
publicURL="https://dfw.databases.api.rackspacecloud.com/v1.0/12345"/>
<endpoint region="ORD" tenantId="12345"
publicURL="https://ord.databases.api.rackspacecloud.com/v1.0/12345"/>
</service>
<service type="rax:load-balancer" name="cloudLoadBalancers">
<endpoint region="ORD" tenantId="12345"
publicURL="https://ord.loadbalancers.api.rackspacecloud.com/v1.0/12345"/>
<endpoint region="DFW" tenantId="12345"
publicURL="https://dfw.loadbalancers.api.rackspacecloud.com/v1.0/12345"/>
</service>
<service type="rax:object-cdn" name="cloudFilesCDN">
<endpoint region="DFW" tenantId="MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
publicURL="https://cdn1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
/>
<endpoint region="ORD" tenantId="MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
publicURL="https://cdn2.clouddrive.com/v1/MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
/>
</service>
<service type="rax:monitor" name="cloudMonitoring">
<endpoint tenantId="12345"
publicURL="https://monitoring.api.rackspacecloud.com/v1.0/12345"/>
</service>
<service type="object-store" name="cloudFiles">
<endpoint region="DFW" tenantId="MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
publicURL="https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
internalURL="https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
/>
<endpoint region="ORD" tenantId="MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
publicURL="https://storage101.ord1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
internalURL="https://snet-storage101.ord1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbbbb-ccccc-ddddd"
/>
</service>
<service type="compute" name="cloudServers">
<endpoint tenantId="12345"
publicURL="https://servers.api.rackspacecloud.com/v1.0/12345">
<version id="1.0" info="https://servers.api.rackspacecloud.com/v1.0"
list="https://servers.api.rackspacecloud.com/"/>
</endpoint>
</service>
<service type="compute" name="cloudServersOpenStack">
<endpoint region="DFW" tenantId="12345"
publicURL="https://dfw.servers.api.rackspacecloud.com/v2/12345">
<version id="2" info="https://dfw.servers.api.rackspacecloud.com/v2"
list="https://dfw.servers.api.rackspacecloud.com/"/>
</endpoint>
<endpoint region="ORD" tenantId="12345"
publicURL="https://ord.servers.api.rackspacecloud.com/v2/12345">
<version id="2" info="https://ord.servers.api.rackspacecloud.com/v2"
list="https://ord.servers.api.rackspacecloud.com/"/>
</endpoint>
</service>
<service type="rax:dns" name="cloudDNS">
<endpoint tenantId="12345"
publicURL="https://dns.api.rackspacecloud.com/v1.0/12345"/>
</service>
</serviceCatalog>
</access> | Important |
|---|---|
The token's expiration time is formatted differently in the US and UK. |
Example 4.39. Authentication Response for US Endpoint: JSON
{
"access": {
"serviceCatalog": [
{
"endpoints": [
{
"publicURL": "https://ord.servers.api.rackspacecloud.com/v2/12345",
"region": "ORD",
"tenantId": "12345",
"versionId": "2",
"versionInfo": "https://ord.servers.api.rackspacecloud.com/v2",
"versionList": "https://ord.servers.api.rackspacecloud.com/"
},
{
"publicURL": "https://dfw.servers.api.rackspacecloud.com/v2/12345",
"region": "DFW",
"tenantId": "12345",
"versionId": "2",
"versionInfo": "https://dfw.servers.api.rackspacecloud.com/v2",
"versionList": "https://dfw.servers.api.rackspacecloud.com/"
}
],
"name": "cloudServersOpenStack",
"type": "compute"
},
{
"endpoints": [
{
"publicURL": "https://ord.databases.api.rackspacecloud.com/v1.0/12345",
"region": "ORD",
"tenantId": "12345"
},
{
"publicURL": "https://dfw.databases.api.rackspacecloud.com/v1.0/12345",
"region": "DFW",
"tenantId": "12345"
}
],
"name": "cloudDatabases",
"type": "rax:database"
},
{
"endpoints": [
{
"publicURL": "https://ord.loadbalancers.api.rackspacecloud.com/v1.0/12345",
"region": "ORD",
"tenantId": "645990"
},
{
"publicURL": "https://dfw.loadbalancers.api.rackspacecloud.com/v1.0/12345",
"region": "DFW",
"tenantId": "12345"
}
],
"name": "cloudLoadBalancers",
"type": "rax:load-balancer"
},
{
"endpoints": [
{
"publicURL": "https://cdn1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbb-cccc ",
"region": "DFW",
"tenantId": "MossoCloudFS_aaaa-bbbb-cccc "
},
{
"publicURL": "https://cdn2.clouddrive.com/v1/MossoCloudFS_aaaa-bbbb-cccc ",
"region": "ORD",
"tenantId": "MossoCloudFS_aaaa-bbbb-cccc "
}
],
"name": "cloudFilesCDN",
"type": "rax:object-cdn"
},
{
"endpoints": [
{
"publicURL": "https://dns.api.rackspacecloud.com/v1.0/12345",
"tenantId": "12345"
}
],
"name": "cloudDNS",
"type": "rax:dns"
},
{
"endpoints": [
{
"publicURL": "https://servers.api.rackspacecloud.com/v1.0/12345",
"tenantId": "12345",
"versionId": "1.0",
"versionInfo": "https://servers.api.rackspacecloud.com/v1.0",
"versionList": "https://servers.api.rackspacecloud.com/"
}
],
"name": "cloudServers",
"type": "compute"
},
{
"endpoints": [
{
"publicURL": "https://monitoring.api.rackspacecloud.com/v1.0/12345",
"tenantId": "12345"
}
],
"name": "cloudMonitoring",
"type": "rax:monitor"
},
{
"endpoints": [
{
"internalURL": "https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbb-cccc ",
"publicURL": "https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbb-cccc ",
"region": "DFW",
"tenantId": "MossoCloudFS_aaaa-bbbb-cccc"
},
{
"internalURL": "https://snet-storage101.ord1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbb-cccc ",
"publicURL": "https://storage101.ord1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbb-cccc ",
"region": "ORD",
"tenantId": "MossoCloudFS_aaaa-bbbb-cccc"
}
],
"name": "cloudFiles",
"type": "object-store"
}
],
"token": {
"expires": "2012-04-13T13:15:00.000-05:00",
"id": "aaaaa-bbbbb-ccccc-dddd"
},
"user": {
"RAX-AUTH:defaultRegion": "DFW",
"id": "161418",
"name": "demoauthor",
"roles": [
{
"description": "User Admin Role.",
"id": "3",
"name": "identity:user-admin"
}
]
}
}
} | Important |
|---|---|
The token's expiration time is formatted differently in the US and UK. |
Example 4.40. Authentication Response for UK Endpoint: JSON
{
"access": {
"serviceCatalog": [
{
"endpoints": [
{
"publicURL": "https://ord.servers.api.rackspacecloud.com/v2/12345",
"region": "ORD",
"tenantId": "12345",
"versionId": "2",
"versionInfo": "https://ord.servers.api.rackspacecloud.com/v2",
"versionList": "https://ord.servers.api.rackspacecloud.com/"
}
{
"publicURL": "https://dfw.servers.api.rackspacecloud.com/v2/12345",
"region": "DFW",
"tenantId": "12345",
"versionId": "2",
"versionInfo": "https://dfw.servers.api.rackspacecloud.com/v2",
"versionList": "https://dfw.servers.api.rackspacecloud.com/"
}
],
"name": "cloudServersOpenStack",
"type": "compute"
},
{
"endpoints": [
{
"publicURL": "https://ord.databases.api.rackspacecloud.com/v1.0/12345",
"region": "ORD",
"tenantId": "12345"
},
{
"publicURL": "https://dfw.databases.api.rackspacecloud.com/v1.0/12345",
"region": "DFW",
"tenantId": "12345"
}
],
"name": "cloudDatabases",
"type": "rax:database"
},
{
"endpoints": [
{
"publicURL": "https://ord.loadbalancers.api.rackspacecloud.com/v1.0/12345",
"region": "ORD",
"tenantId": "645990"
},
{
"publicURL": "https://dfw.loadbalancers.api.rackspacecloud.com/v1.0/12345",
"region": "DFW",
"tenantId": "12345"
}
],
"name": "cloudLoadBalancers",
"type": "rax:load-balancer"
},
{
"endpoints": [
{
"publicURL": "https://cdn1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbb-cccc ",
"region": "DFW",
"tenantId": "MossoCloudFS_aaaa-bbbb-cccc "
}
{
"publicURL": "https://cdn2.clouddrive.com/v1/MossoCloudFS_aaaa-bbbb-cccc ",
"region": "ORD",
"tenantId": "MossoCloudFS_aaaa-bbbb-cccc "
}
],
"name": "cloudFilesCDN",
"type": "rax:object-cdn"
},
{
"endpoints": [
{
"publicURL": "https://dns.api.rackspacecloud.com/v1.0/12345",
"tenantId": "12345"
}
],
"name": "cloudDNS",
"type": "rax:dns"
},
{
"endpoints": [
{
"publicURL": "https://servers.api.rackspacecloud.com/v1.0/12345",
"tenantId": "12345",
"versionId": "1.0",
"versionInfo": "https://servers.api.rackspacecloud.com/v1.0",
"versionList": "https://servers.api.rackspacecloud.com/"
}
],
"name": "cloudServers",
"type": "compute"
},
{
"endpoints": [
{
"publicURL": "https://monitoring.api.rackspacecloud.com/v1.0/12345",
"tenantId": "12345"
}
],
"name": "cloudMonitoring",
"type": "rax:monitor"
},
{
"endpoints": [
{
"internalURL": "https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbb-cccc ",
"publicURL": "https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbb-cccc ",
"region": "DFW",
"tenantId": "MossoCloudFS_aaaa-bbbb-cccc"
}
{
"internalURL": "https://snet-storage101.ord1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbb-cccc ",
"publicURL": "https://storage101.ord1.clouddrive.com/v1/MossoCloudFS_aaaa-bbbb-cccc ",
"region": "ORD",
"tenantId": "MossoCloudFS_aaaa-bbbb-cccc"
}
],
"name": "cloudFiles",
"type": "object-store"
}
],
"token": {
"expires": "2012-04-13T13:15:00.000Z",
"id": "aaaaa-bbbbb-ccccc-dddd"
},
"user": {
"RAX-AUTH:defaultRegion": "DFW",
"id": "161418",
"name": "demoauthor",
"roles": [
{
"description": "User Admin Role.",
"id": "3",
"name": "identity:user-admin"
}
]
}
}
}To see authentication requests and responses with annotations explaining key ideas, see the examples in the "General API Information" chapter's "Sample Authentication Request and Response" section.
