When a customer calls or chats with Rackspace Support, they must give a 6- digit Support PIN to the Interactive Voice Response (IVR) system or to the Support Racker to verify their identity. When a new user is created, a 6-digit numeric phone PIN is assigned to the user by default. The Support PIN cannot be deleted. However, a user can update their Support PIN by using the Update user information and password operation.

Update your own Support PIN

To update your own Support PIN, use the following operation:

Update user information and password

Retrieve your own Support PIN

To retrieve your own Support PIN, see the following operations:

Unlock your own Support PIN

To unlock your Support PIN, use the following operation:

Unlock the Support PIN

Reset the Support PIN of another user

To reset the Support PIN of another user, use the following operation:

Reset the Support PIN

Update user information and password

POST /v2.0/users/{userId}

This operation updates the user information for the account associated with the specified user id. Before you submit the update request, use the Get user by id operation to verify that the user name, email account, and status associated with userId match the account you want to update.

Only include those user data elements that you wish to modify in the request body. For example, if you only need to update the user’s email, for don’t include the other body parameters like id, enabled, or rax-auth:domainId.

ℹ️
Note

Users who hold the admin role can update users who hold the user role (identity:default) or the admin role > (identity:user-admin) for the same tenant.

Users with the identity:user-admin or identity:user-manage role can update user information for users within their domain and with the identity:default role

Administrators can change the default region for another user, but the new value must be one of the regions listed for a Cloud Compute endpoint in the service catalog.

Only the RAX-AUTH:contactId attribute can be updated for a federated user.

The RAX-AUTH:phonePin is only returned if the caller is updating their own user account and a Support PIN exists on the account.

Users with the identity:user-manage-limited can update any sub-users’ email and enabled status within their domain.

This table shows the possible response codes for this operation:

Response code	Name	Description
200	OK	The request has been fulfilled. The user has been updated.
400	Bad Request	The request is missing one or more elements, or the values of some elements are invalid.
401	Unauthorized	You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403	Forbidden	The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404	Not Found	The requested resource was not found.
405	Invalid Method	The method specified in the request is not valid for the resource identified in the request URI.
406	Not Acceptable	The server cannot send data in a format requested.
413	Over Limit	The number of items returned is above the allowed limit.
503	Service Fault	Service is not available.

Request

This table shows the header parameters for the request:

Name	Type	Description
X-Auth-Token	String (Required)	A valid authentication token.
{userId}	String (Required)	A user ID assigned by system when a user is added.

This table shows the URI parameters for the request:

Name	Type	Description
{userId}	String (Required)	A user ID assigned by system when a user is created.

This table shows the body parameters for the request:

Name	Type	Description
user	Object	A `user` object that specifies the user account information.
user.username	String (Optional)	The name to assign to the user.
user.email	String (Optional)	Email address for the user account.
user.enabled	String (Optional)	Indicates whether the user is enabled (true) or disabled (false). Users cannot update the `enabled` status on their own account.
user.RAX-AUTH:defaultRegion	String (Optional)	The default region that the user is assigned to. Must be one of the regions available in the service catalog.
user.RAX-AUTH:phonePin	String (Optional)	Specify a new Support PIN for the user account. Ensure that the value specified meets the following criteria: * Use six numeric digits (such as 871694). A Support PIN cannot include more than three repeating numbers. (444 is OK, but 4444 is not.) A Support PIN cannot include more than three sequential numbers. (234 is OK, but 2345 is not.)
user.OS-KSADM:password	String (Optional)	Specify a new password for the user account. Ensure that the value specified meets the following criteria: * Password must be at least 8 characters in length, must contain at least one uppercase letter, one lowercase letter, and one numeric character.
user.RAX-AUTH:contactId	String (Optional)	The core contact ID.

Example: Update user HTTP request header: XML

POST /v2.0/users/123456 HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Accept: application/xml  
Content-type: application/xml  
X-Auth-Token: eaf8345057414cd397d0543123456789

Example: Update user HTTP request header: JSON

POST /v2.0/users/123456 HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Accept: application/json  
Content-type: application/json  
X-Auth-Token: eaf8345057414cd397d0543123456789

Example: Update user request: XML

<?xml version="1.0" encoding="UTF-8"?>

<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      xmlns:ns2="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
      xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
      username="jqsmith"
      enabled="true"
      email="john.smith@example.org"
      RAX-AUTH:contactId="12345">  
</user>

Example: Update user request: JSON

{  
  "user": {  
    "username": "jqsmith",  
    "email": "john.smith@example.org",  
    "enabled": true,  
    "RAX-AUTH:contactId": "1234"  
  }  
}

Example: Update user password HTTP request header: XML

POST /v2.0/users/123456 HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Accept: application/xml  
Content-type: application/xml  
X-Auth-Token: eaf8345057414cd397d0543123456789

Example: Update user password HTTP request header: JSON

POST /v2.0/users/123456 HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Accept: application/xml  
Content-type: application/json  
X-Auth-Token: eaf8345057414cd397d0543123456789

Example: Update user password request: XML

<user username="abc123"
    ns1:password="ungu355ab13"
    xmlns:ns1="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
    xmlns:ns2="http://docs.openstack.org/identity/api/v2.0" />

Example: Update user password request: JSON

{  
    "user": {  
            "username": "abc123",  
            "OS-KSADM:password":"ungu355ab13"  
        }  
}

Response

Example: Update user information and password: XML response

<?xml version="1.0" encoding="UTF-8"?>

<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      xmlns:ns2="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
      xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
      id="123456" username="jqsmith"
      enabled="true"
      email="john.smith@example.org"
      RAX-AUTH:defaultRegion="DFW"
      RAX-AUTH:domainId="5830280"
      RAX-AUTH:phonePin="125897"
      RAX-AUTH:contactId="1234"
      RAX-AUTH:multiFactorEnabled="true" >  
</user>

Example: Update user information and password: JSON response

{  
  "user": {
      "id": "123456",
      "username": "jqsmith",
      "email": "john.smith@example.org",
      "enabled": true,
      "RAX-AUTH:defaultRegion":"DFW",
      "RAX-AUTH:domainId":"5830280",
      "RAX-AUTH:phonePin":"136983",
      "RAX-AUTH:multiFactorEnabled": true,
      "RAX-AUTH:contactId":"1234"
  }  
}

Validate token

GET /v2.0/tokens/{tokenId}

Use the Validate token operation to verify that the specified token is valid and owned by the specified tenant.

In the /tokens/{tokenId} path, valid tokens exist and invalid tokens do not. For application development, use the Validate token operation to make sure that the client submitting the Validate token request can handle an ItemNotFound (404) error for an invalid token.

If the operation is successful, rerun the tenant credentials to return the permissions relevant to a particular client.

Any user can validate their own token. Identity user account administrators and Rackspace administrators can validate the token for any account user.

The validation response includes information about the user associated with the token being validated. The RAX-AUTH:phonePin attribute is only returned if the provided X-Auth-Token matches the token to validate, and the associated user has a Support PIN. The RAX-AUTH:phonePinState is returned for all valid requests.

This table shows the possible response codes for this operation:

Response Code	Name	Description
200	OK	The operation completed successfully.
400	Bad Request	The request is missing one or more elements, or the values of some elements are invalid.
401	Unauthorized	You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403	Forbidden	The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404	Not Found	The requested resource was not found.
405	Invalid Method	The method specified in the request is not valid for the resource identified in the request URI.
413	Over Limit	The number of items returned is above the allowed limit.
503	Service Fault	Service is not available.

Request

This table shows the header parameters for the request:

Name	Type	Description
X-Auth-Token	Header String (Required)	A valid admin authentication token.

This table shows the URI parameters for the request:

Name	Type	Description
{tokenId}	String	The authentication token to validate.

This table shows the query parameters for the request:

Name	Type	Description
belongsTo	String (Optional)	Validate that a token has the specified tenant in scope.
apply_rcn_roles	Boolean (Optional)	“When true, include any roles to which the user has access due to RCN roles. Defaults to false.”
include_accessible_domains	Boolean (Optional)	When true, returns a list of domains that a user has access to. The list is returned on the user object of the authentication response. Defaults to false.

This operation does not accept a request body.

Response

Example: Validate token: XML response

<?xml version="1.0" encoding="UTF-8"?>
<access
  xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
  xmlns="http://docs.openstack.org/identity/api/v2.0">  
  <token id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx "
    expires="2010-11-01T03:32:15-05:00">  
    <tenant id="345" name="My Project" />  
  </token>  
  <user
    xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
    id="123" username="testuser" rax-auth:defaultRegion="DFW">  
    <roles xmlns="[http://docs.openstack.org/identity/api/v2.0">]();  
      <role id="123" name="compute:admin" />  
      <role id="234" name="object-store:admin" />  
    </roles>  
  </user>  
</access>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<access
  xmlns="http://docs.openstack.org/identity/api/v2.0"
  xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
  xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
  xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
  xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
  xmlns:atom="http://www.w3.org/2005/Atom"
  xmlns:ns7="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
  xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0">  
  <token expires="2015-06-28T01:34:29.300Z" id="cd45ad90d8034a1b8d75aa0efa89060b">  
    <tenant name="5830280" id="5830280"/>  
    \<rax-auth:authenticatedBy>  
      \<rax-auth:credential>APIKEY\</rax-auth:credential>  
    \</rax-auth:authenticatedBy>  
  </token>  
  <user rax-auth:phonePin="914737" rax-auth:defaultRegion="SYD" name="maeker12" id="92bb036af5b0467198cded345597f6b4">  
    <roles>  
      <role rax-auth:propagate="false" serviceId="bde1268ebabeeabb70a0e702a4626977c331d5c4" description="Cloud Networks" name="CloudNetworks-Security-Groups" id="88"/>  
      <role rax-auth:propagate="true" tenantId="5830280" serviceId="a45b14e394a57e3fd4e45d59ff3693ead204998b" description="A Role that allows a user access to keystone Service methods" name="compute:default" id="684"/>  
      <role rax-auth:propagate="false" serviceId="bde1268ebabeeabb70a0e702a4626977c331d5c4" description="Default Role." name="identity:default" id="2"/>  
      <role rax-auth:propagate="false" serviceId="bde1268ebabeeabb70a0e702a4626977c331d5c4" description="Admin role for access to all capabilities for all products" name="admin" id="10015034"/>  
    </roles>  
  </user>  
</access>

Example: Validate token: JSON response

{  
    "access": {  
        "token": {  
            "id": "cd45ad90d8034a1b8d75aa0efa123456",  
            "expires": "2015-06-28T01:34:29.300Z",  
            "tenant": {  
                "id": "5830345",  
                "name": "5830345"  
            },  
            "RAX-AUTH:authenticatedBy": [  
                "APIKEY"  
            ]  
        },  
        "user": {  
            "id": "92bb036af5b0467198cded3455123456",  
            "roles": [  
                {  
                    "id": "88",  
                    "serviceId": "bde1268ebabeeabb70a0e702a4626977c331d5c4",  
                    "description": "Cloud Networks",  
                    "name": "CloudNetworks-Security-Groups"  
                },  
                {  
                    "tenantId": "5830345",  
                    "id": "684",  
                    "serviceId": "a45b14e394a57e3fd4e45d59ff3693ead204998b",  
                    "description": "A Role that allows a user access to keystone Service methods",  
                    "name": "compute:default"  
                },  
                {  
                    "id": "2",  
                    "serviceId": "bde1268ebabeeabb70a0e702a4626977c331d5c4",  
                    "description": "Default Role.",  
                    "name": "identity:default"  
                },  
                {  
                    "id": "10015034",  
                    "serviceId": "bde1268ebabeeabb70a0e702a4626977c331d5c4",  
                    "description": "Admin role for access to all capabilities for all products",  
                    "name": "admin"  
                }  
            ],  
            "name": "accountUserName",  
            "RAX-AUTH:defaultRegion": "SYD",  
            "RAX-AUTH:phonePin": "653161",  
            "RAX-AUTH:phonePinState": "ACTIVE"  
        }  
    }  
}

Example: Validate token for impersonation response: JSON

{  
  "access":{  
      "token":{  
          "id":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",  
          "expires":"2010-11-01T03:32:15-05:00",  
          "tenant":{  
              "id": "yourTenantID",  
              "name": "My Project"  
           }  
       },
  "user":{
      "id":"123",
      "name":"yourUsername",
      "roles":[{
                 "id":"123",
                 "name":"compute:admin"
               },
               {
                 "id":"234",
                 "name":"object-store:admin",
               }
       ]
   },

   "RAX-AUTH:impersonator":{
        "id":"567",
        "name":"impersonator.username",
        "roles":[{
                   "id":"123",
                   "name":"Racker"
                 },
                 {
                    "id":"234",
                    "name":"object-store:admin",
                 }
       ]
   }
  }  
}

Example: Validate Token for Impersonation Response: XML

<?xml version="1.0" encoding="UTF-8"?>

<access xmlns="http://docs.openstack.org/identity/api/v2.0"
    xmlns:RAX-AUTH="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0">  
    <token id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
        expires="2010-11-01T03:32:15-05:00">  
        <tenant id="yourTenantID"
            name="My Project" />  
    </token>  
    <user id="123"
        username="yourUserName">  
        <roles xmlns="[http://docs.openstack.org/identity/api/v2.0">]();  
            <role id="123" name="compute:admin" />  
            <role id="234" name="object-store:admin" />  
        </roles>  
    </user>  
    \<RAX-AUTH:impersonator id="567"  
        username="impersonator.UserName">  
        <roles xmlns="[http://docs.openstack.org/identity/api/v2.0">]();  
            <role id="123" name="Racker" />  
            <role id="234" name="object-store:admin" />  
        </roles>  
    \</RAX-AUTH:impersonator>  
</access>

Example: Validate token for Racker response: JSON

{  
  "access": {  
    "token": {  
      "expires": "2013-10-26T14:34:02.255Z",  
      "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"  
    },  
    "user": {  
      "RAX-AUTH:defaultRegion": "",  
      "roles": [  
        {  
          "name": "Racker",  
          "description": "Defines a user as being a Racker",  
          "id": "9",  
          "serviceId": "18e7a7032733486cd32f472d7bd58f709ac0d221"  
        }  
      ],  
      "id": "userId"  
    }  
  }  
}

Example: Validate token for Racker response: XML

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<access xmlns="http://docs.openstack.org/identity/api/v2.0"
    xmlns:ns2="http://www.w3.org/2005/Atom"
    xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
    xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
    xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
    xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
    xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0">  
    <token id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
        expires="2013-11-26T18:08:51.146Z"/>  
    <user id="racerSSOUsername">  
        <roles>  
            <role id="9" name="Racker"
                description="Defines a user as being a Racker"
                serviceId="18e7a7032733486cd32f472d7bd58f709ac0d221"/>  
            <role name="dl_RackUSA"/>  
            <role name="dl_RackGlobal"/>  
            <role name="dl_cloudblock"/>  
            <role name="dl_US Managers"/>  
            <role name="DL_USManagers"/>  
        </roles>  
    </user>  
</access>

Get user by id

GET /v2.0/users/{userId}

This operation returns the following detailed account information for a specific user, by user id: email address, user name, user id, status, default region, and domain id.

ℹ️
Note
If this request is issued by a user holding the admin role (identity:user-admin), the specific user’s information is returned only if that user is associated with the same tenant as the requester’s user-admin token.
If this request is issued by a user holding the user role (identity:default), the response only includes the user account information for the user who submitted the request.
The user’s Support PIN is only returned if the caller is retrieving their own user account.

This table shows the possible response codes for this operation:

Response Code	Name	Description
200	OK	The operation completed successfully.
400	Bad Request	The request is missing one or more elements, or the values of some elements are invalid.
401	Unauthorized	You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403	Forbidden	The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404	Not Found	The requested resource was not found.
405	Invalid Method	The method specified in the request is not valid for the resource identified in the request URI.
413	Over Limit	The number of items returned is above the allowed limit.
503	Service Fault	Service is not available.

Request

This table shows the header and URI parameters for the request:

Name	Type	Description
X-Auth-Token	Header String (Required)	A valid admin authentication token.
{userId}	URI String (Required)	A user ID assigned by system when user is added.

This operation does not accept a request body.

Response

This table shows the body parameters for the response:

Name	Type	Description
users	Object (Required)	Returns the collection of users who match the specification in the List user API request.
users.user	Object (Required)	A user object that provides user account information.
user.RAX-AUTH:defaultRegion	String (Optional)	The default region that the user is assigned to. Must be one of the regions available in the service catalog.
user.RAX-AUTH:domainId	String (Optional)	The ID for the domain that the user account has been assigned to.
user.RAX-AUTH:phonePin	String (Optional)	A user’s Support PIN.
user.RAX-AUTH:phonePinState	String (Required)	The Support PIN state. `INACTIVE` The user does not have a Support PIN. `LOCKED` The user has a Support PIN, but the PIN has been locked due to excessive failed verification attempts. The user must unlock the pin before PIN verifications can occur. * `ACTIVE` The user has a Support PIN against which verifications can be performed.
user.RAX-AUTH:multiFactorEnabled	Boolean (Optional)	If an account has been configured to use multi-factor authentication, this field indicates if multi-factor authentication is currently enabled or disabled.
user.RAX-AUTH:multiFactorState	String (Optional)	This extended attribute indicates if a multi-factor-enabled user account is locked as a result of failed authentication attempts. If the account has been locked at any point, the value is either `LOCKED` or `ACTIVE`. User administrators can use the update multi-factor authentication settings on account operation to restore access to a locked account.
user.RAX-AUTH:userMultiFactorEnforcementLevel	String (Optional)	If present, this extended attribute specifies the multi-factor authentication enforcement policy that applies to the specified account. `REQUIRED` The user must use multi-factor authentication to log in to their Rackspace Cloud account. `OPTIONAL.` The user has the option to authenticate using multi-factor authentication. * `DEFAULT.` The user multi-factor authentication requirements are determined by the domain level enforcement setting for multi-factor authentication.
user.RAX-AUTH:contactId	String (Optional)	The core contact ID.
user.RAX-AUTH:passwordExpiration	String (Optional)	If present, this extended attribute specifies the time when the user’s current password will expire.

Example: Get user by ID HTTP response header: XML

HTTP/1.1 200 OK  
Content-Type: application/xml

Example: Get user by ID: XML response

<?xml version="1.0" encoding="UTF-8"?>

<user
      xmlns="http://docs.openstack.org/identity/api/v2.0"
      xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
      xmlns:atom="http://www.w3.org/2005/Atom"
      xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
      xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
      xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
      xmlns:ns7="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
      xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
      rax-auth:contactId="1234"
      rax-auth:domainId="5830280"
      rax-auth:defaultRegion="DFW"
      rax-auth:multiFactorEnabled="true"
      rax-auth:multiFactorState="ACTIVE"
      rax-auth:userMultiFactorEnforcementLevel="OPTIONAL"
      rax-auth:passwordExpiration="2018-02-09T13:39:53.685-06:00"
      id="123456"
      username="jqsmith"
      email="john.smith@example.org"
      enabled="true"/>

Example: Get user by ID HTTP response header: JSON

HTTP/1.1 200 OK  
Content-Type: application/json

Example: Get user by ID response: JSON

{  
  "user":  
    {  
      "rax-auth:contactId":"1234"  
      "rax-auth:domainId":"5830280"  
      "id": "123456",  
      "enabled": true,  
      "username": "jqsmith",  
      "email": "john.smith@example.org",  
      "rax-auth:defaultRegion":"DFW",  
      "rax-auth:phonePin":"914737",  
      "rax-auth:phonePinState": "ACTIVE",  
      "rax-auth:multiFactorEnabled":"true",  
      "rax-auth:multiFactorState":"ACTIVE",  
      "rax-auth:userMultiFactorEnforcementLevel":"OPTIONAL"  
      "rax-auth:passwordExpiration":"2018-02-09T13:39:53.685-06:00"  
    }  
}

Authenticate as tenant with token

POST /v2.0/tokens

Identity user administrators can use this operation to authenticate by using a tenant ID or tenant name and a valid token.

Submit the POST token authentication request to the Identity service endpoint URL with a payload of credentials. Use either of the following credentials in the request.

tenantName and token or
tenantId and token

If the request includes both the name and ID, the server returns a 400 Bad Request error.

Important

If you authenticate as a tenant, the Service Catalog returned includes only endpoints for the Rackspace Cloud services authorized for that tenant. The exception to this rule is if you specify the mosso (cloud) tenant for which the full service catalog is still returned.

This table shows the possible response codes for this operation:

Response Code	Name	Description
200	OK	Success. The tenant is authenticated.
400	Bad Request	Missing required parameters. This error also occurs if you include both the tenant name and ID in the request.
401	Unauthorized	You provided invalid credentials.
404	Not Found	The requested resource was not found. The token has expired or is no longer available. Use the POST token request to get a new token.
500	Service Fault	Service is not available.

Request

This table shows the query parameters for the request:

Name	Type	Description
apply_rcn_roles	Boolean (Optional)	When true, include any roles and endpoints to which the user has access due to RCN roles. Defaults to false.

This table shows the body parameters for the request:

Name	Type	Description
tenantName	String (Optional)	Specify the name of the tenant. If you use this value in the request, do not include the tenant ID.
tenantId	UUID (Optional)	Specify the unique ID for the tenant account. If you use this value in the request, do not include the tenant name.
token	String (Required)	A `token` object that provides a validated token id for the specified tenant. Required to authenticate as a tenant.

Example: Authenticate as tenant with token: XML request

<?xml version="1.0" encoding="UTF-8"?>

<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns="http://docs.openstack.org/identity/api/v2.0"
 tenantId="1100111">  
 <token id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />  
</auth>

**Example: Authenticate as tenant with token request: JSON**

{  
    "auth": {  
        "tenantId": "1100111",  
        "token": {  
            "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"  
        }  
    }  
}

Response

This table shows the body parameters for the response:

Name	Type	Description
access	String (Required)	An `access` object that returns token, user, and service information upon successful authentication.
token	String (Required)	The token object supplies a scoped authentication token that can be used to access Rackspace services for the specified tenant.
user	String (Required)	A user object that returns the following information about the user, if available for the account: id, name, assigned roles, default region, and domain.
serviceCatalog	String (Required)	The service catalog provides information about each service available to the authenticated user along with the service endpoints for API requests.
RAX-AUTH:phonePin	String (Required)	A six digit PIN that allows a user to confirm their identity to a Support Racker when they call Rackspace to get help with their account or accounts.
RAX-AUTH:phonePinState	String (Required)	The Support PIN state. `INACTIVE` The user does not have a Support PIN. `LOCKED` The user has a Support PIN, but the PIN has been locked due to excessive failed verification attempts. The user must unlock the PIN before PIN verifications can occur. * `ACTIVE` The user has a Support PIN against which verifications can be performed.

Example: Authenticate as tenant with token response XML

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access
    xmlns:atom="http://www.w3.org/2005/Atom"
    xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
    xmlns="http://docs.openstack.org/identity/api/v2.0"
    xmlns:ns4="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
    xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
    xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
    xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
    xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0">  
    <token id="d74f592f986e4d6e995853ccf01d25fe" expires="2015-06-05T16:24:57.637Z">  
        <tenant id="123456" name="123456"/>  
        \<rax-auth:authenticatedBy>  
            \<rax-auth:credential>APIKEY\</rax-auth:credential>  
        \</rax-auth:authenticatedBy>  
    </token>  
    <user id="172157" name="yourUserName" rax-auth:defaultRegion="DFW" rax-auth:domainId="123456">  
        <roles>  
            <role id="10000150" name="checkmate" description="Checkmate Access role" rax-auth:propagate="false"/>  
            <role id="5" name="object-store:default" description="A Role that allows a user access to keystone Service methods"
                tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f" rax-auth:propagate="true"/>  
            <role id="6" name="compute:default" description="A Role that allows a user access to keystone Service methods"
                tenantId="123456" rax-auth:propagate="true"/>  
            <role id="3" name="identity:user-admin" description="User Admin Role." rax-auth:propagate="false"/>  
        </roles>  
    </user>  
    <serviceCatalog>  
        <service type="volume" name="cloudBlockStorage">  
            <endpoint region="SYD" tenantId="123456" publicURL="[https://syd.blockstorage.api.rackspacecloud.com/v1/123456"/>]();  
            <endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.blockstorage.api.rackspacecloud.com/v1/123456"/>]();  
            <endpoint region="IAD" tenantId="123456" publicURL="[https://iad.blockstorage.api.rackspacecloud.com/v1/123456"/>]();  
            <endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.blockstorage.api.rackspacecloud.com/v1/123456"/>]();  
        </service>  
        <service type="image" name="cloudImages">  
            <endpoint region="IAD" tenantId="123456" publicURL="[https://iad.images.api.rackspacecloud.com/v2"/>]();  
            <endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.images.api.rackspacecloud.com/v2"/>]();  
            <endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.images.api.rackspacecloud.com/v2"/>]();  
            <endpoint region="SYD" tenantId="123456" publicURL="[https://syd.images.api.rackspacecloud.com/v2"/>]();  
        </service>  
        <service type="rax:queues" name="cloudQueues">  
            <endpoint region="HKG" tenantId="123456" publicURL="https://hkg.queues.api.rackspacecloud.com/v1/123456"
                internalURL="https://snet-hkg.queues.api.rackspacecloud.com/v1/123456"/>  
            <endpoint region="SYD" tenantId="123456" publicURL="https://syd.queues.api.rackspacecloud.com/v1/123456"
                internalURL="https://snet-syd.queues.api.rackspacecloud.com/v1/123456"/>  
            <endpoint region="DFW" tenantId="123456" publicURL="https://dfw.queues.api.rackspacecloud.com/v1/123456"
                internalURL="https://snet-dfw.queues.api.rackspacecloud.com/v1/123456"/>  
            <endpoint region="IAD" tenantId="123456" publicURL="https://iad.queues.api.rackspacecloud.com/v1/123456"
                internalURL="https://snet-iad.queues.api.rackspacecloud.com/v1/123456"/>  
        </service>  
        <service type="rax:bigdata" name="cloudBigData">  
            <endpoint region="IAD" tenantId="123456" publicURL="[https://iad.bigdata.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.bigdata.api.rackspacecloud.com/v1.0/123456"/>]();  
        </service>  
        <service type="orchestration" name="cloudOrchestration">  
            <endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.orchestration.api.rackspacecloud.com/v1/123456"/>]();  
            <endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.orchestration.api.rackspacecloud.com/v1/123456"/>]();  
            <endpoint region="IAD" tenantId="123456" publicURL="[https://iad.orchestration.api.rackspacecloud.com/v1/123456"/>]();  
            <endpoint region="SYD" tenantId="123456" publicURL="[https://syd.orchestration.api.rackspacecloud.com/v1/123456"/>]();  
        </service>  
        <service type="compute" name="cloudServersOpenStack">  
            <endpoint region="SYD" tenantId="123456" publicURL="[https://syd.servers.api.rackspacecloud.com/v2/123456">]();  
                <version id="2" info="[https://syd.servers.api.rackspacecloud.com/v2]()" list="[https://syd.servers.api.rackspacecloud.com/"/>]();  
            </endpoint>  
            <endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.servers.api.rackspacecloud.com/v2/123456">]();  
                <version id="2" info="[https://dfw.servers.api.rackspacecloud.com/v2]()" list="[https://dfw.servers.api.rackspacecloud.com/"/>]();  
            </endpoint>  
            <endpoint region="IAD" tenantId="123456" publicURL="[https://iad.servers.api.rackspacecloud.com/v2/123456">]();  
                <version id="2" info="[https://iad.servers.api.rackspacecloud.com/v2]()" list="[https://iad.servers.api.rackspacecloud.com/"/>]();  
            </endpoint>  
            <endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.servers.api.rackspacecloud.com/v2/123456">]();  
                <version id="2" info="[https://hkg.servers.api.rackspacecloud.com/v2]()" list="[https://hkg.servers.api.rackspacecloud.com/"/>]();  
            </endpoint>  
        </service>  
        <service type="rax:autoscale" name="autoscale">  
            <endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.autoscale.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.autoscale.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="IAD" tenantId="123456" publicURL="[https://iad.autoscale.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="SYD" tenantId="123456" publicURL="[https://syd.autoscale.api.rackspacecloud.com/v1.0/123456"/>]();  
        </service>  
        <service type="rax:database" name="cloudDatabases">  
            <endpoint region="SYD" tenantId="123456" publicURL="[https://syd.databases.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.databases.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="IAD" tenantId="123456" publicURL="[https://iad.databases.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.databases.api.rackspacecloud.com/v1.0/123456"/>]();  
        </service>  
        <service type="rax:backup" name="cloudBackup">  
            <endpoint region="IAD" tenantId="123456" publicURL="[https://iad.backup.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.backup.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="SYD" tenantId="123456" publicURL="[https://syd.backup.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.backup.api.rackspacecloud.com/v1.0/123456"/>]();  
        </service>  
        <service type="network" name="cloudNetworks">  
            <endpoint region="IAD" tenantId="123456" publicURL="[https://iad.networks.api.rackspacecloud.com/v2.0"/>]();  
            <endpoint region="LON" tenantId="123456" publicURL="[https://lon.networks.api.rackspacecloud.com/v2.0"/>]();  
            <endpoint region="SYD" tenantId="123456" publicURL="[https://syd.networks.api.rackspacecloud.com/v2.0"/>]();  
            <endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.networks.api.rackspacecloud.com/v2.0"/>]();  
            <endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.networks.api.rackspacecloud.com/v2.0"/>]();  
        </service>  
        <service type="rax:cloudmetrics" name="cloudMetrics">  
            <endpoint region="IAD" tenantId="123456" publicURL="[https://global.metrics.api.rackspacecloud.com/v2.0/123456"/>]();  
        </service>  
        <service type="rax:load-balancer" name="cloudLoadBalancers">  
            <endpoint region="SYD" tenantId="123456" publicURL="[https://syd.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="IAD" tenantId="123456" publicURL="[https://iad.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>]();  
            <endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>]();  
        </service>  
        <service type="rax:feeds" name="cloudFeeds">  
            <endpoint region="HKG" tenantId="123456" publicURL="https://hkg.feeds.api.rackspacecloud.com/123456"
                internalURL="https://atom.prod.hkg1.us.ci.rackspace.net/123456"/>  
            <endpoint region="SYD" tenantId="123456" publicURL="https://syd.feeds.api.rackspacecloud.com/123456"
                internalURL="https://atom.prod.syd2.us.ci.rackspace.net/123456"/>  
            <endpoint region="IAD" tenantId="123456" publicURL="https://iad.feeds.api.rackspacecloud.com/123456"
                internalURL="https://atom.prod.iad3.us.ci.rackspace.net/123456"/>  
            <endpoint region="DFW" tenantId="123456" publicURL="https://dfw.feeds.api.rackspacecloud.com/123456"
                internalURL="https://atom.prod.dfw1.us.ci.rackspace.net/123456"/>  
        </service>  
        <service type="rax:monitor" name="cloudMonitoring">  
            <endpoint tenantId="123456" publicURL="[https://monitoring.api.rackspacecloud.com/v1.0/123456"/>]();  
        </service>  
        <service type="rax:dns" name="cloudDNS">  
            <endpoint tenantId="123456" publicURL="[https://dns.api.rackspacecloud.com/v1.0/123456"/>]();  
        </service>  
        <service type="compute" name="cloudServers">  
            <endpoint tenantId="123456" publicURL="[https://servers.api.rackspacecloud.com/v1.0/123456">]();  
                <version id="1.0" info="[https://servers.api.rackspacecloud.com/v1.0]()" list="[https://servers.api.rackspacecloud.com/"/>]();  
            </endpoint>  
        </service>  
        <service type="rax:cdn" name="rackCDN">  
            <endpoint region="DFW" tenantId="123456" publicURL="https://global.cdn.api.rackspacecloud.com/v1.0/123456"
                internalURL="https://global.cdn.api.rackspacecloud.com/v1.0/123456"/>  
        </service>  
        <service type="rax:object-cdn" name="cloudFilesCDN">  
            <endpoint region="DFW" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
                publicURL="https://cdn1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>  
            <endpoint region="SYD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
                publicURL="https://cdn4.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>  
            <endpoint region="HKG" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
                publicURL="https://cdn6.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>  
            <endpoint region="IAD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
                publicURL="https://cdn5.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>  
        </service>  
        <service type="object-store" name="cloudFiles">  
            <endpoint region="DFW" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
                publicURL="https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
                internalURL="https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>  
            <endpoint region="SYD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
                publicURL="https://storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
                internalURL="https://snet-storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>  
            <endpoint region="IAD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
                publicURL="https://storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
                internalURL="https://snet-storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>  
            <endpoint region="HKG" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
                publicURL="https://storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
                internalURL="https://snet-storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>  
        </service>  
    </serviceCatalog>  
</access>

Example: Authenticate as tenant with token response JSON

{  
    "access": {  
        "token": {  
            "id": "d74f592f986e4d6e995853ccf0123456",  
            "expires": "2015-06-05T16:24:57.637Z",  
            "tenant": {  
                "id": "123456",  
                "name": "123456"  
            },  
            "RAX-AUTH:authenticatedBy": [  
                "APIKEY"  
            ]  
        },  
        "serviceCatalog": [  
            {  
                "name": "cloudBlockStorage",  
                "endpoints": [  
                    {  
                        "region": "SYD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://syd.blockstorage.api.rackspacecloud.com/v1/123456>"  
                    },  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://dfw.blockstorage.api.rackspacecloud.com/v1/123456>"  
                    },  
                    {  
                        "region": "IAD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://iad.blockstorage.api.rackspacecloud.com/v1/123456>"  
                    },  
                    {  
                        "region": "HKG",  
                        "tenantId": "123456",  
                        "publicURL": "<https://hkg.blockstorage.api.rackspacecloud.com/v1/123456>"  
                    }  
                ],  
                "type": "volume"  
            },  
            {  
                "name": "cloudImages",  
                "endpoints": [  
                    {  
                        "region": "IAD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://iad.images.api.rackspacecloud.com/v2>"  
                    },  
                    {  
                        "region": "HKG",  
                        "tenantId": "123456",  
                        "publicURL": "<https://hkg.images.api.rackspacecloud.com/v2>"  
                    },  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://dfw.images.api.rackspacecloud.com/v2>"  
                    },  
                    {  
                        "region": "SYD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://syd.images.api.rackspacecloud.com/v2>"  
                    }  
                ],  
                "type": "image"  
            },  
            {  
                "name": "cloudQueues",  
                "endpoints": [  
                    {  
                        "region": "HKG",  
                        "tenantId": "123456",  
                        "publicURL": "<https://hkg.queues.api.rackspacecloud.com/v1/123456">,  
                        "internalURL": "<https://snet-hkg.queues.api.rackspacecloud.com/v1/123456>"  
                    },  
                    {  
                        "region": "SYD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://syd.queues.api.rackspacecloud.com/v1/123456">,  
                        "internalURL": "<https://snet-syd.queues.api.rackspacecloud.com/v1/123456>"  
                    },  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://dfw.queues.api.rackspacecloud.com/v1/123456">,  
                        "internalURL": "<https://snet-dfw.queues.api.rackspacecloud.com/v1/123456>"  
                    },  
                    {  
                        "region": "IAD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://iad.queues.api.rackspacecloud.com/v1/123456">,  
                        "internalURL": "<https://snet-iad.queues.api.rackspacecloud.com/v1/123456>"  
                    }  
                ],  
                "type": "rax:queues"  
            },  
            {  
                "name": "cloudBigData",  
                "endpoints": [  
                    {  
                        "region": "IAD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://iad.bigdata.api.rackspacecloud.com/v1.0/123456>"  
                    },  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://dfw.bigdata.api.rackspacecloud.com/v1.0/123456>"  
                    }  
                ],  
                "type": "rax:bigdata"  
            },  
            {  
                "name": "cloudOrchestration",  
                "endpoints": [  
                    {  
                        "region": "HKG",  
                        "tenantId": "123456",  
                        "publicURL": "<https://hkg.orchestration.api.rackspacecloud.com/v1/123456>"  
                    },  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://dfw.orchestration.api.rackspacecloud.com/v1/123456>"  
                    },  
                    {  
                        "region": "IAD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://iad.orchestration.api.rackspacecloud.com/v1/123456>"  
                    },  
                    {  
                        "region": "SYD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://syd.orchestration.api.rackspacecloud.com/v1/123456>"  
                    }  
                ],  
                "type": "orchestration"  
            },  
            {  
                "name": "cloudServersOpenStack",  
                "endpoints": [  
                    {  
                        "region": "SYD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://syd.servers.api.rackspacecloud.com/v2/123456">,  
                        "versionInfo": "<https://syd.servers.api.rackspacecloud.com/v2">,  
                        "versionList": "<https://syd.servers.api.rackspacecloud.com/">,  
                        "versionId": "2"  
                    },  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://dfw.servers.api.rackspacecloud.com/v2/123456">,  
                        "versionInfo": "<https://dfw.servers.api.rackspacecloud.com/v2">,  
                        "versionList": "<https://dfw.servers.api.rackspacecloud.com/">,  
                        "versionId": "2"  
                    },  
                    {  
                        "region": "IAD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://iad.servers.api.rackspacecloud.com/v2/123456">,  
                        "versionInfo": "<https://iad.servers.api.rackspacecloud.com/v2">,  
                        "versionList": "<https://iad.servers.api.rackspacecloud.com/">,  
                        "versionId": "2"  
                    },  
                    {  
                        "region": "HKG",  
                        "tenantId": "123456",  
                        "publicURL": "<https://hkg.servers.api.rackspacecloud.com/v2/123456">,  
                        "versionInfo": "<https://hkg.servers.api.rackspacecloud.com/v2">,  
                        "versionList": "<https://hkg.servers.api.rackspacecloud.com/">,  
                        "versionId": "2"  
                    }  
                ],  
                "type": "compute"  
            },  
            {  
                "name": "autoscale",  
                "endpoints": [  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://dfw.autoscale.api.rackspacecloud.com/v1.0/123456>"  
                    },  
                    {  
                        "region": "HKG",  
                        "tenantId": "123456",  
                        "publicURL": "<https://hkg.autoscale.api.rackspacecloud.com/v1.0/123456>"  
                    },  
                    {  
                        "region": "IAD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://iad.autoscale.api.rackspacecloud.com/v1.0/123456>"  
                    },  
                    {  
                        "region": "SYD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://syd.autoscale.api.rackspacecloud.com/v1.0/123456>"  
                    }  
                ],  
                "type": "rax:autoscale"  
            },  
            {  
                "name": "cloudDatabases",  
                "endpoints": [  
                    {  
                        "region": "SYD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://syd.databases.api.rackspacecloud.com/v1.0/123456>"  
                    },  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://dfw.databases.api.rackspacecloud.com/v1.0/123456>"  
                    },  
                    {  
                        "region": "HKG",  
                        "tenantId": "123456",  
                        "publicURL": "<https://hkg.databases.api.rackspacecloud.com/v1.0/123456>"  
                    }  
                ],  
                "type": "rax:database"  
            },  
            {  
                "name": "cloudBackup",  
                "endpoints": [  
                    {  
                        "region": "IAD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://iad.backup.api.rackspacecloud.com/v1.0/123456>"  
                    },  
                    {  
                        "region": "HKG",  
                        "tenantId": "123456",  
                        "publicURL": "<https://hkg.backup.api.rackspacecloud.com/v1.0/123456>"  
                    },  
                    {  
                        "region": "SYD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://syd.backup.api.rackspacecloud.com/v1.0/123456>"  
                    },  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://dfw.backup.api.rackspacecloud.com/v1.0/123456>"  
                    }  
                ],  
                "type": "rax:backup"  
            },  
            {  
                "name": "cloudNetworks",  
                "endpoints": [  
                    {  
                        "region": "IAD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://iad.networks.api.rackspacecloud.com/v2.0>"  
                    },  
                    {  
                        "region": "LON",  
                        "tenantId": "123456",  
                        "publicURL": "<https://lon.networks.api.rackspacecloud.com/v2.0>"  
                    },  
                    {  
                        "region": "SYD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://syd.networks.api.rackspacecloud.com/v2.0>"  
                    },  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://dfw.networks.api.rackspacecloud.com/v2.0>"  
                    },  
                    {  
                        "region": "HKG",  
                        "tenantId": "123456",  
                        "publicURL": "<https://hkg.networks.api.rackspacecloud.com/v2.0>"  
                    }  
                ],  
                "type": "network"  
            },  
            {  
                "name": "cloudMetrics",  
                "endpoints": [  
                    {  
                        "region": "IAD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://global.metrics.api.rackspacecloud.com/v2.0/123456>"  
                    }  
                ],  
                "type": "rax:cloudmetrics"  
            },  
            {  
                "name": "cloudLoadBalancers",  
                "endpoints": [  
                    {  
                        "region": "SYD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://syd.loadbalancers.api.rackspacecloud.com/v1.0/123456>"  
                    },  
                    {  
                        "region": "IAD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://iad.loadbalancers.api.rackspacecloud.com/v1.0/123456>"  
                    },  
                    {  
                        "region": "HKG",  
                        "tenantId": "123456",  
                        "publicURL": "<https://hkg.loadbalancers.api.rackspacecloud.com/v1.0/123456>"  
                    },  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://dfw.loadbalancers.api.rackspacecloud.com/v1.0/123456>"  
                    }  
                ],  
                "type": "rax:load-balancer"  
            },  
            {  
                "name": "cloudFeeds",  
                "endpoints": [  
                    {  
                        "region": "HKG",  
                        "tenantId": "123456",  
                        "publicURL": "<https://hkg.feeds.api.rackspacecloud.com/123456">,  
                        "internalURL": "<https://atom.prod.hkg1.us.ci.rackspace.net/123456>"  
                    },  
                    {  
                        "region": "SYD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://syd.feeds.api.rackspacecloud.com/123456">,  
                        "internalURL": "<https://atom.prod.syd2.us.ci.rackspace.net/123456>"  
                    },  
                    {  
                        "region": "IAD",  
                        "tenantId": "123456",  
                        "publicURL": "<https://iad.feeds.api.rackspacecloud.com/123456">,  
                        "internalURL": "<https://atom.prod.iad3.us.ci.rackspace.net/123456>"  
                    },  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://dfw.feeds.api.rackspacecloud.com/123456">,  
                        "internalURL": "<https://atom.prod.dfw1.us.ci.rackspace.net/123456>"  
                    }  
                ],  
                "type": "rax:feeds"  
            },  
            {  
                "name": "cloudMonitoring",  
                "endpoints": [  
                    {  
                        "tenantId": "123456",  
                        "publicURL": "<https://monitoring.api.rackspacecloud.com/v1.0/123456>"  
                    }  
                ],  
                "type": "rax:monitor"  
            },  
            {  
                "name": "cloudDNS",  
                "endpoints": [  
                    {  
                        "tenantId": "123456",  
                        "publicURL": "<https://dns.api.rackspacecloud.com/v1.0/123456>"  
                    }  
                ],  
                "type": "rax:dns"  
            },  
            {  
                "name": "cloudServers",  
                "endpoints": [  
                    {  
                        "tenantId": "123456",  
                        "publicURL": "<https://servers.api.rackspacecloud.com/v1.0/123456">,  
                        "versionInfo": "<https://servers.api.rackspacecloud.com/v1.0">,  
                        "versionList": "<https://servers.api.rackspacecloud.com/">,  
                        "versionId": "1.0"  
                    }  
                ],  
                "type": "compute"  
            },  
            {  
                "name": "rackCDN",  
                "endpoints": [  
                    {  
                        "region": "DFW",  
                        "tenantId": "123456",  
                        "publicURL": "<https://global.cdn.api.rackspacecloud.com/v1.0/123456">,  
                        "internalURL": "<https://global.cdn.api.rackspacecloud.com/v1.0/123456>"  
                    }  
                ],  
                "type": "rax:cdn"  
            },  
            {  
                "name": "cloudFilesCDN",  
                "endpoints": [  
                    {  
                        "region": "DFW",  
                        "tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",  
                        "publicURL": "<https://cdn1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"  
                    },  
                    {  
                        "region": "SYD",  
                        "tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",  
                        "publicURL": "<https://cdn4.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"  
                    },  
                    {  
                        "region": "HKG",  
                        "tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",  
                        "publicURL": "<https://cdn6.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"  
                    },  
                    {  
                        "region": "IAD",  
                        "tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",  
                        "publicURL": "<https://cdn5.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"  
                    }  
                ],  
                "type": "rax:object-cdn"  
            },  
            {  
                "name": "cloudFiles",  
                "endpoints": [  
                    {  
                        "region": "DFW",  
                        "tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",  
                        "publicURL": "<https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f">,  
                        "internalURL": "<https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"  
                    },  
                    {  
                        "region": "SYD",  
                        "tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",  
                        "publicURL": "<https://storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f">,  
                        "internalURL": "<https://snet-storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"  
                    },  
                    {  
                        "region": "IAD",  
                        "tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",  
                        "publicURL": "<https://storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f">,  
                        "internalURL": "<https://snet-storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"  
                    },  
                    {  
                        "region": "HKG",  
                        "tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",  
                        "publicURL": "<https://storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f">,  
                        "internalURL": "<https://snet-storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"  
                    }  
                ],  
                "type": "object-store"  
            }  
        ],  
        "user": {  
            "id": "172157",  
            "roles": [  
                {  
                    "id": "10000150",  
                    "description": "Checkmate Access role",  
                    "name": "checkmate"  
                },  
                {  
                    "tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",  
                    "id": "5",  
                    "description": "A Role that allows a user access to keystone Service methods",  
                    "name": "object-store:default"  
                },  
                {  
                    "tenantId": "123456",  
                    "id": "6",  
                    "description": "A Role that allows a user access to keystone Service methods",  
                    "name": "compute:default"  
                },  
                {  
                    "id": "3",  
                    "description": "User Admin Role.",  
                    "name": "identity:user-admin"  
                }  
            ],  
            "name": "yourUserName",  
            "RAX-AUTH:defaultRegion": "DFW",  
            "RAX-AUTH:domainId": "123456"  
            "RAX-AUTH:phonePin": "914737",  
            "RAX-AUTH:phonePinState": "ACTIVE"  
        }  
    }  
}

Unlock the Support PIN

PUT /v2.0/users/{userId}/RAX-AUTH/phone-pin/unlock

Users can unlock their Support PINs by calling this service.

ℹ️
Note
If users try to unlock a Support PIN for any user apart from themselves, the service returns a HTTP 403 response.

The service also gives an error with code HTTP 403 if a user attempts to unlock the their Support PIN when the Support PIN is not in locked state.

The following table shows the possible response codes for this operation:

Response Code	Name	Description
204	No Content	The request has been fulfilled. The Support PIN is unlocked.
400	Bad Request	The request was invalid.
401	Unauthorized	You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403	Forbidden	Caller does not have an appropriate role or Support PIN is not in a locked state
404	Not Found	The user was not found.
405	Invalid Method	The method specified in the request is not valid for the resource identified in the request URI.
503	Service Fault	Service is not available.

Request

The following table shows the header parameters for the unlock Support PIN request:

Name	Type	Description
X-Auth-Token	String (Required)	A valid authentication token.

ℹ️
Note
There is no request body for this service.

Response

A successful unlock Support PIN request returns no response body with HTTP 204 status code. Response body is only returned in case service errors.

Example: When attempt is made to unlock a Support PIN which is not in locked state JSON response

{  
    "forbidden": {  
        "code": 403,  
        "message": "User's current Support PIN is not in locked state."  
    }  
}

Example: When invalid user ID is passed in request url JSON response

{  
    "itemNotFound": {  
        "code": 404,  
        "message": "User 12345 not found"  
    }  
}

Reset the Support PIN

POST /v2.0/users/{userId}/RAX-AUTH/phone-pin/reset

Reset the Support PIN for a specific user. Users are not allowed to reset their own Support PINs by calling this service. If a user tries to reset their Support PIN, the service returns a 403 HTTP response.

ℹ️
Note
This service is only available to the following roles:

identity:user-admin: Can reset the Support PIN for all of the users on the caller’s domain.

identity:user-manage: Can reset the Support PIN of users in the caller’s domain who have the identity:user-manage role or below.

A successful reset Support PIN request returns no response body with HTTP 204 status code.

The following table shows the possible response codes for this operation:

Response Code	Name	Description
204	No Content	The request has been fulfilled.
400	Bad Request	The request was invalid.
401	Unauthorized	You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403	Forbidden	Caller does not have an appropriate role.
404	Not Found	If the caller does not have authorization to reset the phone PIN on the specified user or the user does not exist, a 404 HTTP response is returned.
405	Invalid Method	The method specified in the request is not valid for the resource identified in the request URI.
409	Conflict	The request could not be completed due to a conflict with the current state of the target resource.
503	Service Fault	Service is not available.

Request

The following table shows the header parameters for the reset Support PIN request:

Name	Type	Description
X-Auth-Token	String (Required)	A valid authentication token.

The following table shows the request parameters for the reset Support PIN request:

Name	Type	Description
`only_if_missing`	Boolean (Optional)	If the value of this parameter is true and the specified user already has a Support PIN, then the service returns a 409 HTTP response without changing the user’s Support PIN.