The Identity service provides authentication services for the Rackspace Cloud. To gain access, users and administrators can use the POST tokens operation to request an authentication token from the Identity service, or generate a new token after a previously issued token has expired. In subsequent requests to Identity service or other services, clients include the authentication token in the HTTP x-header parameter defined as X-Auth-Token to verify identity and confirm access rights and privileges.
Authentication requests include credentials that verify the identity and access permissions of the user making the request. Credentials can include any of the following types:
- Password credentials: user name and password
- API Key credentials: user name and API key
- Token and tenant Id or tenant name (requires Administrator privileges).
- Passcode credentials: multi-factor authentication session ID and passcode values
Tenant information is required if you use the token method. You might also need to include either the tenantId or tenantName on authentication requests with API key or password credentials. Some services use multi-level authentication, with service-specific credentials in addition to vendor-specific credentials. In such cases, associating a user with a tenant can be a method of passing that additional level of identifying information to the service. Also, if a user account is assigned to multiple tenants, then including the tenant information generates the authentication token for the specified tenant.
Use the following token API operations to submit authentication requests and manage tokens.
- Authenticate as user with password or API key
- Authenticate as tenant with token
- Authenticate with multi-factor authentication passcode credentials
- Validate token
- Revoke token
- List endpoints for token
Note
Some of the functionality described in this section is provided by the OS-KSADM and RAX-AUTH extensions to the core Identity API.
Authenticate as user with password or API key
POST /v2.0/tokens
Use this operation to authenticate to the Rackspace Cloud by using either a password or API key and generate an authentication token.
Submit the POST token authentication request to the Identity service endpoint URL with v2.0/tokens supplied as the path and a payload with either of the following credential types:
- Password credentials: user name and password
- API Key credentials: user name and API key
If the Identity service returns either of the following messages in response to the initial authentication request, your account may require multi-factor authentication and requires additional steps to complete the authentication process.
If the Identity service returns a 401 or 403 error in response to the initial authentication request, your account uses multi-factor authentication and requires additional steps to complete the authentication process.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 200 | OK | Operation completed successfully. See response examples. |
| 400 | Bad Request | Missing required parameters. This error also occurs if you include both the tenant name and ID in the request. |
| 401 | Unauthorized | This error message might indicate any of the following conditions: You supplied incorrect credentials. Additional authentication credentials required. Submit a second authentication request with multi-factor authentication credentials |
| 403 | User disabled/Forbidden | The User disabled message indicates that the request is valid, but the user does not have access to the requested resource. Check with the account administrator to request access.The Forbidden message might be returned because your account requires multi-factor authentication, and the feature has not been set up. See Request to set up multi-factor authentication on a user account. |
| 500 | Service Fault | Service is not available |
See the following sections for information about parameters and request and response examples:
Request
This table shows the query parameters for the request:
| Name | Type | Description |
|---|---|---|
| apply_rcn_roles | Boolean (Optional) | When true, return any roles and endpoints to which the user has access due to RCN roles. Defaults to false. |
| include_accessible_domains | Boolean (Optional) | When true, returns a list of domains that a user has access to. The list is returned on the user object of the authentication response. Defaults to false. |
| include_endpoints | Boolean (Optional) | When false, Identity API authentication token POST response should not include endpoints. Default to true. |
This table shows the body parameters for the request:
| Name | Type | Description |
|---|---|---|
| auth | Object (Required) | The auth object provides the credentials for the authentication request. |
| auth.RAX-AUTH:scope | Object (Optional) | Indicates that the authentication request is for a scoped multi-factor authentication token that provides capabilities for a user to set up and enable multi-factor authentication on an account. Specify the following value: SETUP-MFA. For details, see Request mfa setup token . |
| auth.passwordCredentials | Object (Required) | Provides username and password credentials to access the Rackspace Cloud account. |
| auth.passwordCredentials.username | String (Required) | The user name for the Rackspace Cloud account. |
| auth.passwordCredentials.tenantId | UUID (Optional) | The tenant ID for the Rackspace Cloud account. Both the tenantId and tenantName attributes are optional, but should not be specified together. |
| auth.passwordCredentials.tenantName | String (Optional) | The tenant name for the Rackspace Cloud account. Both the tenantName and tenantId attributes are optional, but should not be specified together. |
| auth.RAX-KSKEY:APIKeyCredentials | Object (Required) | Provides username and API key credentials for the authentication request. |
| auth.RAX-KSKEY:apiKeyCredentials.username | String (Required) | The user name for the Rackspace Cloud account |
| auth.RAX-KSKEY:apiKeyCredentials.apiKey | String (Optional) | The API key associated with the Rackspace Cloud account. You can find your API key on the Account Settings page in the Cloud Control panel. See Get credentials. |
| auth.RAX-KSKEY:apiKeyCredentials.tenantId | UUID (Optional) | The tenant ID for the Rackspace Cloud account. Both the tenantId and tenantName attributes are optional, but should not be specified together. |
| auth.RAX-KSKEY:apiKeyCredentials.tenantName | String (Optional) | The tenant name for the Rackspace Cloud account. Both the tenantName and tenantId attributes are optional, but should not be specified together. |
Example: Authenticate as user with password XML request
<?xml version="1.0" encoding="UTF-8"?>
<auth RAX-AUTH:scope="SETUP-MFA"
xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:OS-KSADM="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:RAX-AUTH="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom">
<passwordCredentials password="myPassword01" username="demoauthor"/>
</auth>
Example: Authenticate as user with password JSON request
{
"auth": {
"passwordCredentials": {
"username":"demoAuthor",
"password":"myPassword01"
}
}
}
Example: Authenticate as user with API key XML request
<?xml version="1.0" encoding="UTF-8"?>
<auth>
<apiKeyCredentials
xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
username="demoauthor"
apiKey="aaaaa-bbbbb-ccccc-12345678"/>
</auth>
Example: Authenticate as user with API key JSON request
{
"auth": {
"RAX-KSKEY:apiKeyCredentials": {
"username": "demoauthor",
"apiKey": "aaaaa-bbbbb-ccccc-12345678"
}
}
}
Example: Authenticate as user with password and tenant Id XML request
<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://docs.openstack.org/identity/api/v2.0">
<passwordCredentials username="demoauthor" password="theUsersPassword" tenantId="1100111"/>
</auth>
Example: Authenticate as user with API key and tenant ID JSON request
{
"auth": {
"RAX-KSKEY:apiKeyCredentials": {
"username": "demoauthor",
"apiKey": "aaaaa-bbbbb-ccccc-12345678"
},
"tenantId": "1100111"
}
}
Example: Authenticate for multi-factor authentication setup XML request
<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://docs.openstack.org/identity/api/v2.0">
<RAX-AUTH:scope="SETUP-MFA"/>
<passwordCredentials username="demoAuthor" password="myPassword01"/>
</auth>
Example: Authenticate for multi-factor authentication setup JSON request
{
"auth": {
"RAX-AUTH:scope": "SETUP-MFA", "passwordCredentials": {
"username":"'$USER_ADMIN_USERNAME'"
"password":"'$PWD'"
}
}
}
Response
This table shows the body parameters for the response:
| Name | Type | Description |
|---|---|---|
| access | String (Required) | An access object that returns token, user, and service information upon successful authentication. |
| token | String (Required) | The token object supplies a scoped authentication token that can be used to access Rackspace Cloud services for the specified tenant. |
| user | String (Required) | A user object that returns the following information about the user, if available for the account: id, name, assigned roles, default region, and domain. |
| serviceCatalog | String (Required) | The service catalog provides information about each service available to the authenticated user along with the service endpoints for API requests. |
Example: Authenticate as user with API key XML response
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns4="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0">
<token id="d74f592f986e4d6e995853ccf01d25fe" expires="2015-06-05T16:24:57.637Z">
<tenant id="123456" name="123456"/>
<rax-auth:authenticatedBy>
<rax-auth:credential>APIKEY</rax-auth:credential>
</rax-auth:authenticatedBy>
</token>
<user id="172157" name="yourUserName" rax-auth:defaultRegion="DFW" rax-auth:domainId="123456">
<roles>
<role id="10000150" name="checkmate" description="Checkmate Access role" rax-auth:propagate="false"/>
<role id="5" name="object-store:default" description="A Role that allows a user access to keystone Service methods"
tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f" rax-auth:propagate="true"/>
<role id="6" name="compute:default" description="A Role that allows a user access to keystone Service methods"
tenantId="123456" rax-auth:propagate="true"/>
<role id="3" name="identity:user-admin" description="User Admin Role." rax-auth:propagate="false"/>
</roles>
</user>
<serviceCatalog>
<service type="volume" name="cloudBlockStorage">
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.blockstorage.api.rackspacecloud.com/v1/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.blockstorage.api.rackspacecloud.com/v1/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.blockstorage.api.rackspacecloud.com/v1/123456"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.blockstorage.api.rackspacecloud.com/v1/123456"/>
</service>
<service type="image" name="cloudImages">
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.images.api.rackspacecloud.com/v2"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.images.api.rackspacecloud.com/v2"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.images.api.rackspacecloud.com/v2"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.images.api.rackspacecloud.com/v2"/>
</service>
<service type="rax:queues" name="cloudQueues">
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.queues.api.rackspacecloud.com/v1/123456"
internalURL="https://snet-hkg.queues.api.rackspacecloud.com/v1/123456"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.queues.api.rackspacecloud.com/v1/123456"
internalURL="https://snet-syd.queues.api.rackspacecloud.com/v1/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.queues.api.rackspacecloud.com/v1/123456"
internalURL="https://snet-dfw.queues.api.rackspacecloud.com/v1/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.queues.api.rackspacecloud.com/v1/123456"
internalURL="https://snet-iad.queues.api.rackspacecloud.com/v1/123456"/>
</service>
<service type="rax:bigdata" name="cloudBigData">
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.bigdata.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.bigdata.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="orchestration" name="cloudOrchestration">
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.orchestration.api.rackspacecloud.com/v1/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.orchestration.api.rackspacecloud.com/v1/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.orchestration.api.rackspacecloud.com/v1/123456"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.orchestration.api.rackspacecloud.com/v1/123456"/>
</service>
<service type="compute" name="cloudServersOpenStack">
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.servers.api.rackspacecloud.com/v2/123456">
<version id="2" info="https://syd.servers.api.rackspacecloud.com/v2" list="https://syd.servers.api.rackspacecloud.com/"/>
</endpoint>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.servers.api.rackspacecloud.com/v2/123456">
<version id="2" info="https://dfw.servers.api.rackspacecloud.com/v2" list="https://dfw.servers.api.rackspacecloud.com/"/>
</endpoint>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.servers.api.rackspacecloud.com/v2/123456">
<version id="2" info="https://iad.servers.api.rackspacecloud.com/v2" list="https://iad.servers.api.rackspacecloud.com/"/>
</endpoint>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.servers.api.rackspacecloud.com/v2/123456">
<version id="2" info="https://hkg.servers.api.rackspacecloud.com/v2" list="https://hkg.servers.api.rackspacecloud.com/"/>
</endpoint>
</service>
<service type="rax:autoscale" name="autoscale">
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.autoscale.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.autoscale.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.autoscale.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.autoscale.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="rax:database" name="cloudDatabases">
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.databases.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.databases.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.databases.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.databases.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="rax:backup" name="cloudBackup">
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.backup.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.backup.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.backup.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.backup.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="network" name="cloudNetworks">
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.networks.api.rackspacecloud.com/v2.0"/>
<endpoint region="LON" tenantId="123456" publicURL="https://lon.networks.api.rackspacecloud.com/v2.0"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.networks.api.rackspacecloud.com/v2.0"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.networks.api.rackspacecloud.com/v2.0"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.networks.api.rackspacecloud.com/v2.0"/>
</service>
<service type="rax:cloudmetrics" name="cloudMetrics">
<endpoint region="IAD" tenantId="123456" publicURL="https://global.metrics.api.rackspacecloud.com/v2.0/123456"/>
</service>
<service type="rax:load-balancer" name="cloudLoadBalancers">
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="rax:feeds" name="cloudFeeds">
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.feeds.api.rackspacecloud.com/123456"
internalURL="https://atom.prod.hkg1.us.ci.rackspace.net/123456"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.feeds.api.rackspacecloud.com/123456"
internalURL="https://atom.prod.syd2.us.ci.rackspace.net/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.feeds.api.rackspacecloud.com/123456"
internalURL="https://atom.prod.iad3.us.ci.rackspace.net/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.feeds.api.rackspacecloud.com/123456"
internalURL="https://atom.prod.dfw1.us.ci.rackspace.net/123456"/>
</service>
<service type="rax:monitor" name="cloudMonitoring">
<endpoint tenantId="123456" publicURL="https://monitoring.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="rax:dns" name="cloudDNS">
<endpoint tenantId="123456" publicURL="https://dns.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="compute" name="cloudServers">
<endpoint tenantId="123456" publicURL="https://servers.api.rackspacecloud.com/v1.0/123456">
<version id="1.0" info="https://servers.api.rackspacecloud.com/v1.0" list="https://servers.api.rackspacecloud.com/"/>
</endpoint>
</service>
<service type="rax:cdn" name="rackCDN">
<endpoint region="DFW" tenantId="123456" publicURL="https://global.cdn.api.rackspacecloud.com/v1.0/123456"
internalURL="https://global.cdn.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="rax:object-cdn" name="cloudFilesCDN">
<endpoint region="DFW" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://cdn1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="SYD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://cdn4.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="HKG" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://cdn6.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="IAD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://cdn5.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
</service>
<service type="object-store" name="cloudFiles">
<endpoint region="DFW" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
internalURL="https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="SYD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
internalURL="https://snet-storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="IAD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
internalURL="https://snet-storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="HKG" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
internalURL="https://snet-storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
</service>
</serviceCatalog>
</access>
Example: Authenticate as user with API key JSON response
{
"access": {
"token": {
"id": "d74f592f986e4d6e995853ccf0123456",
"expires": "2015-06-05T16:24:57.637Z",
"tenant": {
"id": "123456",
"name": "123456"
},
"RAX-AUTH:authenticatedBy": [
"APIKEY"
]
},
"serviceCatalog": [
{
"name": "cloudBlockStorage",
"endpoints": [
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.blockstorage.api.rackspacecloud.com/v1/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.blockstorage.api.rackspacecloud.com/v1/123456"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.blockstorage.api.rackspacecloud.com/v1/123456"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.blockstorage.api.rackspacecloud.com/v1/123456"
}
],
"type": "volume"
},
{
"name": "cloudImages",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.images.api.rackspacecloud.com/v2"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.images.api.rackspacecloud.com/v2"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.images.api.rackspacecloud.com/v2"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.images.api.rackspacecloud.com/v2"
}
],
"type": "image"
},
{
"name": "cloudQueues",
"endpoints": [
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.queues.api.rackspacecloud.com/v1/123456",
"internalURL": "https://snet-hkg.queues.api.rackspacecloud.com/v1/123456"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.queues.api.rackspacecloud.com/v1/123456",
"internalURL": "https://snet-syd.queues.api.rackspacecloud.com/v1/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.queues.api.rackspacecloud.com/v1/123456",
"internalURL": "https://snet-dfw.queues.api.rackspacecloud.com/v1/123456"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.queues.api.rackspacecloud.com/v1/123456",
"internalURL": "https://snet-iad.queues.api.rackspacecloud.com/v1/123456"
}
],
"type": "rax:queues"
},
{
"name": "cloudBigData",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.bigdata.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.bigdata.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:bigdata"
},
{
"name": "cloudOrchestration",
"endpoints": [
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.orchestration.api.rackspacecloud.com/v1/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.orchestration.api.rackspacecloud.com/v1/123456"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.orchestration.api.rackspacecloud.com/v1/123456"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.orchestration.api.rackspacecloud.com/v1/123456"
}
],
"type": "orchestration"
},
{
"name": "cloudServersOpenStack",
"endpoints": [
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.servers.api.rackspacecloud.com/v2/123456",
"versionInfo": "https://syd.servers.api.rackspacecloud.com/v2",
"versionList": "https://syd.servers.api.rackspacecloud.com/",
"versionId": "2"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.servers.api.rackspacecloud.com/v2/123456",
"versionInfo": "https://dfw.servers.api.rackspacecloud.com/v2",
"versionList": "https://dfw.servers.api.rackspacecloud.com/",
"versionId": "2"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.servers.api.rackspacecloud.com/v2/123456",
"versionInfo": "https://iad.servers.api.rackspacecloud.com/v2",
"versionList": "https://iad.servers.api.rackspacecloud.com/",
"versionId": "2"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.servers.api.rackspacecloud.com/v2/123456",
"versionInfo": "https://hkg.servers.api.rackspacecloud.com/v2",
"versionList": "https://hkg.servers.api.rackspacecloud.com/",
"versionId": "2"
}
],
"type": "compute"
},
{
"name": "autoscale",
"endpoints": [
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.autoscale.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.autoscale.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.autoscale.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.autoscale.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:autoscale"
},
{
"name": "cloudDatabases",
"endpoints": [
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.databases.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.databases.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.databases.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:database"
},
{
"name": "cloudBackup",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.backup.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.backup.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.backup.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.backup.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:backup"
},
{
"name": "cloudNetworks",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.networks.api.rackspacecloud.com/v2.0"
},
{
"region": "LON",
"tenantId": "123456",
"publicURL": "https://lon.networks.api.rackspacecloud.com/v2.0"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.networks.api.rackspacecloud.com/v2.0"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.networks.api.rackspacecloud.com/v2.0"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.networks.api.rackspacecloud.com/v2.0"
}
],
"type": "network"
},
{
"name": "cloudMetrics",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://global.metrics.api.rackspacecloud.com/v2.0/123456"
}
],
"type": "rax:cloudmetrics"
},
{
"name": "cloudLoadBalancers",
"endpoints": [
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.loadbalancers.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.loadbalancers.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.loadbalancers.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.loadbalancers.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:load-balancer"
},
{
"name": "cloudFeeds",
"endpoints": [
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.feeds.api.rackspacecloud.com/123456",
"internalURL": "https://atom.prod.hkg1.us.ci.rackspace.net/123456"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.feeds.api.rackspacecloud.com/123456",
"internalURL": "https://atom.prod.syd2.us.ci.rackspace.net/123456"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.feeds.api.rackspacecloud.com/123456",
"internalURL": "https://atom.prod.iad3.us.ci.rackspace.net/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.feeds.api.rackspacecloud.com/123456",
"internalURL": "https://atom.prod.dfw1.us.ci.rackspace.net/123456"
}
],
"type": "rax:feeds"
},
{
"name": "cloudMonitoring",
"endpoints": [
{
"tenantId": "123456",
"publicURL": "https://monitoring.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:monitor"
},
{
"name": "cloudDNS",
"endpoints": [
{
"tenantId": "123456",
"publicURL": "https://dns.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:dns"
},
{
"name": "cloudServers",
"endpoints": [
{
"tenantId": "123456",
"publicURL": "https://servers.api.rackspacecloud.com/v1.0/123456",
"versionInfo": "https://servers.api.rackspacecloud.com/v1.0",
"versionList": "https://servers.api.rackspacecloud.com/",
"versionId": "1.0"
}
],
"type": "compute"
},
{
"name": "rackCDN",
"endpoints": [
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://global.cdn.api.rackspacecloud.com/v1.0/123456",
"internalURL": "https://global.cdn.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:cdn"
},
{
"name": "cloudFilesCDN",
"endpoints": [
{
"region": "DFW",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://cdn1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "SYD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://cdn4.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "HKG",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://cdn6.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "IAD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://cdn5.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
}
],
"type": "rax:object-cdn"
},
{
"name": "cloudFiles",
"endpoints": [
{
"region": "DFW",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"internalURL": "https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "SYD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"internalURL": "https://snet-storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "IAD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"internalURL": "https://snet-storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "HKG",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"internalURL": "https://snet-storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
}
],
"type": "object-store"
}
],
"user": {
"id": "172157",
"roles": [
{
"id": "10000150",
"description": "Checkmate Access role",
"name": "checkmate"
},
{
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"id": "5",
"description": "A Role that allows a user access to keystone Service methods",
"name": "object-store:default"
},
{
"tenantId": "123456",
"id": "6",
"description": "A Role that allows a user access to keystone Service methods",
"name": "compute:default"
},
{
"id": "3",
"description": "User Admin Role.",
"name": "identity:user-admin"
}
],
"name": "yourUserName",
"RAX-AUTH:defaultRegion": "DFW",
"RAX-AUTH:domainId": "123456"
}
}
}
Example: Authenticate as user including accessible domains JSON response
{
"access": {
"token": {
"id": "d74f592f986e4d6e995853ccf0123456",
"expires": "2015-06-05T16:24:57.637Z",
"tenant": {
"id": "123456",
"name": "123456"
},
"RAX-AUTH:authenticatedBy": [
"APIKEY"
]
},
"serviceCatalog": [
{
"name": "cloudServers",
"endpoints": [
{
"tenantId": "123456",
"publicURL": "https://servers.api.rackspacecloud.com/v1.0/123456",
"versionInfo": "https://servers.api.rackspacecloud.com/v1.0",
"versionList": "https://servers.api.rackspacecloud.com/",
"versionId": "1.0"
}
],
"type": "compute"
},
{
"name": "rackCDN",
"endpoints": [
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://global.cdn.api.rackspacecloud.com/v1.0/123456",
"internalURL": "https://global.cdn.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:cdn"
},
{
"name": "cloudFiles",
"endpoints": [
{
"region": "DFW",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"internalURL": "https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "SYD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"internalURL": "https://snet-storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "IAD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"internalURL": "https://snet-storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "HKG",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"internalURL": "https://snet-storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
}
],
"type": "object-store"
},
...
],
"user": {
"RAX-AUTH:accessibleDomains": [
{
"id": "123456",
"id": "432112"
}
],
"id": "172157",
"roles": [
{
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"id": "5",
"description": "A Role that allows a user access to keystone Service methods",
"name": "object-store:default"
},
{
"tenantId": "123456",
"id": "6",
"description": "A Role that allows a user access to keystone Service methods",
"name": "compute:default"
},
{
"id": "3",
"description": "User Admin Role.",
"name": "identity:user-admin"
}
],
"name": "yourUserName",
"RAX-AUTH:defaultRegion": "DFW",
"RAX-AUTH:domainId": "123456",
"RAX-AUTH:phonePin": "914737",
"RAX-AUTH:phonePinState": "ACTIVE"
}
}
}
Example: Authenticate for multi-factor authentication setup JSON response
{
"token": {
"RAX-AUTH:authenticatedBy": [
"password"
],
"expires": "2014-01-09T15:08:53.645-06:00",
"id": "449f04aca3594ce38e5b0b18fce6b"
}
}
Note
Use the mfa-setup token returned in the response to set up multi-factor authentication on your account. For instructions, see Multifactor authentication.
Authenticate as tenant with token
POST /v2.0/tokens
Identity user administrators can use this operation to authenticate by using a tenant ID or tenant name and a valid token.
Submit the POST token authentication request to the Identity service endpoint URL with a payload of credentials. Use either of the following credentials in the request.
tenantNameandtokenortenantIdandtoken
If the request includes both the name and ID, the server returns a 400 Bad Request error.
Important
If you authenticate as a tenant, the
Service Catalogreturned includes only endpoints for the Rackspace Cloud services authorized for that tenant. The exception to this rule is if you specify the mosso (cloud) tenant for which the full service catalog is still returned.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 200 | OK | Success. The tenant is authenticated. |
| 400 | Bad Request | Missing required parameters. This error also occurs if you include both the tenant name and ID in the request. |
| 401 | Unauthorized | You provided invalid credentials. |
| 404 | Not Found | The requested resource was not found. The token has expired or is no longer available. Use the POST token request to get a new token. |
| 500 | Service Fault | Service is not available. |
Request
This table shows the query parameters for the request:
| Name | Type | Description |
|---|---|---|
| apply_rcn_roles | Boolean (Optional) | When true, include any roles and endpoints to which the user has access due to RCN roles. Defaults to false. |
This table shows the body parameters for the request:
| Name | Type | Description |
|---|---|---|
| tenantName | String (Optional) | Specify the name of the tenant. If you use this value in the request, do not include the tenant ID. |
| tenantId | UUID (Optional) | Specify the unique ID for the tenant account. If you use this value in the request, do not include the tenant name. |
| token | String (Required) | A token object that provides a validated token id for the specified tenant. Required to authenticate as a tenant. |
Example: Authenticate as tenant with token: XML request
<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://docs.openstack.org/identity/api/v2.0"
tenantId="1100111">
<token id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />
</auth>
Example: Authenticate as tenant with token request: JSON
{
"auth": {
"tenantId": "1100111",
"token": {
"id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
}
Response
This table shows the body parameters for the response:
| Name | Type | Description |
|---|---|---|
| access | String (Required) | An access object that returns token, user, and service information upon successful authentication. |
| token | String (Required) | The token object supplies a scoped authentication token that can be used to access Rackspace services for the specified tenant. |
| user | String (Required) | A user object that returns the following information about the user, if available for the account: id, name, assigned roles, default region, and domain. |
| serviceCatalog | String (Required) | The service catalog provides information about each service available to the authenticated user along with the service endpoints for API requests. |
| RAX-AUTH:phonePin | String (Required) | A six digit PIN that allows a user to confirm their identity to a Support Racker when they call Rackspace to get help with their account or accounts. |
| RAX-AUTH:phonePinState | String (Required) | The Support PIN state.INACTIVE The user does not have a Support PIN.LOCKED The user has a Support PIN, but the PIN has been locked due to excessive failed verification attempts. The user must unlock the PIN before PIN verifications can occur.* ACTIVE The user has a Support PIN against which verifications can be performed. |
Example: Authenticate as tenant with token response XML
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns4="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0">
<token id="d74f592f986e4d6e995853ccf01d25fe" expires="2015-06-05T16:24:57.637Z">
<tenant id="123456" name="123456"/>
<rax-auth:authenticatedBy>
<rax-auth:credential>APIKEY</rax-auth:credential>
</rax-auth:authenticatedBy>
</token>
<user id="172157" name="yourUserName" rax-auth:defaultRegion="DFW" rax-auth:domainId="123456">
<roles>
<role id="10000150" name="checkmate" description="Checkmate Access role" rax-auth:propagate="false"/>
<role id="5" name="object-store:default" description="A Role that allows a user access to keystone Service methods"
tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f" rax-auth:propagate="true"/>
<role id="6" name="compute:default" description="A Role that allows a user access to keystone Service methods"
tenantId="123456" rax-auth:propagate="true"/>
<role id="3" name="identity:user-admin" description="User Admin Role." rax-auth:propagate="false"/>
</roles>
</user>
<serviceCatalog>
<service type="volume" name="cloudBlockStorage">
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.blockstorage.api.rackspacecloud.com/v1/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.blockstorage.api.rackspacecloud.com/v1/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.blockstorage.api.rackspacecloud.com/v1/123456"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.blockstorage.api.rackspacecloud.com/v1/123456"/>
</service>
<service type="image" name="cloudImages">
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.images.api.rackspacecloud.com/v2"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.images.api.rackspacecloud.com/v2"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.images.api.rackspacecloud.com/v2"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.images.api.rackspacecloud.com/v2"/>
</service>
<service type="rax:queues" name="cloudQueues">
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.queues.api.rackspacecloud.com/v1/123456"
internalURL="https://snet-hkg.queues.api.rackspacecloud.com/v1/123456"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.queues.api.rackspacecloud.com/v1/123456"
internalURL="https://snet-syd.queues.api.rackspacecloud.com/v1/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.queues.api.rackspacecloud.com/v1/123456"
internalURL="https://snet-dfw.queues.api.rackspacecloud.com/v1/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.queues.api.rackspacecloud.com/v1/123456"
internalURL="https://snet-iad.queues.api.rackspacecloud.com/v1/123456"/>
</service>
<service type="rax:bigdata" name="cloudBigData">
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.bigdata.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.bigdata.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="orchestration" name="cloudOrchestration">
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.orchestration.api.rackspacecloud.com/v1/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.orchestration.api.rackspacecloud.com/v1/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.orchestration.api.rackspacecloud.com/v1/123456"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.orchestration.api.rackspacecloud.com/v1/123456"/>
</service>
<service type="compute" name="cloudServersOpenStack">
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.servers.api.rackspacecloud.com/v2/123456">
<version id="2" info="https://syd.servers.api.rackspacecloud.com/v2" list="https://syd.servers.api.rackspacecloud.com/"/>
</endpoint>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.servers.api.rackspacecloud.com/v2/123456">
<version id="2" info="https://dfw.servers.api.rackspacecloud.com/v2" list="https://dfw.servers.api.rackspacecloud.com/"/>
</endpoint>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.servers.api.rackspacecloud.com/v2/123456">
<version id="2" info="https://iad.servers.api.rackspacecloud.com/v2" list="https://iad.servers.api.rackspacecloud.com/"/>
</endpoint>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.servers.api.rackspacecloud.com/v2/123456">
<version id="2" info="https://hkg.servers.api.rackspacecloud.com/v2" list="https://hkg.servers.api.rackspacecloud.com/"/>
</endpoint>
</service>
<service type="rax:autoscale" name="autoscale">
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.autoscale.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.autoscale.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.autoscale.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.autoscale.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="rax:database" name="cloudDatabases">
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.databases.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.databases.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.databases.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.databases.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="rax:backup" name="cloudBackup">
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.backup.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.backup.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.backup.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.backup.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="network" name="cloudNetworks">
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.networks.api.rackspacecloud.com/v2.0"/>
<endpoint region="LON" tenantId="123456" publicURL="https://lon.networks.api.rackspacecloud.com/v2.0"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.networks.api.rackspacecloud.com/v2.0"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.networks.api.rackspacecloud.com/v2.0"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.networks.api.rackspacecloud.com/v2.0"/>
</service>
<service type="rax:cloudmetrics" name="cloudMetrics">
<endpoint region="IAD" tenantId="123456" publicURL="https://global.metrics.api.rackspacecloud.com/v2.0/123456"/>
</service>
<service type="rax:load-balancer" name="cloudLoadBalancers">
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="rax:feeds" name="cloudFeeds">
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.feeds.api.rackspacecloud.com/123456"
internalURL="https://atom.prod.hkg1.us.ci.rackspace.net/123456"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.feeds.api.rackspacecloud.com/123456"
internalURL="https://atom.prod.syd2.us.ci.rackspace.net/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.feeds.api.rackspacecloud.com/123456"
internalURL="https://atom.prod.iad3.us.ci.rackspace.net/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.feeds.api.rackspacecloud.com/123456"
internalURL="https://atom.prod.dfw1.us.ci.rackspace.net/123456"/>
</service>
<service type="rax:monitor" name="cloudMonitoring">
<endpoint tenantId="123456" publicURL="https://monitoring.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="rax:dns" name="cloudDNS">
<endpoint tenantId="123456" publicURL="https://dns.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="compute" name="cloudServers">
<endpoint tenantId="123456" publicURL="https://servers.api.rackspacecloud.com/v1.0/123456">
<version id="1.0" info="https://servers.api.rackspacecloud.com/v1.0" list="https://servers.api.rackspacecloud.com/"/>
</endpoint>
</service>
<service type="rax:cdn" name="rackCDN">
<endpoint region="DFW" tenantId="123456" publicURL="https://global.cdn.api.rackspacecloud.com/v1.0/123456"
internalURL="https://global.cdn.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="rax:object-cdn" name="cloudFilesCDN">
<endpoint region="DFW" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://cdn1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="SYD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://cdn4.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="HKG" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://cdn6.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="IAD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://cdn5.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
</service>
<service type="object-store" name="cloudFiles">
<endpoint region="DFW" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
internalURL="https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="SYD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
internalURL="https://snet-storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="IAD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
internalURL="https://snet-storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="HKG" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
internalURL="https://snet-storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
</service>
</serviceCatalog>
</access>
Example: Authenticate as tenant with token response JSON
{
"access": {
"token": {
"id": "d74f592f986e4d6e995853ccf0123456",
"expires": "2015-06-05T16:24:57.637Z",
"tenant": {
"id": "123456",
"name": "123456"
},
"RAX-AUTH:authenticatedBy": [
"APIKEY"
]
},
"serviceCatalog": [
{
"name": "cloudBlockStorage",
"endpoints": [
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.blockstorage.api.rackspacecloud.com/v1/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.blockstorage.api.rackspacecloud.com/v1/123456"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.blockstorage.api.rackspacecloud.com/v1/123456"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.blockstorage.api.rackspacecloud.com/v1/123456"
}
],
"type": "volume"
},
{
"name": "cloudImages",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.images.api.rackspacecloud.com/v2"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.images.api.rackspacecloud.com/v2"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.images.api.rackspacecloud.com/v2"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.images.api.rackspacecloud.com/v2"
}
],
"type": "image"
},
{
"name": "cloudQueues",
"endpoints": [
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.queues.api.rackspacecloud.com/v1/123456",
"internalURL": "https://snet-hkg.queues.api.rackspacecloud.com/v1/123456"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.queues.api.rackspacecloud.com/v1/123456",
"internalURL": "https://snet-syd.queues.api.rackspacecloud.com/v1/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.queues.api.rackspacecloud.com/v1/123456",
"internalURL": "https://snet-dfw.queues.api.rackspacecloud.com/v1/123456"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.queues.api.rackspacecloud.com/v1/123456",
"internalURL": "https://snet-iad.queues.api.rackspacecloud.com/v1/123456"
}
],
"type": "rax:queues"
},
{
"name": "cloudBigData",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.bigdata.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.bigdata.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:bigdata"
},
{
"name": "cloudOrchestration",
"endpoints": [
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.orchestration.api.rackspacecloud.com/v1/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.orchestration.api.rackspacecloud.com/v1/123456"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.orchestration.api.rackspacecloud.com/v1/123456"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.orchestration.api.rackspacecloud.com/v1/123456"
}
],
"type": "orchestration"
},
{
"name": "cloudServersOpenStack",
"endpoints": [
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.servers.api.rackspacecloud.com/v2/123456",
"versionInfo": "https://syd.servers.api.rackspacecloud.com/v2",
"versionList": "https://syd.servers.api.rackspacecloud.com/",
"versionId": "2"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.servers.api.rackspacecloud.com/v2/123456",
"versionInfo": "https://dfw.servers.api.rackspacecloud.com/v2",
"versionList": "https://dfw.servers.api.rackspacecloud.com/",
"versionId": "2"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.servers.api.rackspacecloud.com/v2/123456",
"versionInfo": "https://iad.servers.api.rackspacecloud.com/v2",
"versionList": "https://iad.servers.api.rackspacecloud.com/",
"versionId": "2"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.servers.api.rackspacecloud.com/v2/123456",
"versionInfo": "https://hkg.servers.api.rackspacecloud.com/v2",
"versionList": "https://hkg.servers.api.rackspacecloud.com/",
"versionId": "2"
}
],
"type": "compute"
},
{
"name": "autoscale",
"endpoints": [
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.autoscale.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.autoscale.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.autoscale.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.autoscale.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:autoscale"
},
{
"name": "cloudDatabases",
"endpoints": [
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.databases.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.databases.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.databases.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:database"
},
{
"name": "cloudBackup",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.backup.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.backup.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.backup.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.backup.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:backup"
},
{
"name": "cloudNetworks",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.networks.api.rackspacecloud.com/v2.0"
},
{
"region": "LON",
"tenantId": "123456",
"publicURL": "https://lon.networks.api.rackspacecloud.com/v2.0"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.networks.api.rackspacecloud.com/v2.0"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.networks.api.rackspacecloud.com/v2.0"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.networks.api.rackspacecloud.com/v2.0"
}
],
"type": "network"
},
{
"name": "cloudMetrics",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://global.metrics.api.rackspacecloud.com/v2.0/123456"
}
],
"type": "rax:cloudmetrics"
},
{
"name": "cloudLoadBalancers",
"endpoints": [
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.loadbalancers.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.loadbalancers.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.loadbalancers.api.rackspacecloud.com/v1.0/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.loadbalancers.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:load-balancer"
},
{
"name": "cloudFeeds",
"endpoints": [
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "https://hkg.feeds.api.rackspacecloud.com/123456",
"internalURL": "https://atom.prod.hkg1.us.ci.rackspace.net/123456"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "https://syd.feeds.api.rackspacecloud.com/123456",
"internalURL": "https://atom.prod.syd2.us.ci.rackspace.net/123456"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "https://iad.feeds.api.rackspacecloud.com/123456",
"internalURL": "https://atom.prod.iad3.us.ci.rackspace.net/123456"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://dfw.feeds.api.rackspacecloud.com/123456",
"internalURL": "https://atom.prod.dfw1.us.ci.rackspace.net/123456"
}
],
"type": "rax:feeds"
},
{
"name": "cloudMonitoring",
"endpoints": [
{
"tenantId": "123456",
"publicURL": "https://monitoring.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:monitor"
},
{
"name": "cloudDNS",
"endpoints": [
{
"tenantId": "123456",
"publicURL": "https://dns.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:dns"
},
{
"name": "cloudServers",
"endpoints": [
{
"tenantId": "123456",
"publicURL": "https://servers.api.rackspacecloud.com/v1.0/123456",
"versionInfo": "https://servers.api.rackspacecloud.com/v1.0",
"versionList": "https://servers.api.rackspacecloud.com/",
"versionId": "1.0"
}
],
"type": "compute"
},
{
"name": "rackCDN",
"endpoints": [
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "https://global.cdn.api.rackspacecloud.com/v1.0/123456",
"internalURL": "https://global.cdn.api.rackspacecloud.com/v1.0/123456"
}
],
"type": "rax:cdn"
},
{
"name": "cloudFilesCDN",
"endpoints": [
{
"region": "DFW",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://cdn1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "SYD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://cdn4.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "HKG",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://cdn6.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "IAD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://cdn5.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
}
],
"type": "rax:object-cdn"
},
{
"name": "cloudFiles",
"endpoints": [
{
"region": "DFW",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"internalURL": "https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "SYD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"internalURL": "https://snet-storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "IAD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"internalURL": "https://snet-storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
},
{
"region": "HKG",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "https://storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"internalURL": "https://snet-storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
}
],
"type": "object-store"
}
],
"user": {
"id": "172157",
"roles": [
{
"id": "10000150",
"description": "Checkmate Access role",
"name": "checkmate"
},
{
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"id": "5",
"description": "A Role that allows a user access to keystone Service methods",
"name": "object-store:default"
},
{
"tenantId": "123456",
"id": "6",
"description": "A Role that allows a user access to keystone Service methods",
"name": "compute:default"
},
{
"id": "3",
"description": "User Admin Role.",
"name": "identity:user-admin"
}
],
"name": "yourUserName",
"RAX-AUTH:defaultRegion": "DFW",
"RAX-AUTH:domainId": "123456"
"RAX-AUTH:phonePin": "914737",
"RAX-AUTH:phonePinState": "ACTIVE"
}
}
}
Authenticate with multi-factor authentication passcode credentials
POST /v2.0/tokens
Use this API operation to submit Authenticate with multi-factor passcode credentials.
Note
User accounts that use multi-factor authentication must authenticate with Identity service version 2.0 or later. Attempts to authenticate with earlier API versions will fail.
If an account is enabled to use multi-factor authentication, authentication is a two-step process:
-
Send an initial POST token authentication request with password credentials.
In response to the authentication request, the Identity service returns a 401 message that includes the
X-SessionIdparameter in the WWW-Authenticate header and a request for additional credentials. If SMS multi-factor authentication is used, the Identity service also sends a multi-factor authentication passcode to the phone associated with the user account. -
Send an additional authentication request that includes the
X-SessionIDand the multi-factor authenticationpasscode
See Authenticate from a multifactor-enabled user account for sample authentication requests in cURL format.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 200 | OK | Success. The tenant is authenticated. |
| 401 | Unauthorized | You are not authorized to complete this operation. |
| 403 | User Disabled | User account has been disabled. |
| 500 | Service Fault | Service is not available. |
Request
The following table shows the header parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-SessionId | String (Required) | The SessionId header returned when a multifactor-enabled user authenticates to Identity service with Password credentials. Required to authenticate with multi-factor authentication Passcode credentials. |
The following table shows the query parameters for the request:
| Name | Type | Description |
|---|---|---|
| apply_rcn_roles | Boolean (Optional) | When true, return any roles and endpoints to which the user has access due to RCN roles. Defaults to false. |
This table shows the body parameters for the request:
| Name | Type | Description |
|---|---|---|
| auth | Object (Required) | The auth object provides the credentials for the authentication request. |
| auth.RAX-AUTH:passcodeCredentials | Object (Required) | The passcodeCredentials object for the authentication request. |
| RAX-AUTH:passcodeCredentials.passcode | String (Required) | The passcode. |
Authenticate with multi-factor authentication credentials request
POST /v2.0/tokens HTTP/1.1
Host: identity.api.rackspacecloud.com
Content-Type: application/xml
Accept: application/xml
X-SessionId: APU9ymNjSKJG21HVdiRdOg0rk2fqh7uQ1FafVDXo3SId6nMHjUkKSDacFwDLGCC9U_DKI6Lwzu-wMi3LIWT-bA24EdGYdycM3rKzAfVPiCCjigN315ZLJo5s2TmiGQTSW9b5H7euQjJ6KBTk5elT2l8HrPH-9rrBjw
<auth xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:RAX-AUTH="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom">
<RAX-AUTH:passcodeCredentials passcode="123456"/>
</auth>
Authenticate with multi-factor authentication credentials JSON request
POST /v2.0/tokens HTTP/1.1
Host: identity.api.rackspacecloud.com
Content-Type: application/json
Accept: application/json
X-SessionId: APU9ymNjSKJG21HVdiRdOg0rk2fqh7uQ1FafVDXo3SId6nMHjUkKSDacFwDLGCC9U_DKI6Lwzu-wMi3LIWT-bA24EdGYdycM3rKzAfVPiCCjigN315ZLJo5s2TmiGQTSW9b5H7euQjJ6KBTk5elT2l8HrPH-9rrBjw
{
"auth": {
"RAX-AUTH:passcodeCredentials": {
"passcode":”123456"
}
}
}
Response
Authenticate with multi-factor authentication credential XML response
< HTTP/1.1 200 OK
< Vary: Accept, Accept-Encoding, X-Auth-Token
< Content-Type: application/xml
< Content-Length: 387
< Server: Jetty(6.1.25)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns4="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0">
<token
id="449f04aca3594ce38e5b0b18fce6bfad"
expires="2014-01-09T15:08:53.645-06:00">
<rax-auth:authenticatedBy>
<rax-auth:credential>PASSWORD</rax-auth:credential>
</rax-auth:authenticatedBy>
</token>
<user
id= "ec7f0fd2de2f4eeeb07c7412c848fe69"
name="jqsmith"
rax-auth:defaultRegion="DFW"
rax-auth:domainId="123456"
rax-auth:federated="false">
<roles>
<role
id="3"
name="identity:user-admin"
description="User Admin Role."/>
</roles>
</user>
<serviceCatalog/>
</access>
Authenticate with multi-factor authentication credential JSON response
< HTTP/1.1 200 OK
< Vary: Accept, Accept-Encoding, X-Auth-Token
< Content-Type: application/json
< Content-Length: 387
< Server: Jetty(6.1.25)
{
"access": {
"serviceCatalog": [],
"token": {
"RAX-AUTH:authenticatedBy": [
"PASSCODE",
"PASSWORD"
],
"expires": "2014-01-09T15:08:53.645-06:00",
"id": "abcdef123ghi4j5k67m8910n12op3qrs"
},
"user": {
"RAX-AUTH:defaultRegion": "IAD",
"RAX-AUTH:domainId": "123456",
"RAX-AUTH:federated": false,
"id": "789345",
"name": "mfaTestUser",
"roles": [
{
"description": "User Admin Role.",
"id": "3",
"name": "identity:user-admin"
}
]
}
}
}
Validate token
GET /v2.0/tokens/{tokenId}
Use the Validate token operation to verify that the specified token is valid and owned by the specified tenant.
In the /tokens/{tokenId} path, valid tokens exist and invalid tokens do not. For application development, use the Validate token operation to make sure that the client submitting the Validate token request can handle an ItemNotFound (404) error for an invalid token.
If the operation is successful, rerun the tenant credentials to return the permissions relevant to a particular client.
Any user can validate their own token. Identity user account administrators and Rackspace administrators can validate the token for any account user.
The validation response includes information about the user associated with the token being validated. The RAX-AUTH:phonePin attribute is only returned if the provided X-Auth-Token matches the token to validate, and the associated user has a Support PIN. The RAX-AUTH:phonePinState is returned for all valid requests.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 200 | OK | The operation completed successfully. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid admin authentication token. |
This table shows the URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| {tokenId} | String | The authentication token to validate. |
This table shows the query parameters for the request:
| Name | Type | Description |
|---|---|---|
| belongsTo | String (Optional) | Validate that a token has the specified tenant in scope. |
| apply_rcn_roles | Boolean (Optional) | “When true, include any roles to which the user has access due to RCN roles. Defaults to false.” |
| include_accessible_domains | Boolean (Optional) | When true, returns a list of domains that a user has access to. The list is returned on the user object of the authentication response. Defaults to false. |
This operation does not accept a request body.
Response
Example: Validate token: XML response
<?xml version="1.0" encoding="UTF-8"?>
<access
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns="http://docs.openstack.org/identity/api/v2.0">
<token id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx "
expires="2010-11-01T03:32:15-05:00">
<tenant id="345" name="My Project" />
</token>
<user
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
id="123" username="testuser" rax-auth:defaultRegion="DFW">
<roles xmlns="http://docs.openstack.org/identity/api/v2.0">
<role id="123" name="compute:admin" />
<role id="234" name="object-store:admin" />
</roles>
</user>
</access>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access
xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:ns7="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0">
<token expires="2015-06-28T01:34:29.300Z" id="cd45ad90d8034a1b8d75aa0efa89060b">
<tenant name="5830280" id="5830280"/>
<rax-auth:authenticatedBy>
<rax-auth:credential>APIKEY</rax-auth:credential>
</rax-auth:authenticatedBy>
</token>
<user rax-auth:phonePin="914737" rax-auth:defaultRegion="SYD" name="maeker12" id="92bb036af5b0467198cded345597f6b4">
<roles>
<role rax-auth:propagate="false" serviceId="bde1268ebabeeabb70a0e702a4626977c331d5c4" description="Cloud Networks" name="CloudNetworks-Security-Groups" id="88"/>
<role rax-auth:propagate="true" tenantId="5830280" serviceId="a45b14e394a57e3fd4e45d59ff3693ead204998b" description="A Role that allows a user access to keystone Service methods" name="compute:default" id="684"/>
<role rax-auth:propagate="false" serviceId="bde1268ebabeeabb70a0e702a4626977c331d5c4" description="Default Role." name="identity:default" id="2"/>
<role rax-auth:propagate="false" serviceId="bde1268ebabeeabb70a0e702a4626977c331d5c4" description="Admin role for access to all capabilities for all products" name="admin" id="10015034"/>
</roles>
</user>
</access>
Example: Validate token: JSON response
{
"access": {
"token": {
"id": "cd45ad90d8034a1b8d75aa0efa123456",
"expires": "2015-06-28T01:34:29.300Z",
"tenant": {
"id": "5830345",
"name": "5830345"
},
"RAX-AUTH:authenticatedBy": [
"APIKEY"
]
},
"user": {
"id": "92bb036af5b0467198cded3455123456",
"roles": [
{
"id": "88",
"serviceId": "bde1268ebabeeabb70a0e702a4626977c331d5c4",
"description": "Cloud Networks",
"name": "CloudNetworks-Security-Groups"
},
{
"tenantId": "5830345",
"id": "684",
"serviceId": "a45b14e394a57e3fd4e45d59ff3693ead204998b",
"description": "A Role that allows a user access to keystone Service methods",
"name": "compute:default"
},
{
"id": "2",
"serviceId": "bde1268ebabeeabb70a0e702a4626977c331d5c4",
"description": "Default Role.",
"name": "identity:default"
},
{
"id": "10015034",
"serviceId": "bde1268ebabeeabb70a0e702a4626977c331d5c4",
"description": "Admin role for access to all capabilities for all products",
"name": "admin"
}
],
"name": "accountUserName",
"RAX-AUTH:defaultRegion": "SYD",
"RAX-AUTH:phonePin": "653161",
"RAX-AUTH:phonePinState": "ACTIVE"
}
}
}
Example: Validate token for impersonation response: JSON
{
"access":{
"token":{
"id":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"expires":"2010-11-01T03:32:15-05:00",
"tenant":{
"id": "yourTenantID",
"name": "My Project"
}
},
"user":{
"id":"123",
"name":"yourUsername",
"roles":[{
"id":"123",
"name":"compute:admin"
},
{
"id":"234",
"name":"object-store:admin",
}
]
},
"RAX-AUTH:impersonator":{
"id":"567",
"name":"impersonator.username",
"roles":[{
"id":"123",
"name":"Racker"
},
{
"id":"234",
"name":"object-store:admin",
}
]
}
}
}
Example: Validate Token for Impersonation Response: XML
<?xml version="1.0" encoding="UTF-8"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:RAX-AUTH="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0">
<token id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
expires="2010-11-01T03:32:15-05:00">
<tenant id="yourTenantID"
name="My Project" />
</token>
<user id="123"
username="yourUserName">
<roles xmlns="http://docs.openstack.org/identity/api/v2.0">
<role id="123" name="compute:admin" />
<role id="234" name="object-store:admin" />
</roles>
</user>
<RAX-AUTH:impersonator id="567"
username="impersonator.UserName">
<roles xmlns="http://docs.openstack.org/identity/api/v2.0">
<role id="123" name="Racker" />
<role id="234" name="object-store:admin" />
</roles>
</RAX-AUTH:impersonator>
</access>
Example: Validate token for Racker response: JSON
{
"access": {
"token": {
"expires": "2013-10-26T14:34:02.255Z",
"id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"user": {
"RAX-AUTH:defaultRegion": "",
"roles": [
{
"name": "Racker",
"description": "Defines a user as being a Racker",
"id": "9",
"serviceId": "18e7a7032733486cd32f472d7bd58f709ac0d221"
}
],
"id": "userId"
}
}
}
Example: Validate token for Racker response: XML
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns2="http://www.w3.org/2005/Atom"
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0">
<token id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
expires="2013-11-26T18:08:51.146Z"/>
<user id="racerSSOUsername">
<roles>
<role id="9" name="Racker"
description="Defines a user as being a Racker"
serviceId="18e7a7032733486cd32f472d7bd58f709ac0d221"/>
<role name="dl_RackUSA"/>
<role name="dl_RackGlobal"/>
<role name="dl_cloudblock"/>
<role name="dl_US Managers"/>
<role name="DL_USManagers"/>
</roles>
</user>
</access>
Revoke token
DELETE /v2.0/tokens
Use the Revoke token operation to invalidate an authentication token so that it cannot be used to gain access to Rackspace Cloud services. After you submit the request, the Identity API service returns a 204 when the operation completes successfully. If the token specified in the URI is invalid, the Identity service responds with a 404 error message.
A user can revoke their own authentication token by submitting the DELETE request without specifying the tokenId parameter.
Identity and User administrators can revoke the token for another user by including the tokenId parameter in the request.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 204 | No content | The server fulfilled the request but does not need to return a body. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header and URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid admin authentication token. |
This operation does not accept a request body.
Response
This operation does not return a response body.
List endpoints for token
GET /v2.0/tokens/{tokenId}/endpoints
Returns a list of endpoints points associated with a specific token.
This call returns a list of endpoints associated with a specific token. Like the service catalog returned by a successful authentication, you can use this list of endpoints as the basis of a list of the services available to this user.
The following table shows the possible response codes for this operation:
| Response code | Name | Description |
|---|---|---|
| 200 | OK | The request has been fulfilled. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 406 | Not Acceptable | The server cannot send data in a format requested. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 503 | Service Fault | Service is not available. |
Request
The following table shows the header parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | String (Required) | A valid authentication token. |
The following table shows the URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| {tokenId} | String | The authentication token for which to list endpoints. |
The following table shows the query parameters for the request:
| Name | Type | Description |
|---|---|---|
| apply_rcn_roles | Boolean (Optional) | When true, include any endpoints to which the user has access due to RCN roles. Defaults to false. |
This operation does not accept a request body.
Response
Example: Validate token: JSON response
{
"endpoints":[{
"id":1,
"tenantId":"1",
"region":"North",
"name": "Compute",
"type":"compute",
"publicURL":"https://compute.north.public.com/v1",
"internalURL":"https://compute.north.internal.com/v1",
"adminURL" : "https://compute.north.internal.com/v1",
"versionId":"1",
"versionInfo":"https://compute.north.public.com/v1/",
"versionList":"https://compute.north.public.com/"
},
{
"id":2,
"tenantId":"1",
"region":"South",
"name": "Compute",
"type":"compute",
"publicURL":"https://compute.north.public.com/v1",
"internalURL":"https://compute.north.internal.com/v1",
"adminURL" : "https://compute.north.internal.com/v1",
"versionId":"1",
"versionInfo":"https://compute.north.public.com/v1/",
"versionList":"https://compute.north.public.com/"
},
{
"id":3,
"tenantId":"1",
"region":"East",
"name": "Compute",
"type":"compute",
"publicURL":"https://compute.north.public.com/v1",
"internalURL":"https://compute.north.internal.com/v1",
"adminURL" : "https://compute.north.internal.com/v1",
"versionId":"1",
"versionInfo":"https://compute.north.public.com/v1/",
"versionList":"https://compute.north.public.com/"
},
{
"id":4,
"tenantId":"1",
"region":"West",
"name": "Compute",
"type":"compute",
"publicURL":"https://compute.north.public.com/v1",
"internalURL":"https://compute.north.internal.com/v1",
"adminURL" : "https://compute.north.internal.com/v1",
"versionId":"1",
"versionInfo":"https://compute.north.public.com/v1/",
"versionList":"https://compute.north.public.com/"
},
{
"id":5,
"tenantId":"1",
"region":"Global",
"name": "Compute",
"type":"compute",
"publicURL":"https://compute.north.public.com/v1",
"internalURL":"https://compute.north.internal.com/v1",
"adminURL" : "https://compute.north.internal.com/v1",
"versionId":"1",
"versionInfo":"https://compute.north.public.com/v1/",
"versionList":"https://compute.north.public.com/"
}
],
"endpoints_links":[]
}