When a customer calls or chats with Rackspace Support, they must give a 6- digit Support PIN to the Interactive Voice Response (IVR) system or to the Support Racker to verify their identity. When a new user is created, a 6-digit numeric phone PIN is assigned to the user by default. The Support PIN cannot be deleted. However, a user can update their Support PIN by using the Update user information and password operation.
Update your own Support PIN
To update your own Support PIN, use the following operation:
Retrieve your own Support PIN
To retrieve your own Support PIN, see the following operations:
Unlock your own Support PIN
To unlock your Support PIN, use the following operation:
Reset the Support PIN of another user
To reset the Support PIN of another user, use the following operation:
Update user information and password
POST /v2.0/users/{userId}
This operation updates the user information for the account associated with the specified user id. Before you submit the update request, use the Get user by id operation to verify that the user name, email account, and status associated with userId match the account you want to update.
Only include those user data elements that you wish to modify in the request body. For example, if you only need to update the user’s email, for don’t include the other body parameters like id, enabled, or rax-auth:domainId.
Note
- Users who hold the admin role can update users who hold the user role (
identity:default) or the admin role > (identity:user-admin) for the same tenant.- Users with the
identity:user-adminoridentity:user-managerole can update user information for users within their domain and with theidentity:defaultrole- Administrators can change the default region for another user, but the new value must be one of the regions listed for a Cloud Compute endpoint in the service catalog.
- Only the
RAX-AUTH:contactIdattribute can be updated for a federated user.- The
RAX-AUTH:phonePinis only returned if the caller is updating their own user account and a Support PIN exists on the account.- Users with the
identity:user-manage-limitedcan update any sub-users’ email and enabled status within their domain.
This table shows the possible response codes for this operation:
| Response code | Name | Description |
|---|---|---|
| 200 | OK | The request has been fulfilled. The user has been updated. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 406 | Not Acceptable | The server cannot send data in a format requested. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | String (Required) | A valid authentication token. |
| {userId} | String (Required) | A user ID assigned by system when a user is added. |
This table shows the URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| {userId} | String (Required) | A user ID assigned by system when a user is created. |
This table shows the body parameters for the request:
| Name | Type | Description |
|---|---|---|
| user | Object | A user object that specifies the user account information. |
| user.username | String (Optional) | The name to assign to the user. |
| user.email | String (Optional) | Email address for the user account. |
| user.enabled | String (Optional) | Indicates whether the user is enabled (true) or disabled (false). Users cannot update the enabled status on their own account. |
| user.RAX-AUTH:defaultRegion | String (Optional) | The default region that the user is assigned to. Must be one of the regions available in the service catalog. |
| user.RAX-AUTH:phonePin | String (Optional) | Specify a new Support PIN for the user account. Ensure that the value specified meets the following criteria: * Use six numeric digits (such as 871694). A Support PIN cannot include more than three repeating numbers. (444 is OK, but 4444 is not.) A Support PIN cannot include more than three sequential numbers. (234 is OK, but 2345 is not.) |
| user.OS-KSADM:password | String (Optional) | Specify a new password for the user account. Ensure that the value specified meets the following criteria: * Password must be at least 8 characters in length, must contain at least one uppercase letter, one lowercase letter, and one numeric character. |
| user.RAX-AUTH:contactId | String (Optional) | The core contact ID. |
Example: Update user HTTP request header: XML
POST /v2.0/users/123456 HTTP/1.1
Host: identity.api.rackspacecloud.com
Accept: application/xml
Content-type: application/xml
X-Auth-Token: eaf8345057414cd397d0543123456789
Example: Update user HTTP request header: JSON
POST /v2.0/users/123456 HTTP/1.1
Host: identity.api.rackspacecloud.com
Accept: application/json
Content-type: application/json
X-Auth-Token: eaf8345057414cd397d0543123456789
Example: Update user request: XML
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns2="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
username="jqsmith"
enabled="true"
email="[email protected]"
RAX-AUTH:contactId="12345">
</user>
Example: Update user request: JSON
{
"user": {
"username": "jqsmith",
"email": "[email protected]",
"enabled": true,
"RAX-AUTH:contactId": "1234"
}
}
Example: Update user password HTTP request header: XML
POST /v2.0/users/123456 HTTP/1.1
Host: identity.api.rackspacecloud.com
Accept: application/xml
Content-type: application/xml
X-Auth-Token: eaf8345057414cd397d0543123456789
Example: Update user password HTTP request header: JSON
POST /v2.0/users/123456 HTTP/1.1
Host: identity.api.rackspacecloud.com
Accept: application/xml
Content-type: application/json
X-Auth-Token: eaf8345057414cd397d0543123456789
Example: Update user password request: XML
<user username="abc123"
ns1:password="ungu355ab13"
xmlns:ns1="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:ns2="http://docs.openstack.org/identity/api/v2.0" />
Example: Update user password request: JSON
{
"user": {
"username": "abc123",
"OS-KSADM:password":"ungu355ab13"
}
}
Response
Example: Update user information and password: XML response
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns2="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
id="123456" username="jqsmith"
enabled="true"
email="[email protected]"
RAX-AUTH:defaultRegion="DFW"
RAX-AUTH:domainId="5830280"
RAX-AUTH:phonePin="125897"
RAX-AUTH:contactId="1234"
RAX-AUTH:multiFactorEnabled="true" >
</user>
Example: Update user information and password: JSON response
{
"user": {
"id": "123456",
"username": "jqsmith",
"email": "[email protected]",
"enabled": true,
"RAX-AUTH:defaultRegion":"DFW",
"RAX-AUTH:domainId":"5830280",
"RAX-AUTH:phonePin":"136983",
"RAX-AUTH:multiFactorEnabled": true,
"RAX-AUTH:contactId":"1234"
}
}
Validate token
GET /v2.0/tokens/{tokenId}
Use the Validate token operation to verify that the specified token is valid and owned by the specified tenant.
In the /tokens/{tokenId} path, valid tokens exist and invalid tokens do not. For application development, use the Validate token operation to make sure that the client submitting the Validate token request can handle an ItemNotFound (404) error for an invalid token.
If the operation is successful, rerun the tenant credentials to return the permissions relevant to a particular client.
Any user can validate their own token. Identity user account administrators and Rackspace administrators can validate the token for any account user.
The validation response includes information about the user associated with the token being validated. The RAX-AUTH:phonePin attribute is only returned if the provided X-Auth-Token matches the token to validate, and the associated user has a Support PIN. The RAX-AUTH:phonePinState is returned for all valid requests.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 200 | OK | The operation completed successfully. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid admin authentication token. |
This table shows the URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| {tokenId} | String | The authentication token to validate. |
This table shows the query parameters for the request:
| Name | Type | Description |
|---|---|---|
| belongsTo | String (Optional) | Validate that a token has the specified tenant in scope. |
| apply_rcn_roles | Boolean (Optional) | “When true, include any roles to which the user has access due to RCN roles. Defaults to false.” |
| include_accessible_domains | Boolean (Optional) | When true, returns a list of domains that a user has access to. The list is returned on the user object of the authentication response. Defaults to false. |
This operation does not accept a request body.
Response
Example: Validate token: XML response
<?xml version="1.0" encoding="UTF-8"?>
<access
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns="http://docs.openstack.org/identity/api/v2.0">
<token id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx "
expires="2010-11-01T03:32:15-05:00">
<tenant id="345" name="My Project" />
</token>
<user
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
id="123" username="testuser" rax-auth:defaultRegion="DFW">
<roles xmlns="[http://docs.openstack.org/identity/api/v2.0">]();
<role id="123" name="compute:admin" />
<role id="234" name="object-store:admin" />
</roles>
</user>
</access>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access
xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:ns7="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0">
<token expires="2015-06-28T01:34:29.300Z" id="cd45ad90d8034a1b8d75aa0efa89060b">
<tenant name="5830280" id="5830280"/>
\<rax-auth:authenticatedBy>
\<rax-auth:credential>APIKEY\</rax-auth:credential>
\</rax-auth:authenticatedBy>
</token>
<user rax-auth:phonePin="914737" rax-auth:defaultRegion="SYD" name="maeker12" id="92bb036af5b0467198cded345597f6b4">
<roles>
<role rax-auth:propagate="false" serviceId="bde1268ebabeeabb70a0e702a4626977c331d5c4" description="Cloud Networks" name="CloudNetworks-Security-Groups" id="88"/>
<role rax-auth:propagate="true" tenantId="5830280" serviceId="a45b14e394a57e3fd4e45d59ff3693ead204998b" description="A Role that allows a user access to keystone Service methods" name="compute:default" id="684"/>
<role rax-auth:propagate="false" serviceId="bde1268ebabeeabb70a0e702a4626977c331d5c4" description="Default Role." name="identity:default" id="2"/>
<role rax-auth:propagate="false" serviceId="bde1268ebabeeabb70a0e702a4626977c331d5c4" description="Admin role for access to all capabilities for all products" name="admin" id="10015034"/>
</roles>
</user>
</access>
Example: Validate token: JSON response
{
"access": {
"token": {
"id": "cd45ad90d8034a1b8d75aa0efa123456",
"expires": "2015-06-28T01:34:29.300Z",
"tenant": {
"id": "5830345",
"name": "5830345"
},
"RAX-AUTH:authenticatedBy": [
"APIKEY"
]
},
"user": {
"id": "92bb036af5b0467198cded3455123456",
"roles": [
{
"id": "88",
"serviceId": "bde1268ebabeeabb70a0e702a4626977c331d5c4",
"description": "Cloud Networks",
"name": "CloudNetworks-Security-Groups"
},
{
"tenantId": "5830345",
"id": "684",
"serviceId": "a45b14e394a57e3fd4e45d59ff3693ead204998b",
"description": "A Role that allows a user access to keystone Service methods",
"name": "compute:default"
},
{
"id": "2",
"serviceId": "bde1268ebabeeabb70a0e702a4626977c331d5c4",
"description": "Default Role.",
"name": "identity:default"
},
{
"id": "10015034",
"serviceId": "bde1268ebabeeabb70a0e702a4626977c331d5c4",
"description": "Admin role for access to all capabilities for all products",
"name": "admin"
}
],
"name": "accountUserName",
"RAX-AUTH:defaultRegion": "SYD",
"RAX-AUTH:phonePin": "653161",
"RAX-AUTH:phonePinState": "ACTIVE"
}
}
}
Example: Validate token for impersonation response: JSON
{
"access":{
"token":{
"id":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"expires":"2010-11-01T03:32:15-05:00",
"tenant":{
"id": "yourTenantID",
"name": "My Project"
}
},
"user":{
"id":"123",
"name":"yourUsername",
"roles":[{
"id":"123",
"name":"compute:admin"
},
{
"id":"234",
"name":"object-store:admin",
}
]
},
"RAX-AUTH:impersonator":{
"id":"567",
"name":"impersonator.username",
"roles":[{
"id":"123",
"name":"Racker"
},
{
"id":"234",
"name":"object-store:admin",
}
]
}
}
}
Example: Validate Token for Impersonation Response: XML
<?xml version="1.0" encoding="UTF-8"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:RAX-AUTH="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0">
<token id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
expires="2010-11-01T03:32:15-05:00">
<tenant id="yourTenantID"
name="My Project" />
</token>
<user id="123"
username="yourUserName">
<roles xmlns="[http://docs.openstack.org/identity/api/v2.0">]();
<role id="123" name="compute:admin" />
<role id="234" name="object-store:admin" />
</roles>
</user>
\<RAX-AUTH:impersonator id="567"
username="impersonator.UserName">
<roles xmlns="[http://docs.openstack.org/identity/api/v2.0">]();
<role id="123" name="Racker" />
<role id="234" name="object-store:admin" />
</roles>
\</RAX-AUTH:impersonator>
</access>
Example: Validate token for Racker response: JSON
{
"access": {
"token": {
"expires": "2013-10-26T14:34:02.255Z",
"id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"user": {
"RAX-AUTH:defaultRegion": "",
"roles": [
{
"name": "Racker",
"description": "Defines a user as being a Racker",
"id": "9",
"serviceId": "18e7a7032733486cd32f472d7bd58f709ac0d221"
}
],
"id": "userId"
}
}
}
Example: Validate token for Racker response: XML
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns2="http://www.w3.org/2005/Atom"
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0">
<token id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
expires="2013-11-26T18:08:51.146Z"/>
<user id="racerSSOUsername">
<roles>
<role id="9" name="Racker"
description="Defines a user as being a Racker"
serviceId="18e7a7032733486cd32f472d7bd58f709ac0d221"/>
<role name="dl_RackUSA"/>
<role name="dl_RackGlobal"/>
<role name="dl_cloudblock"/>
<role name="dl_US Managers"/>
<role name="DL_USManagers"/>
</roles>
</user>
</access>
Get user by id
GET /v2.0/users/{userId}
This operation returns the following detailed account information for a specific user, by user id: email address, user name, user id, status, default region, and domain id.
Note
If this request is issued by a user holding the admin role (
identity:user-admin), the specific user’s information is returned only if that user is associated with the same tenant as the requester’suser-admintoken.
If this request is issued by a user holding the user role (identity:default), the response only includes the user account information for the user who submitted the request.
The user’s Support PIN is only returned if the caller is retrieving their own user account.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 200 | OK | The operation completed successfully. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header and URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid admin authentication token. |
| {userId} | URI String (Required) | A user ID assigned by system when user is added. |
This operation does not accept a request body.
Response
This table shows the body parameters for the response:
| Name | Type | Description |
|---|---|---|
| users | Object (Required) | Returns the collection of users who match the specification in the List user API request. |
| users.user | Object (Required) | A user object that provides user account information. |
| user.RAX-AUTH:defaultRegion | String (Optional) | The default region that the user is assigned to. Must be one of the regions available in the service catalog. |
| user.RAX-AUTH:domainId | String (Optional) | The ID for the domain that the user account has been assigned to. |
| user.RAX-AUTH:phonePin | String (Optional) | A user’s Support PIN. |
| user.RAX-AUTH:phonePinState | String (Required) | The Support PIN state.INACTIVE The user does not have a Support PIN.LOCKED The user has a Support PIN, but the PIN has been locked due to excessive failed verification attempts. The user must unlock the pin before PIN verifications can occur.* ACTIVE The user has a Support PIN against which verifications can be performed. |
| user.RAX-AUTH:multiFactorEnabled | Boolean (Optional) | If an account has been configured to use multi-factor authentication, this field indicates if multi-factor authentication is currently enabled or disabled. |
| user.RAX-AUTH:multiFactorState | String (Optional) | This extended attribute indicates if a multi-factor-enabled user account is locked as a result of failed authentication attempts. If the account has been locked at any point, the value is either LOCKED or ACTIVE. User administrators can use the update multi-factor authentication settings on account operation to restore access to a locked account. |
| user.RAX-AUTH:userMultiFactorEnforcementLevel | String (Optional) | If present, this extended attribute specifies the multi-factor authentication enforcement policy that applies to the specified account.REQUIRED The user must use multi-factor authentication to log in to their Rackspace Cloud account.OPTIONAL. The user has the option to authenticate using multi-factor authentication.* DEFAULT. The user multi-factor authentication requirements are determined by the domain level enforcement setting for multi-factor authentication. |
| user.RAX-AUTH:contactId | String (Optional) | The core contact ID. |
| user.RAX-AUTH:passwordExpiration | String (Optional) | If present, this extended attribute specifies the time when the user’s current password will expire. |
Example: Get user by ID HTTP response header: XML
HTTP/1.1 200 OK
Content-Type: application/xml
Example: Get user by ID: XML response
<?xml version="1.0" encoding="UTF-8"?>
<user
xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:ns7="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
rax-auth:contactId="1234"
rax-auth:domainId="5830280"
rax-auth:defaultRegion="DFW"
rax-auth:multiFactorEnabled="true"
rax-auth:multiFactorState="ACTIVE"
rax-auth:userMultiFactorEnforcementLevel="OPTIONAL"
rax-auth:passwordExpiration="2018-02-09T13:39:53.685-06:00"
id="123456"
username="jqsmith"
email="[email protected]"
enabled="true"/>
Example: Get user by ID HTTP response header: JSON
HTTP/1.1 200 OK
Content-Type: application/json
Example: Get user by ID response: JSON
{
"user":
{
"rax-auth:contactId":"1234"
"rax-auth:domainId":"5830280"
"id": "123456",
"enabled": true,
"username": "jqsmith",
"email": "[email protected]",
"rax-auth:defaultRegion":"DFW",
"rax-auth:phonePin":"914737",
"rax-auth:phonePinState": "ACTIVE",
"rax-auth:multiFactorEnabled":"true",
"rax-auth:multiFactorState":"ACTIVE",
"rax-auth:userMultiFactorEnforcementLevel":"OPTIONAL"
"rax-auth:passwordExpiration":"2018-02-09T13:39:53.685-06:00"
}
}
Authenticate as tenant with token
POST /v2.0/tokens
Identity user administrators can use this operation to authenticate by using a tenant ID or tenant name and a valid token.
Submit the POST token authentication request to the Identity service endpoint URL with a payload of credentials. Use either of the following credentials in the request.
tenantNameandtokenortenantIdandtoken
If the request includes both the name and ID, the server returns a 400 Bad Request error.
Important
If you authenticate as a tenant, the Service Catalog returned includes only endpoints for the Rackspace Cloud services authorized for that tenant. The exception to this rule is if you specify the mosso (cloud) tenant for which the full service catalog is still returned.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 200 | OK | Success. The tenant is authenticated. |
| 400 | Bad Request | Missing required parameters. This error also occurs if you include both the tenant name and ID in the request. |
| 401 | Unauthorized | You provided invalid credentials. |
| 404 | Not Found | The requested resource was not found. The token has expired or is no longer available. Use the POST token request to get a new token. |
| 500 | Service Fault | Service is not available. |
Request
This table shows the query parameters for the request:
| Name | Type | Description |
|---|---|---|
| apply_rcn_roles | Boolean (Optional) | When true, include any roles and endpoints to which the user has access due to RCN roles. Defaults to false. |
This table shows the body parameters for the request:
| Name | Type | Description |
|---|---|---|
| tenantName | String (Optional) | Specify the name of the tenant. If you use this value in the request, do not include the tenant ID. |
| tenantId | UUID (Optional) | Specify the unique ID for the tenant account. If you use this value in the request, do not include the tenant name. |
| token | String (Required) | A token object that provides a validated token id for the specified tenant. Required to authenticate as a tenant. |
Example: Authenticate as tenant with token: XML request
<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://docs.openstack.org/identity/api/v2.0"
tenantId="1100111">
<token id="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />
</auth>
**Example: Authenticate as tenant with token request: JSON**
{
"auth": {
"tenantId": "1100111",
"token": {
"id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
}
Response
This table shows the body parameters for the response:
| Name | Type | Description |
|---|---|---|
| access | String (Required) | An access object that returns token, user, and service information upon successful authentication. |
| token | String (Required) | The token object supplies a scoped authentication token that can be used to access Rackspace services for the specified tenant. |
| user | String (Required) | A user object that returns the following information about the user, if available for the account: id, name, assigned roles, default region, and domain. |
| serviceCatalog | String (Required) | The service catalog provides information about each service available to the authenticated user along with the service endpoints for API requests. |
| RAX-AUTH:phonePin | String (Required) | A six digit PIN that allows a user to confirm their identity to a Support Racker when they call Rackspace to get help with their account or accounts. |
| RAX-AUTH:phonePinState | String (Required) | The Support PIN state.INACTIVE The user does not have a Support PIN.LOCKED The user has a Support PIN, but the PIN has been locked due to excessive failed verification attempts. The user must unlock the PIN before PIN verifications can occur.* ACTIVE The user has a Support PIN against which verifications can be performed. |
Example: Authenticate as tenant with token response XML
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<access
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns4="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0">
<token id="d74f592f986e4d6e995853ccf01d25fe" expires="2015-06-05T16:24:57.637Z">
<tenant id="123456" name="123456"/>
\<rax-auth:authenticatedBy>
\<rax-auth:credential>APIKEY\</rax-auth:credential>
\</rax-auth:authenticatedBy>
</token>
<user id="172157" name="yourUserName" rax-auth:defaultRegion="DFW" rax-auth:domainId="123456">
<roles>
<role id="10000150" name="checkmate" description="Checkmate Access role" rax-auth:propagate="false"/>
<role id="5" name="object-store:default" description="A Role that allows a user access to keystone Service methods"
tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f" rax-auth:propagate="true"/>
<role id="6" name="compute:default" description="A Role that allows a user access to keystone Service methods"
tenantId="123456" rax-auth:propagate="true"/>
<role id="3" name="identity:user-admin" description="User Admin Role." rax-auth:propagate="false"/>
</roles>
</user>
<serviceCatalog>
<service type="volume" name="cloudBlockStorage">
<endpoint region="SYD" tenantId="123456" publicURL="[https://syd.blockstorage.api.rackspacecloud.com/v1/123456"/>]();
<endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.blockstorage.api.rackspacecloud.com/v1/123456"/>]();
<endpoint region="IAD" tenantId="123456" publicURL="[https://iad.blockstorage.api.rackspacecloud.com/v1/123456"/>]();
<endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.blockstorage.api.rackspacecloud.com/v1/123456"/>]();
</service>
<service type="image" name="cloudImages">
<endpoint region="IAD" tenantId="123456" publicURL="[https://iad.images.api.rackspacecloud.com/v2"/>]();
<endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.images.api.rackspacecloud.com/v2"/>]();
<endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.images.api.rackspacecloud.com/v2"/>]();
<endpoint region="SYD" tenantId="123456" publicURL="[https://syd.images.api.rackspacecloud.com/v2"/>]();
</service>
<service type="rax:queues" name="cloudQueues">
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.queues.api.rackspacecloud.com/v1/123456"
internalURL="https://snet-hkg.queues.api.rackspacecloud.com/v1/123456"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.queues.api.rackspacecloud.com/v1/123456"
internalURL="https://snet-syd.queues.api.rackspacecloud.com/v1/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.queues.api.rackspacecloud.com/v1/123456"
internalURL="https://snet-dfw.queues.api.rackspacecloud.com/v1/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.queues.api.rackspacecloud.com/v1/123456"
internalURL="https://snet-iad.queues.api.rackspacecloud.com/v1/123456"/>
</service>
<service type="rax:bigdata" name="cloudBigData">
<endpoint region="IAD" tenantId="123456" publicURL="[https://iad.bigdata.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.bigdata.api.rackspacecloud.com/v1.0/123456"/>]();
</service>
<service type="orchestration" name="cloudOrchestration">
<endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.orchestration.api.rackspacecloud.com/v1/123456"/>]();
<endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.orchestration.api.rackspacecloud.com/v1/123456"/>]();
<endpoint region="IAD" tenantId="123456" publicURL="[https://iad.orchestration.api.rackspacecloud.com/v1/123456"/>]();
<endpoint region="SYD" tenantId="123456" publicURL="[https://syd.orchestration.api.rackspacecloud.com/v1/123456"/>]();
</service>
<service type="compute" name="cloudServersOpenStack">
<endpoint region="SYD" tenantId="123456" publicURL="[https://syd.servers.api.rackspacecloud.com/v2/123456">]();
<version id="2" info="[https://syd.servers.api.rackspacecloud.com/v2]()" list="[https://syd.servers.api.rackspacecloud.com/"/>]();
</endpoint>
<endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.servers.api.rackspacecloud.com/v2/123456">]();
<version id="2" info="[https://dfw.servers.api.rackspacecloud.com/v2]()" list="[https://dfw.servers.api.rackspacecloud.com/"/>]();
</endpoint>
<endpoint region="IAD" tenantId="123456" publicURL="[https://iad.servers.api.rackspacecloud.com/v2/123456">]();
<version id="2" info="[https://iad.servers.api.rackspacecloud.com/v2]()" list="[https://iad.servers.api.rackspacecloud.com/"/>]();
</endpoint>
<endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.servers.api.rackspacecloud.com/v2/123456">]();
<version id="2" info="[https://hkg.servers.api.rackspacecloud.com/v2]()" list="[https://hkg.servers.api.rackspacecloud.com/"/>]();
</endpoint>
</service>
<service type="rax:autoscale" name="autoscale">
<endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.autoscale.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.autoscale.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="IAD" tenantId="123456" publicURL="[https://iad.autoscale.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="SYD" tenantId="123456" publicURL="[https://syd.autoscale.api.rackspacecloud.com/v1.0/123456"/>]();
</service>
<service type="rax:database" name="cloudDatabases">
<endpoint region="SYD" tenantId="123456" publicURL="[https://syd.databases.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.databases.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="IAD" tenantId="123456" publicURL="[https://iad.databases.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.databases.api.rackspacecloud.com/v1.0/123456"/>]();
</service>
<service type="rax:backup" name="cloudBackup">
<endpoint region="IAD" tenantId="123456" publicURL="[https://iad.backup.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.backup.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="SYD" tenantId="123456" publicURL="[https://syd.backup.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.backup.api.rackspacecloud.com/v1.0/123456"/>]();
</service>
<service type="network" name="cloudNetworks">
<endpoint region="IAD" tenantId="123456" publicURL="[https://iad.networks.api.rackspacecloud.com/v2.0"/>]();
<endpoint region="LON" tenantId="123456" publicURL="[https://lon.networks.api.rackspacecloud.com/v2.0"/>]();
<endpoint region="SYD" tenantId="123456" publicURL="[https://syd.networks.api.rackspacecloud.com/v2.0"/>]();
<endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.networks.api.rackspacecloud.com/v2.0"/>]();
<endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.networks.api.rackspacecloud.com/v2.0"/>]();
</service>
<service type="rax:cloudmetrics" name="cloudMetrics">
<endpoint region="IAD" tenantId="123456" publicURL="[https://global.metrics.api.rackspacecloud.com/v2.0/123456"/>]();
</service>
<service type="rax:load-balancer" name="cloudLoadBalancers">
<endpoint region="SYD" tenantId="123456" publicURL="[https://syd.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="IAD" tenantId="123456" publicURL="[https://iad.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="HKG" tenantId="123456" publicURL="[https://hkg.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>]();
<endpoint region="DFW" tenantId="123456" publicURL="[https://dfw.loadbalancers.api.rackspacecloud.com/v1.0/123456"/>]();
</service>
<service type="rax:feeds" name="cloudFeeds">
<endpoint region="HKG" tenantId="123456" publicURL="https://hkg.feeds.api.rackspacecloud.com/123456"
internalURL="https://atom.prod.hkg1.us.ci.rackspace.net/123456"/>
<endpoint region="SYD" tenantId="123456" publicURL="https://syd.feeds.api.rackspacecloud.com/123456"
internalURL="https://atom.prod.syd2.us.ci.rackspace.net/123456"/>
<endpoint region="IAD" tenantId="123456" publicURL="https://iad.feeds.api.rackspacecloud.com/123456"
internalURL="https://atom.prod.iad3.us.ci.rackspace.net/123456"/>
<endpoint region="DFW" tenantId="123456" publicURL="https://dfw.feeds.api.rackspacecloud.com/123456"
internalURL="https://atom.prod.dfw1.us.ci.rackspace.net/123456"/>
</service>
<service type="rax:monitor" name="cloudMonitoring">
<endpoint tenantId="123456" publicURL="[https://monitoring.api.rackspacecloud.com/v1.0/123456"/>]();
</service>
<service type="rax:dns" name="cloudDNS">
<endpoint tenantId="123456" publicURL="[https://dns.api.rackspacecloud.com/v1.0/123456"/>]();
</service>
<service type="compute" name="cloudServers">
<endpoint tenantId="123456" publicURL="[https://servers.api.rackspacecloud.com/v1.0/123456">]();
<version id="1.0" info="[https://servers.api.rackspacecloud.com/v1.0]()" list="[https://servers.api.rackspacecloud.com/"/>]();
</endpoint>
</service>
<service type="rax:cdn" name="rackCDN">
<endpoint region="DFW" tenantId="123456" publicURL="https://global.cdn.api.rackspacecloud.com/v1.0/123456"
internalURL="https://global.cdn.api.rackspacecloud.com/v1.0/123456"/>
</service>
<service type="rax:object-cdn" name="cloudFilesCDN">
<endpoint region="DFW" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://cdn1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="SYD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://cdn4.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="HKG" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://cdn6.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="IAD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://cdn5.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
</service>
<service type="object-store" name="cloudFiles">
<endpoint region="DFW" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
internalURL="https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="SYD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
internalURL="https://snet-storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="IAD" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
internalURL="https://snet-storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
<endpoint region="HKG" tenantId="MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
publicURL="https://storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"
internalURL="https://snet-storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f"/>
</service>
</serviceCatalog>
</access>
Example: Authenticate as tenant with token response JSON
{
"access": {
"token": {
"id": "d74f592f986e4d6e995853ccf0123456",
"expires": "2015-06-05T16:24:57.637Z",
"tenant": {
"id": "123456",
"name": "123456"
},
"RAX-AUTH:authenticatedBy": [
"APIKEY"
]
},
"serviceCatalog": [
{
"name": "cloudBlockStorage",
"endpoints": [
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "<https://syd.blockstorage.api.rackspacecloud.com/v1/123456>"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://dfw.blockstorage.api.rackspacecloud.com/v1/123456>"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "<https://iad.blockstorage.api.rackspacecloud.com/v1/123456>"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "<https://hkg.blockstorage.api.rackspacecloud.com/v1/123456>"
}
],
"type": "volume"
},
{
"name": "cloudImages",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "<https://iad.images.api.rackspacecloud.com/v2>"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "<https://hkg.images.api.rackspacecloud.com/v2>"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://dfw.images.api.rackspacecloud.com/v2>"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "<https://syd.images.api.rackspacecloud.com/v2>"
}
],
"type": "image"
},
{
"name": "cloudQueues",
"endpoints": [
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "<https://hkg.queues.api.rackspacecloud.com/v1/123456">,
"internalURL": "<https://snet-hkg.queues.api.rackspacecloud.com/v1/123456>"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "<https://syd.queues.api.rackspacecloud.com/v1/123456">,
"internalURL": "<https://snet-syd.queues.api.rackspacecloud.com/v1/123456>"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://dfw.queues.api.rackspacecloud.com/v1/123456">,
"internalURL": "<https://snet-dfw.queues.api.rackspacecloud.com/v1/123456>"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "<https://iad.queues.api.rackspacecloud.com/v1/123456">,
"internalURL": "<https://snet-iad.queues.api.rackspacecloud.com/v1/123456>"
}
],
"type": "rax:queues"
},
{
"name": "cloudBigData",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "<https://iad.bigdata.api.rackspacecloud.com/v1.0/123456>"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://dfw.bigdata.api.rackspacecloud.com/v1.0/123456>"
}
],
"type": "rax:bigdata"
},
{
"name": "cloudOrchestration",
"endpoints": [
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "<https://hkg.orchestration.api.rackspacecloud.com/v1/123456>"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://dfw.orchestration.api.rackspacecloud.com/v1/123456>"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "<https://iad.orchestration.api.rackspacecloud.com/v1/123456>"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "<https://syd.orchestration.api.rackspacecloud.com/v1/123456>"
}
],
"type": "orchestration"
},
{
"name": "cloudServersOpenStack",
"endpoints": [
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "<https://syd.servers.api.rackspacecloud.com/v2/123456">,
"versionInfo": "<https://syd.servers.api.rackspacecloud.com/v2">,
"versionList": "<https://syd.servers.api.rackspacecloud.com/">,
"versionId": "2"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://dfw.servers.api.rackspacecloud.com/v2/123456">,
"versionInfo": "<https://dfw.servers.api.rackspacecloud.com/v2">,
"versionList": "<https://dfw.servers.api.rackspacecloud.com/">,
"versionId": "2"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "<https://iad.servers.api.rackspacecloud.com/v2/123456">,
"versionInfo": "<https://iad.servers.api.rackspacecloud.com/v2">,
"versionList": "<https://iad.servers.api.rackspacecloud.com/">,
"versionId": "2"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "<https://hkg.servers.api.rackspacecloud.com/v2/123456">,
"versionInfo": "<https://hkg.servers.api.rackspacecloud.com/v2">,
"versionList": "<https://hkg.servers.api.rackspacecloud.com/">,
"versionId": "2"
}
],
"type": "compute"
},
{
"name": "autoscale",
"endpoints": [
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://dfw.autoscale.api.rackspacecloud.com/v1.0/123456>"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "<https://hkg.autoscale.api.rackspacecloud.com/v1.0/123456>"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "<https://iad.autoscale.api.rackspacecloud.com/v1.0/123456>"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "<https://syd.autoscale.api.rackspacecloud.com/v1.0/123456>"
}
],
"type": "rax:autoscale"
},
{
"name": "cloudDatabases",
"endpoints": [
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "<https://syd.databases.api.rackspacecloud.com/v1.0/123456>"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://dfw.databases.api.rackspacecloud.com/v1.0/123456>"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "<https://hkg.databases.api.rackspacecloud.com/v1.0/123456>"
}
],
"type": "rax:database"
},
{
"name": "cloudBackup",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "<https://iad.backup.api.rackspacecloud.com/v1.0/123456>"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "<https://hkg.backup.api.rackspacecloud.com/v1.0/123456>"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "<https://syd.backup.api.rackspacecloud.com/v1.0/123456>"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://dfw.backup.api.rackspacecloud.com/v1.0/123456>"
}
],
"type": "rax:backup"
},
{
"name": "cloudNetworks",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "<https://iad.networks.api.rackspacecloud.com/v2.0>"
},
{
"region": "LON",
"tenantId": "123456",
"publicURL": "<https://lon.networks.api.rackspacecloud.com/v2.0>"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "<https://syd.networks.api.rackspacecloud.com/v2.0>"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://dfw.networks.api.rackspacecloud.com/v2.0>"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "<https://hkg.networks.api.rackspacecloud.com/v2.0>"
}
],
"type": "network"
},
{
"name": "cloudMetrics",
"endpoints": [
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "<https://global.metrics.api.rackspacecloud.com/v2.0/123456>"
}
],
"type": "rax:cloudmetrics"
},
{
"name": "cloudLoadBalancers",
"endpoints": [
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "<https://syd.loadbalancers.api.rackspacecloud.com/v1.0/123456>"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "<https://iad.loadbalancers.api.rackspacecloud.com/v1.0/123456>"
},
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "<https://hkg.loadbalancers.api.rackspacecloud.com/v1.0/123456>"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://dfw.loadbalancers.api.rackspacecloud.com/v1.0/123456>"
}
],
"type": "rax:load-balancer"
},
{
"name": "cloudFeeds",
"endpoints": [
{
"region": "HKG",
"tenantId": "123456",
"publicURL": "<https://hkg.feeds.api.rackspacecloud.com/123456">,
"internalURL": "<https://atom.prod.hkg1.us.ci.rackspace.net/123456>"
},
{
"region": "SYD",
"tenantId": "123456",
"publicURL": "<https://syd.feeds.api.rackspacecloud.com/123456">,
"internalURL": "<https://atom.prod.syd2.us.ci.rackspace.net/123456>"
},
{
"region": "IAD",
"tenantId": "123456",
"publicURL": "<https://iad.feeds.api.rackspacecloud.com/123456">,
"internalURL": "<https://atom.prod.iad3.us.ci.rackspace.net/123456>"
},
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://dfw.feeds.api.rackspacecloud.com/123456">,
"internalURL": "<https://atom.prod.dfw1.us.ci.rackspace.net/123456>"
}
],
"type": "rax:feeds"
},
{
"name": "cloudMonitoring",
"endpoints": [
{
"tenantId": "123456",
"publicURL": "<https://monitoring.api.rackspacecloud.com/v1.0/123456>"
}
],
"type": "rax:monitor"
},
{
"name": "cloudDNS",
"endpoints": [
{
"tenantId": "123456",
"publicURL": "<https://dns.api.rackspacecloud.com/v1.0/123456>"
}
],
"type": "rax:dns"
},
{
"name": "cloudServers",
"endpoints": [
{
"tenantId": "123456",
"publicURL": "<https://servers.api.rackspacecloud.com/v1.0/123456">,
"versionInfo": "<https://servers.api.rackspacecloud.com/v1.0">,
"versionList": "<https://servers.api.rackspacecloud.com/">,
"versionId": "1.0"
}
],
"type": "compute"
},
{
"name": "rackCDN",
"endpoints": [
{
"region": "DFW",
"tenantId": "123456",
"publicURL": "<https://global.cdn.api.rackspacecloud.com/v1.0/123456">,
"internalURL": "<https://global.cdn.api.rackspacecloud.com/v1.0/123456>"
}
],
"type": "rax:cdn"
},
{
"name": "cloudFilesCDN",
"endpoints": [
{
"region": "DFW",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "<https://cdn1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"
},
{
"region": "SYD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "<https://cdn4.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"
},
{
"region": "HKG",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "<https://cdn6.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"
},
{
"region": "IAD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "<https://cdn5.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"
}
],
"type": "rax:object-cdn"
},
{
"name": "cloudFiles",
"endpoints": [
{
"region": "DFW",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "<https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f">,
"internalURL": "<https://snet-storage101.dfw1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"
},
{
"region": "SYD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "<https://storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f">,
"internalURL": "<https://snet-storage101.syd2.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"
},
{
"region": "IAD",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "<https://storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f">,
"internalURL": "<https://snet-storage101.iad3.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"
},
{
"region": "HKG",
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"publicURL": "<https://storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f">,
"internalURL": "<https://snet-storage101.hkg1.clouddrive.com/v1/MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f>"
}
],
"type": "object-store"
}
],
"user": {
"id": "172157",
"roles": [
{
"id": "10000150",
"description": "Checkmate Access role",
"name": "checkmate"
},
{
"tenantId": "MossoCloudFS_9c24e3db-52bf-4f26-8dc1-220871796e9f",
"id": "5",
"description": "A Role that allows a user access to keystone Service methods",
"name": "object-store:default"
},
{
"tenantId": "123456",
"id": "6",
"description": "A Role that allows a user access to keystone Service methods",
"name": "compute:default"
},
{
"id": "3",
"description": "User Admin Role.",
"name": "identity:user-admin"
}
],
"name": "yourUserName",
"RAX-AUTH:defaultRegion": "DFW",
"RAX-AUTH:domainId": "123456"
"RAX-AUTH:phonePin": "914737",
"RAX-AUTH:phonePinState": "ACTIVE"
}
}
}
Unlock the Support PIN
PUT /v2.0/users/{userId}/RAX-AUTH/phone-pin/unlock
Users can unlock their Support PINs by calling this service.
Note
If users try to unlock a Support PIN for any user apart from themselves, the service returns a
HTTP 403response.
The service also gives an error with code HTTP 403 if a user attempts to unlock the their Support PIN when the Support PIN is not in locked state.
The following table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 204 | No Content | The request has been fulfilled. The Support PIN is unlocked. |
| 400 | Bad Request | The request was invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | Caller does not have an appropriate role or Support PIN is not in a locked state |
| 404 | Not Found | The user was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 503 | Service Fault | Service is not available. |
Request
The following table shows the header parameters for the unlock Support PIN request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | String (Required) | A valid authentication token. |
Note
There is no request body for this service.
Response
A successful unlock Support PIN request returns no response body with HTTP 204 status code. Response body is only returned in case service errors.
Example: When attempt is made to unlock a Support PIN which is not in locked state JSON response
{
"forbidden": {
"code": 403,
"message": "User's current Support PIN is not in locked state."
}
}
Example: When invalid user ID is passed in request url JSON response
{
"itemNotFound": {
"code": 404,
"message": "User 12345 not found"
}
}
Reset the Support PIN
POST /v2.0/users/{userId}/RAX-AUTH/phone-pin/reset
Reset the Support PIN for a specific user. Users are not allowed to reset their own Support PINs by calling this service. If a user tries to reset their Support PIN, the service returns a 403 HTTP response.
Note
This service is only available to the following roles:
identity:user-admin: Can reset the Support PIN for all of the users on the caller’s domain.identity:user-manage: Can reset the Support PIN of users in the caller’s domain who have the identity:user-manage role or below.
A successful reset Support PIN request returns no response body with HTTP 204 status code.
The following table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 204 | No Content | The request has been fulfilled. |
| 400 | Bad Request | The request was invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | Caller does not have an appropriate role. |
| 404 | Not Found | If the caller does not have authorization to reset the phone PIN on the specified user or the user does not exist, a 404 HTTP response is returned. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 409 | Conflict | The request could not be completed due to a conflict with the current state of the target resource. |
| 503 | Service Fault | Service is not available. |
Request
The following table shows the header parameters for the reset Support PIN request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | String (Required) | A valid authentication token. |
The following table shows the request parameters for the reset Support PIN request:
| Name | Type | Description |
|---|---|---|
only_if_missing | Boolean (Optional) | If the value of this parameter is true and the specified user already has a Support PIN, then the service returns a 409 HTTP response without changing the user’s Support PIN. |