Rackspace Cloud customers have user accounts that allow them to access, configure, and manage their Rackspace Cloud services and account information. Each cloud account has an administrative owner (user-admin) and can also have one or more sub-user accounts that provide access to the Rackspace Cloud services available on the account.
Use the following API operations to to create, review, update, and delete user accounts, account information, and account credentials.
- Add user
- List users
- Get user by id
- Update user information and password
- Delete a user
- Get accessible domains for user
- Get user admin
- Add credential to user
- Get user credentials
- Reset API key for user
- Forgot password
- Reset password
- Change password
Note
Some of the functionality described in this section is provided by the OS-KSADM and RAX-KSKEY extensions to the core Identity API.
When these requests are issued by an account user, they act only upon that account user. To learn more about Identity account users, see Roles and role assignments.
Add user
POST /v2.0/users
This operation adds a user account to an existing Rackspace Cloud account.
User and Identity administrators can add accounts to an existing Rackspace Cloud account by using the Add user API operation. Administrators can add up to 100 users to an account.
In the Add user request, include the required values for the user name and email and specify optional attributes as needed.
You can specify an initial password for the user by including it in the request. If you don’t specify a password, the Identity service generates one and returns it in the response. In either case, make a note of the password so you can provide it to the user. After the user is created, you cannot retrieve the password by any means. However, you can update the password by using the Update user API operation or by changing the value from the User Management page in the Cloud Control panel.
Note
- Users with the User Admin role can manage sub-user accounts through the API or from the Cloud Control panel. Use the Control panel to add the user’s full name, contact information, and configure account security.
- If you try to create an account with the user name from an existing account, the Add user operation returns an
HTTP error 409message.- Domain multi-factor authentication (MFA) enforcement is set to
RACKSPACE_MANDATEDfor all new dedicated and cloud accounts. This means that the new user-admin must configure MFA before using their account. This is done by getting a scoped token and using the token to configure MFA.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 201 | Created | The request has been fulfilled. The user has been created. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 409 | Conflict | Indicates that the user you are trying to add already exists. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 415 | Bad Media Type | Bad media type. This may result if the wrong media type is used in the API request. Check the content-type and accept headers included in the request. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | String (Required) | A valid admin authentication token. |
This table shows the body parameters for the request:
| Name | Type | Description |
|---|---|---|
| user | Object | A user object that specifies the user account information. |
| user.username | String (Required) | The name to assign to the user. Specify a value that meets the following criteria: Start with an alpha character. Minimum length: 1 character Can contain upper and lowercase characters. Can contain any of the following special characters: - @ _ |
| user.email | String (Required) | Email address for the user account, for example [email protected] |
| user.enabled | Boolean (Required) | Indicates whether the user can authenticate after the user account is created. If no value is specified, the default value is specified: enabled=true. |
| user.OS-KSADM:password | String (Optional) | Specify an initial password for the user account. If this value is not specified, the Identity service automatically generates a password. Ensure that the value you specify meets the following criteria: Length must be at least 8 characters; no maximum. Can include uppercase, lower case, and numeric characters. Can start with or include any of the following special characters: ~ ! @ # % ~ & _ - | ( ) { } [ ] : ; ” ‘ < >,. ? / * Password cannot begin with a space, but it can contain a space. |
Example: Add user: XML request
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack..org/identity/api/v2.0"
enabled="true"
email="[email protected]"
username="newUser"/>
Example: Add user: JSON request
{
"user": {
"username": "newUser",
"email": "newUser@example:.com",
"enabled": true
}
}
Example: Add user with password request: XML
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns:ns1="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:ns2="http://docs.openstack.org/identity/api/v2.0"
username="newUser"
email="newUser@example:.com"
enabled="true"
ns1:password="Password48"/>
Example: Add user with password request: JSON
{
"user": {
"username": "newUser",
"email": "newUser@example:.com",
"enabled": true,
"OS-KSADM:password":"Password48"
}
}
Response
This table shows the body parameters for the response:
| Name | Type | Description |
|---|---|---|
| user | Object | A user object that returns the user account information. |
| user.RAX-AUTH:defaultRegion | String | Specifies the default region for the user account. This value is inherited from the user administrator when the account is created.. |
| user.RAX-AUTH:domainId | String | Identifies the domain that contains the user account. This value is inherited from the user administrator when the account is created. |
| user.id | String | A unique system- generated ID for the user account. The ID generated for the account cannot be modified. |
| user.username | String | The name that the user can use to authenticate to the Rackspace Cloud. You can change this value through the API or the Cloud Control panel. |
| user.OS-KSADM:password | String | The password value that the user needs for authentication. If the Add user request included a password value, this attribute is not included in the response. |
| user.email | String | Email address for the user account, for example [email protected] |
| user.enabled | Boolean | Indicates whether the user has permission to authenticate using the user name and password credentials for the new user. This value defaults to enabled=true. |
Example: Add user: XML response
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns2="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
id="123456" username="newUser"
enabled="true"
email="newUser@example:.com"
RAX-AUTH:defaultRegion="DFW"
RAX-AUTH:domainId="5830280" >
</user>
Example: Add user: JSON response
{
"user": {
"RAX-AUTH:defaultRegion": "DFW",
"RAX-AUTH:domainId": "5830280",
"id": "123456",
"username": "newUser",
"email": "newUserh@example:.com",
"enabled": true
}
}
List users
GET /v2.0/users
This operation returns a list of users with detailed account information about each user including email, name, user ID, Support PIN state, account configuration, and status information.
- If this request is issued by a user holding the Identity user admin role (
identity:user-admin), it returns a list of all users for the domain. To find a single user, include thenamein the request. - If this request is issued by a user holding the Identity user manage role (
identity:user-manage), it returns a list of all users with the Identity user role (identity:default) within their domain. - If this request is issued by a user holding the Identity user role (
identity:default), the operation returns only information about the user account.
Note
- The structure of the response is based on the presence of the
namequery parameter. The default response is a user list. A user object is returned if thenamequery parameter is provided.- The extended attribute
RAX-AUTH:passwordExpirationis returned only when getting a user by username.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 200 | OK | The request has succeeded. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header and URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid admin authentication token. |
This table shows the query parameters for the request:
| Name | Type | Description |
|---|---|---|
| name | String (Optional) | Specify the user name to look up. |
| String (Optional) | Specify the email address to look up. |
This operation does not accept a request body.
Example: List users: HTTP request
GET /v2.0/users/12342b4ddb594819b697d0048614c117 HTTP/1.1
Host: identity.api.rackspacecloud.com
Accept: application/json
X-Auth-Token: 0cb090705e82443fa71471e9c3456789
Content-type: application/xml
Example: List users: HTTP request
GET /v2.0/users/12342b4ddb594819b697d0048614c117 HTTP/1.1
Host: identity.api.rackspacecloud.com
Accept: application/json
X-Auth-Token: 0cb090705e82443fa71471e9c3456789
Content-type: application/json
Response
This table shows the body parameters for the response:
| Name | Type | Description |
|---|---|---|
| users | Object (Required) | Returns the collection of users who match the specification in the List user API request. |
| users.user | Object (Required) | A user object that provides user account information. |
| user.**RAX-AUTH:phonePinState** | String (Required) | The Support PIN state.INACTIVE The user does not have a Support PIN.LOCKED The user has a Support PIN, but the PIN has been locked due to excessive failed verification attempts. The user must unlock the PIN before PIN verifications can occur.* ACTIVE The user has a Support PIN against which verifications can be performed. |
| user.RAX-AUTH:defaultRegion | String (Optional) | The default region that the user is assigned to. Must be one of the regions available in the service catalog. |
| user.RAX-AUTH:domainId | String (Optional) | The ID for the domain that the user account has been assigned to. |
| user.RAX-AUTH:multiFactorEnabled | Boolean (Optional) | If an account has been configured to use multi-factor authentication, this field indicates if multi-factor authentication is currently enabled or disabled. |
| user.RAX-AUTH:multiFactorState | String (Optional) | This extended attribute indicates if a multi-factor-enabled user account is locked as a result of failed authentication attempts. If the account has been locked at any point, the value is either LOCKED or ACTIVE. User administrators can use the Update multi-factor authentication settings on account operation to restore access to a locked account. |
| user.RAX-AUTH:userMultiFactorEnforcementLevel | String (Optional) | If present, this extended attribute specifies the multi-factor authentication enforcement policy that applies to the specified account.REQUIRED The user must use multi-factor authentication to log in to their Rackspace Cloud account.OPTIONAL. The user has the option to authenticate using multi-factor authentication.* DEFAULT. The user multi-factor authentication requirements are determined by the domain level enforcement setting for multi-factor authentication. |
| user.RAX-AUTH:contactId | String (Optional) | The core contact ID. |
| user.RAX-AUTH:passwordExpiration | String (Optional) | If present, this extended attribute specifies the time when the user’s current password will expire. |
Example: List users: HTTP response
HTTP/1.1 200 OK
Content-Type: application/xml
Example: List users: XML response
<?xml version="1.0" encoding="UTF-8"?>
<users
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns4="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0" >
<user
rax-auth:domainId="5830280"
rax-auth:defaultRegion="DFW"
rax-auth:multiFactorEnabled="true"
rax-auth:multiFactorState="ACTIVE"
rax-auth:userMultiFactorEnforcementLevel="OPTIONAL"
rax-auth:multi
id="123456"
username="jqsmith"
email="[email protected]"
enabled="true"/>
<user
rax-auth:domainId="5830280"
rax-auth:defaultRegion="DFW"
rax-auth:multiFactorEnabled="false"
id="938439"
username="poejo"
email="[email protected]"
enabled="true"/>
</users>
Example: Get user by username: XML response
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="[http://docs.openstack.org/identity/api/v2.0](<>)"
xmlns:os-ksec2="[http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0](<>)"
xmlns:rax-ksqa="[http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0](<>)"
xmlns:rax-kskey="[http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0](<>)"
xmlns:rax-auth="[http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0](<>)"
xmlns:atom="[http://www.w3.org/2005/Atom](<>)"
xmlns:ns7="[http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0](<>)"
xmlns:os-ksadm="[http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0](<>)"
xmlns:ns9="[http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0](<>)"
created="2018-02-08T13:37:06.527-06:00"
enabled="true"
email="[email protected]"
username="user459"
id="cc0068ca9558433bb14472dbd16dde2f"
rax-auth:passwordExpiration="2018-02-09T13:39:53.685-06:00"
rax-auth:multiFactorEnabled="false"
rax-auth:defaultRegion="ORD"
rax-auth:domainId="4185"/>
Example: List users: HTTP response
HTTP/1.1 200 OK
Content-Type: application/json
Example: List users: JSON response
{
"users": [
{
"rax-auth:domainId":"5830280"
"id": "123456",
"enabled": true,
"username": "jqsmith",
"email": "[email protected]",
"rax-auth:defaultRegion":"DFW",
"rax-auth:phonePinState": "ACTIVE",
"rax-auth:multiFactorEnabled":"true",
"rax-auth:multiFactorState":"ACTIVE",
"rax-auth:userMultiFactorEnforcementLevel":"OPTIONAL"
},
{
"rax-auth:domainId":"5830280"
"id": "938439",
"enabled": false,
"username": "poejo",
"email": "[email protected]",
"rax-auth:defaultRegion":"DFW",
"rax-auth:multiFactorEnabled":"false"
},
}
]
}
Example: Get user by username: JSON response
{
"user": {
"RAX-AUTH:defaultRegion": "ORD",
"RAX-AUTH:domainId": "4185",
"RAX-AUTH:multiFactorEnabled": false,
"RAX-AUTH:passwordExpiration": "2018-02-09T13:39:53.685-06:00",
"rax-auth:phonePinState": "ACTIVE",
"created": "2018-02-08T13:37:06.527-06:00",
"email": "[email protected]",
"enabled": true,
"id": "cc0068ca9558433bb14472dbd16dde2f",
"username": "user459"
}
}
Get user by id
GET /v2.0/users/{userId}
This operation returns the following detailed account information for a specific user, by user id: email address, user name, user id, status, default region, and domain id.
Note
If this request is issued by a user holding the admin role (identity:user-admin), the specific user’s information is returned only if that user is associated with the same tenant as the requester’s user-admin token.
If this request is issued by a user holding the user role (identity:default), the response only includes the user account information for the user who submitted the request.
The user’s Support PIN is only returned if the caller is retrieving their own user account.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 200 | OK | The operation completed successfully. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header and URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid admin authentication token. |
| {userId} | URI String (Required) | A user ID assigned by system when user is added. |
This operation does not accept a request body.
Response
This table shows the body parameters for the response:
| Name | Type | Description |
|---|---|---|
| users | Object (Required) | Returns the collection of users who match the specification in the List user API request. |
| users.user | Object (Required) | A user object that provides user account information. |
| user.RAX-AUTH:defaultRegion | String (Optional) | The default region that the user is assigned to. Must be one of the regions available in the service catalog. |
| user.RAX-AUTH:domainId | String (Optional) | The ID for the domain that the user account has been assigned to. |
| user.RAX-AUTH:phonePin | String (Optional) | A user’s Support PIN. |
| user.RAX-AUTH:phonePinState | String (Required) | The Support PIN state.INACTIVE The user does not have a Support PIN.LOCKED The user has a Support PIN, but the PIN has been locked due to excessive failed verification attempts. The user must unlock the pin before PIN verifications can occur.* ACTIVE The user has a Support PIN against which verifications can be performed. |
| user.RAX-AUTH:multiFactorEnabled | Boolean (Optional) | If an account has been configured to use multi-factor authentication, this field indicates if multi-factor authentication is currently enabled or disabled. |
| user.RAX-AUTH:multiFactorState | String (Optional) | This extended attribute indicates if a multi-factor-enabled user account is locked as a result of failed authentication attempts. If the account has been locked at any point, the value is either LOCKED or ACTIVE. User administrators can use the update multi-factor authentication settings on account operation to restore access to a locked account. |
| user.RAX-AUTH:userMultiFactorEnforcementLevel | String (Optional) | If present, this extended attribute specifies the multi-factor authentication enforcement policy that applies to the specified account.REQUIRED The user must use multi-factor authentication to log in to their Rackspace Cloud account.OPTIONAL. The user has the option to authenticate using multi-factor authentication.* DEFAULT. The user multi-factor authentication requirements are determined by the domain level enforcement setting for multi-factor authentication. |
| user.RAX-AUTH:contactId | String (Optional) | The core contact ID. |
| user.RAX-AUTH:passwordExpiration | String (Optional) | If present, this extended attribute specifies the time when the user’s current password will expire. |
Example: Get user by ID HTTP response header: XML
HTTP/1.1 200 OK
Content-Type: application/xml
Example: Get user by ID: XML response
<?xml version="1.0" encoding="UTF-8"?>
<user
xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:ns7="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
rax-auth:contactId="1234"
rax-auth:domainId="5830280"
rax-auth:defaultRegion="DFW"
rax-auth:multiFactorEnabled="true"
rax-auth:multiFactorState="ACTIVE"
rax-auth:userMultiFactorEnforcementLevel="OPTIONAL"
rax-auth:passwordExpiration="2018-02-09T13:39:53.685-06:00"
id="123456"
username="jqsmith"
email="[email protected]"
enabled="true"/>
Example: Get user by ID HTTP response header: JSON
HTTP/1.1 200 OK
Content-Type: application/json
Example: Get user by ID response: JSON
{
"user":
{
"rax-auth:contactId":"1234"
"rax-auth:domainId":"5830280"
"id": "123456",
"enabled": true,
"username": "jqsmith",
"email": "[email protected]",
"rax-auth:defaultRegion":"DFW",
"rax-auth:phonePin":"914737",
"rax-auth:phonePinState": "ACTIVE",
"rax-auth:multiFactorEnabled":"true",
"rax-auth:multiFactorState":"ACTIVE",
"rax-auth:userMultiFactorEnforcementLevel":"OPTIONAL"
"rax-auth:passwordExpiration":"2018-02-09T13:39:53.685-06:00"
}
}
Update user information and password
POST /v2.0/users/{userId}
This operation updates the user information for the account associated with the specified user id. Before you submit the update request, use the Get user by id operation to verify that the user name, email account, and status associated with userId match the account you want to update.
Only include those user data elements that you wish to modify in the request body. For example, if you only need to update the user’s email, for don’t include the other body parameters like id, enabled, or rax-auth:domainId.
Note
- Users who hold the admin role can update users who hold the user role (
identity:default) or the admin role (identity:user-admin) for the same tenant.- Users with the
identity:user-adminoridentity:user-managerole can update user information for users within their domain and with theidentity:defaultrole- Administrators can change the default region for another user, but the new value must be one of the regions listed for a Cloud Compute endpoint in the service catalog.
- Only the
RAX-AUTH:contactIdattribute can be updated for a federated user.- The
RAX-AUTH:phonePinis only returned if the caller is updating their own user account and a Support PIN exists on the account.- Users with the
identity:user-manage-limitedcan update any sub-users’ email and enabled status within their domain.
This table shows the possible response codes for this operation:
| Response code | Name | Description |
|---|---|---|
| 200 | OK | The request has been fulfilled. The user has been updated. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 406 | Not Acceptable | The server cannot send data in a format requested. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | String (Required) | A valid authentication token. |
| {userId} | String (Required) | A user ID assigned by system when a user is added. |
This table shows the URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| {userId} | String (Required) | A user ID assigned by system when a user is created. |
This table shows the body parameters for the request:
| Name | Type | Description |
|---|---|---|
| user | Object | A user object that specifies the user account information. |
| user.username | String (Optional) | The name to assign to the user. |
| user.email | String (Optional) | Email address for the user account. |
| user.enabled | String (Optional) | Indicates whether the user is enabled (true) or disabled (false). Users cannot update the enabled status on their own account. |
| user.RAX-AUTH:defaultRegion | String (Optional) | The default region that the user is assigned to. Must be one of the regions available in the service catalog. |
| user.RAX-AUTH:phonePin | String (Optional) | Specify a new Support PIN for the user account. Ensure that the value specified meets the following criteria: * Use six numeric digits (such as 871694). A Support PIN cannot include more than three repeating numbers. (444 is OK, but 4444 is not.) A Support PIN cannot include more than three sequential numbers. (234 is OK, but 2345 is not.) |
| user.OS-KSADM:password | String (Optional) | Specify a new password for the user account. Ensure that the value specified meets the following criteria: * Password must be at least 8 characters in length, must contain at least one uppercase letter, one lowercase letter, and one numeric character. |
| user.RAX-AUTH:contactId | String (Optional) | The core contact ID. |
Example: Update user HTTP request header: XML
POST /v2.0/users/123456 HTTP/1.1
Host: identity.api.rackspacecloud.com
Accept: application/xml
Content-type: application/xml
X-Auth-Token: eaf8345057414cd397d0543123456789
Example: Update user HTTP request header: JSON
POST /v2.0/users/123456 HTTP/1.1
Host: identity.api.rackspacecloud.com
Accept: application/json
Content-type: application/json
X-Auth-Token: eaf8345057414cd397d0543123456789
Example: Update user request: XML
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns2="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
username="jqsmith"
enabled="true"
email="[email protected]"
RAX-AUTH:contactId="12345">
</user>
Example: Update user request: JSON
{
"user": {
"username": "jqsmith",
"email": "[email protected]",
"enabled": true,
"RAX-AUTH:contactId": "1234"
}
}
Example: Update user password HTTP request header: XML
POST /v2.0/users/123456 HTTP/1.1
Host: identity.api.rackspacecloud.com
Accept: application/xml
Content-type: application/xml
X-Auth-Token: eaf8345057414cd397d0543123456789
Example: Update user password HTTP request header: JSON
POST /v2.0/users/123456 HTTP/1.1
Host: identity.api.rackspacecloud.com
Accept: application/xml
Content-type: application/json
X-Auth-Token: eaf8345057414cd397d0543123456789
Example: Update user password request: XML
<user username="abc123"
ns1:password="ungu355ab13"
xmlns:ns1="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:ns2="http://docs.openstack.org/identity/api/v2.0" />
Example: Update user password request: JSON
{
"user": {
"username": "abc123",
"OS-KSADM:password":"ungu355ab13"
}
}
Response
Example: Update user information and password: XML response
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns2="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
id="123456" username="jqsmith"
enabled="true"
email="[email protected]"
RAX-AUTH:defaultRegion="DFW"
RAX-AUTH:domainId="5830280"
RAX-AUTH:phonePin="125897"
RAX-AUTH:contactId="1234"
RAX-AUTH:multiFactorEnabled="true" >
</user>
Example: Update user information and password: JSON response
{
"user": {
"id": "123456",
"username": "jqsmith",
"email": "[email protected]",
"enabled": true,
"RAX-AUTH:defaultRegion":"DFW",
"RAX-AUTH:domainId":"5830280",
"RAX-AUTH:phonePin":"136983",
"RAX-AUTH:multiFactorEnabled": true,
"RAX-AUTH:contactId":"1234"
}
}
Delete a user
DELETE /v2.0/users/{userId}
Rackspace Cloud account administrators (identity:user-admin) can use the Delete user operation to remove a user from a Rackspace Cloud account. Administrators can only delete user accounts that are assigned the user role (identity:default) with the same tenant id as the Administrator account.
To delete a user, specify the user ID in the request. If you know the user name but not id, use the List users operation to look up account information by name.
Note
- Users can always use this service to delete themselves with the exception of
identity:user-adminusers.- Users with the
identity:service-adminrole can delete users with theidentity:adminrole, users with theidentity:user-adminrole, and sub-users.- Users with the
identity:adminrole can delete users with theidentity:user-adminrole and sub-users.- Users with the
identity:user-adminandidentity:user-managerole can delete users within their domain and with theidentity:defaultrole.
Warning
Don’t delete the wrong user! Before submitting the Delete request, use the List users or Get user by id operation to review the user account information and confirm that you are working with the correct account.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 204 | No content | The server fulfilled the request but does not need to return a body. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header and URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid admin authentication token. |
| {userId} | URI String String (Required) | A user ID assigned by system when user is added. |
Example: Delete user HTTP request header: XML
DELETE /v2.0/users/123456 HTTP/1.1
Host: identity.api.rackspacecloud.com
Accept: application/xml
Content-type: application/xml
X-Auth-Token: eaf8345057414cd397d0543123456789
Example: Delete user HTTP request header: JSON
POST /v2.0/users/123456 HTTP/1.1
Host: identity.api.rackspacecloud.com
Accept: application/json
Content-type: application/json
X-Auth-Token: eaf8345057414cd397d0543123456789
This operation does not accept a request body.
Response
This operation does not return a response body.
Get accessible domains for user
POST /v2.0/users/{userId}/RAX-AUTH/domains
Use the get accessible domains for user operation to retrieve the list of domains a user has access to.
Note
- Users can always list their own accessible domains.
- Users with the
identity:service-adminrole can list accessible domains for users with theidentity:adminrole, users with theidentity:user-adminrole, and sub-users.- Users with the
identity:adminrole can list accessible domains for users with theidentity:user-adminrole and sub-users.- Users with the
identity:user-adminoridentity:user-managerole can list accessible domains for users within their domain and with theidentity:defaultrole.
Request
This table shows the header and URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid authentication token. |
| {userId} | URI String (Required) | A user ID assigned by system when user is added. |
Response
The following table shows the body parameters for the retrieve domains response:
| Name | Type | Description |
|---|---|---|
| RAX-AUTH:domains | Object (Required) | The collection of domains that the authenticated user has permission to view. |
| RAX-AUTH:domains.RAX-AUTH:domain | Object (Required) | An object that contains the domain configuration attribute settings. |
| RAX-AUTH:domain.id | String (Required) | The unique id for the domain. |
| RAX-AUTH:domain.sessionInactivityTimeout | String (Required) | Session inactivity timeout property used across all Rackspace UIs. |
| RAX-AUTH:domain.enabled | Boolean (Optional) | Indicates whether the domain is enabled. |
| RAX-AUTH:domain.description | String (Optional) | The domain description. |
| RAX-AUTH:domain.name | String (Optional) | The domain name. |
| RAX-AUTH:domain.rackspaceCustomerNumber | String (Optional) | The Rackspace customer number. |
| RAX-AUTH:domain.domainMultiFactorEnforcementLevel | String (Optional) | If present, this extended attribute specifies the multi-factor authentication enforcement policy that applies to accounts within the specified domain.REQUIRED - Users within the domain must use multi-factor authentication to access their account.OPTIONAL - Users have the option to authenticate using multi-factor authentication. |
Example: Get accessible domains for user: XML response
< HTTP/1.1 200 OK
< vary: Accept, Accept-Encoding, X-Auth-Token
< Content-Type: application/xml
< Content-Length: 824
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<rax-auth:domains
xmlns="[http://docs.openstack.org/identity/api/v2.0](<>)"
xmlns:rax-auth="[http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0](<>)"
xmlns:atom="[http://www.w3.org/2005/Atom](<>)"
xmlns:ns4="[http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0](<>)"
xmlns:rax-ksqa="[http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0](<>)"
xmlns:os-ksadm="[http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0](<>)"
xmlns:rax-kskey="[http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0](<>)"
xmlns:os-ksec2="[http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0](<>)"
xmlns:ns9="[http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0">](<>)
<rax-auth:domain sessionInactivityTimeout="PT15M" enabled="true" id="123" name="GCorp" rackspaceCustomerNumber="RCN-123-123-123">
<rax-auth:description>A very good customer\</rax-auth:description>
</rax-auth:domain>
</rax-auth:domains>
Example: Get accessible domains for user: JSON response
< HTTP/1.1 200 OK
< vary: Accept, Accept-Encoding, X-Auth-Token
< Content-Type: application/json
< Content-Length: 136
{
"RAX-AUTH:domains": [
{
"enabled": true,
"id": "123",
"name": "GCorp",
"description": "A very good customer",
"rackspaceCustomerNumber": "RCN-123-123-123"
}
]
}
Get user admin
GET /v2.0/users/{userId}/RAX-AUTH/admins
Account users with the identity:user-admin or identity:default role can use this operation to identify the administrator or point of contact for a user account if they have questions or need assistance regarding user or role management.
This request returns the following identifying information about the administrator: domain name, domain ID, email address, status, user ID and user name.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 200 | OK | The request succeeded. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header and URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid admin authentication token. |
| {userId} | URI String (Required) | The unique, system- generated user ID for an account. |
This operation does not accept a request body.
Response
Example: Get user admin response: XML
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<users xmlns="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns2="http://www.w3.org/2005/Atom"
xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0">
<user id="10022879"
username="JuserAdmin"
enabled="true"
display-name="JuserAdmin"
rax-auth:defaultRegion="USA"
rax-auth:domainId="5701091"/>
</users>
**Example: Get user admin response: JSON**
{
"users": [
{
"RAX-AUTH:defaultRegion": "",
"RAX-AUTH:domainId": "12345",
"email": "[email protected]",
"enabled":"true",
"id": "10022879",
"username": "JuserAdmin"
}
]
}
Add credential to user
POST /v2.0/users/{userId}/OS-KSADM/credentials
Note
This Add API-key credentials to a user operation is deprecated. Instead, use Reset API Key
Use this API operation to add a password credential to a user account.
To add a password, specify the user’s ID in the request. If you know the user’s name but not the user’s ID, use List users operation to find the ID.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 201 | Created | The request has been fulfilled. The credential has been added. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 415 | Bad Media Type | Bad media type. This may result if the wrong media type is used in the API request. Check the content-type and accept headers included in the request. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header and URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid admin authentication token. |
| {userId} | URI String (Required) | A user ID assigned by system when user is added. |
This operation does not accept a request body.
Example: Add credential to user: XML request
<?xml version="1.0" encoding="UTF-8"?>
<passwordCredentials xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://docs.openstack.org/identity/api/v2.0" username="test_user" password="resetpass"/>
Example: Add credential to user: JSON request
{
"passwordCredentials": {
"username": "test_user",
"password": "resetpass"
}
}
Response
Example: Add credential to user: JSON response
{
"passwordCredentials": {
"username": "test_user",
"password": "resetpass"
}
}
Example: Add credential to user: XML response
<?xml version="1.0" encoding="UTF-8"?>
<passwordCredentials xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://docs.openstack.org/identity/api/v2.0" username="test_user" password="resetpass"/>
Get user credentials
GET /v2.0/users/{userId}/OS-KSADM/credentials/RAX-KSKEY:apiKeyCredentials
Use this operation to list API key credentials for a specified user, include the user ID in the request. If you don’t know the ID, use the List users operation to find it.
Note
- Users can always use this service to retrieve API key credentials for themselves.
- Users with the
identity:service-adminrole can retrieve API key credentials for users with theidentity:adminrole, users with theidentity:user-adminrole, and sub-users.- Users with the
identity:adminrole can retrieve API key credentials for users with theidentity:user-adminrole and sub-users.- Users with the
identity:user-adminoridentity:user-managerole can retrieve API key credentials for users within their domain and with theidentity:defaultrole.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 200 | OK | The request completed successfully. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header and URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid admin authentication token. |
| {userId} | URI String (Required) | A user ID assigned by system when user is added. |
This operation does not accept a request body.
Example: List API key credentials: XML request header
GET /users/00001e59ccb741dfafbba59b58123456/OS-KSADM/credentials/RAX-KSKEY:apiKeyCredentials HTTP/1.1
Host: v2.0
Accept: application/xml
Content-type: application/xml
X-Auth-Token: AAA3IQ7zIvKbovOwFOyz4tZfOXy3O34UI12XUg8nusYS...
Example: List API key credentials: JSON request header
GET /users/00001e59ccb741dfafbba59b58123456/OS-KSADM/credentials HTTP/1.1
Host: v2.0
Accept: application/json
Content-type: application/json
X-Auth-Token: AAA3IQ7zIvKbovOwFOyz4tZfOXy3O34UI12XUg8nusYS...
Response
Example: Get user API key credentials: XML response
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<apiKeyCredentials
xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:ns2="http://www.w3.org/2005/Atom"
xmlns:ns3="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns:ns4="http://docs.openstack.org/identity/api/v2.0"
xmlns:ns5="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
xmlns:ns6="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
xmlns:ns7="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:ns8="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0" username="1406847123456" apiKey="cffeab0e6d0d472f84b5c20c70123456"/>
Example: Get user API key credentials: JSON response
{
"RAX-KSKEY:apiKeyCredentials": {
"username": "1406847123456",
"apiKey": "cffeab0e6d0d472f84b5c20c70123456"
}
}
Reset API key for user
POST /v2.0/users/{userId}/OS-KSADM/credentials/RAX-KSKEY:apiKeyCredentials/RAX-AUTH/reset
Use the Reset API Key operation to reset the API key on the specified user account.
Identity users and user administrators should routinely reset passwords and API keys to prevent unauthorized access to Rackspace Cloud accounts and services.
This reset operation returns the new API key for the user account. Unlike updating the password, the API key reset does not revoke existing tokens. Identity user administrators can use the Revoke Token operation to invalidate the token for a user.
Note
- Users can always use this service to reset the API key credentials for themselves.
- Users with the
identity:service-adminrole can reset API key credentials for users with theidentity:adminrole, users with theidentity:user-adminrole, and sub-users.- Users with the
identity:adminrole can reset API key credentials for users with theidentity:user-adminrole and sub-users.- Users with the
identity:user-adminandidentity:user-managerole can reset API key credentials for users within their domain and with theidentity:defaultrole.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 200 | OK | The request succeeded. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 413 | Over Limit | The number of items returned is above the allowed limit. |
| 415 | Bad Media Type | Bad media type. This may result if the wrong media type is used in the API request. Check the content-type and accept headers included in the request. |
| 503 | Service Fault | Service is not available. |
Request
This table shows the header and URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid admin authentication token. |
| {userId} | URI String String (Required) | A user ID assigned by system when user is added. |
This operation does not accept a request body.
Response
Example: Reset API key for user: XML response
<?xml version="1.0" encoding="UTF-8"?>
<apiKeyCredentials apiKey="aaaaa-bbbbb-ccccc-12345678"
username="jqsmith"
xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
xmlns:OS-KSADM="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:identity="http://docs.openstack.org/identity/api/v2.0"/>
Example: Reset API key for user: JSON response
{
"RAX-KSKEY:apiKeyCredentials": {
"username": "jqsmith",
"apiKey": "aaaaa-bbbbb-ccccc-12345678"
}
}
Forgot password
POST /v2.0/users/RAX-AUTH/forgot-pwd
Use the Forgot password operation to get a password reset token delivered to the email address associated with your account.
You can use the forgot password operation to reset the password through the Identity API or Rackspace Control Panel.
- To reset the password by using the API, submit the forgot password request without the portal attribute. After you submit the request, the user receives an email that contains a reset password token with directions to use it in the Reset password operation.
- To reset the password through the user interface, include the portal attribute in the forgot password API request. After you submit the request, the user receives an email that contains a link to the Rackspace user interface to change the password.
Note
- The reset token has a limited lifespan. If the reset operation fails, submit another forgot password request to generate a new token.
- An email is only sent if the username matches the existing user.
- Forgot password operation will always return 204.
- Resetting the password through the user interface is a restricted feature for Rackspace administrator and support users.
Request
This table shows the body parameters for the request:
| Name | Type | Description |
|---|---|---|
| RAX-AUTH:forgotPasswordCredentials | Object | Provides username and portal for forgot password. |
| RAX-AUTH:forgotPasswordCredentials.username | String (Required) | The user name of the Rackspace Cloud account. |
| RAX-AUTH:forgotPasswordCredentials.portal | String (Optional) | Authentication portal. This is a restricted value provided by Rackspace. |
Example: Forgot password: XML request
POST /v2.0/users/RAX-AUTH/forgot-pwd HTTP/1.1
Host: identity.api.rackspace.com
Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8"?>
<forgotPasswordCredentials username="billybob"
xmlns="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns:OS-KSADM="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:OS-KSCATALOG="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:identity="http://docs.openstack.org/identity/api/v2.0"/>
Example: Forgot password: JSON request
POST /v2.0/users/RAX-AUTH/forgot-pwd HTTP/1.1
Host: identity.api.rackspace.com
Content-Type: application/json
{
"RAX-AUTH:forgotPasswordCredentials": {
"username": "billybob"
}
}
Response
This table shows the possible response headers for this operation:
| Name | Type | Description |
|---|---|---|
| X-User-Name | Header | Value for name provided on operation |
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 204 | No Content | No Content |
Example: Forgot password: response
< HTTP/1.1 204 No Content
< Vary: Accept, Accept-Encoding, X-Auth-Token
< X-User-Name: billybob
< Content-Type: application/json
< Server: Jetty(6.1.25)
Reset password
POST /v2.0/users/RAX-AUTH/pwd-reset
Use the Reset Password operation to update user’s password.
Request
This table shows the header and URI parameters for the request:
| Name | Type | Description |
|---|---|---|
| X-Auth-Token | Header String (Required) | A valid password reset token. |
This table shows the body parameters for the request:
| Name | Type | Description |
|---|---|---|
| RAX-AUTH:passwordReset | Object | Provides password to be updated. |
| RAX-AUTH:passwordReset.password | String (Required) | New password for user. |
Example: Reset password: XML request
POST /v2.0/users/RAX-AUTH/pwd-reset HTTP/1.1
Host: identity.api.rackspacecloud.com
Content-Type: application/xml
X-Auth-Token: APU9ymNjSKJG21HVdiRdOg0rk2fqh7uQ1FafVDXo3SId6nMHjUkKSDacFwDLGCC9U_DKI6Lwzu-wMi3LIWT-bA24EdGYdycM3rKzAfVPiCCjigN315ZLJo5s2TmiGQTSW9b5H7euQjJ6KBTk5elT2l8HrPH-9rrBjw
<?xml version="1.0" encoding="UTF-8"?>
<passwordReset password="superSecurePassw0rd!"
xmlns="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
xmlns:OS-KSADM="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
xmlns:OS-KSCATALOG="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom" xmlns:identity="http://docs.openstack.org/identity/api/v2.0"/>
Example: Reset password: JSON request
POST /v2.0/users/RAX-AUTH/pwd-reset HTTP/1.1
Host: identity.api.rackspacecloud.com
Content-Type: application/json
X-Auth-Token: APU9ymNjSKJG21HVdiRdOg0rk2fqh7uQ1FafVDXo3SId6nMHjUkKSDacFwDLGCC9U_DKI6Lwzu-wMi3LIWT-bA24EdGYdycM3rKzAfVPiCCjigN315ZLJo5s2TmiGQTSW9b5H7euQjJ6KBTk5elT2l8HrPH-9rrBjw
{
"RAX-AUTH:passwordReset": {
"password": "superSecurePassw0rd!"
}
}
Response
This table shows the possible response headers for this operation:
| Name | Type | Description |
|---|---|---|
| X-User-Name | Header | Value for name provided on operation |
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 204 | No Content | No Content |
| 400 | Bad Request | Password provided does not meet minimum requirements. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the supplied token is determined to either not be issued by Rackspace or a Rackspace issued token that has been expired or revoked. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because the supplied token is a Rackspace issued token that is not expired or revoked, but is NOT a password reset token. |
| 404 | Not Found | The requested resource was not found. |
Example: Reset password: response
< HTTP/1.1 204 No Content
< Vary: Accept, Accept-Encoding, X-Auth-Token
< X-User-Name: billybob
< Content-Type: application/json
< Server: Jetty(6.1.25)
Change password
POST /v2.0/users/RAX-AUTH/change-pwd
This service is used to change a user account’s password without supplying an authentication token by including the current password instead. If a user’s domain uses a password policy to enforce password rotation and the accounts password has expired, the user must use this service to update the password to a new value.
Note
The new password must be different from the current password.
This table shows the possible response codes for this operation:
| Response Code | Name | Description |
|---|---|---|
| 204 | Updated | The request has been fulfilled. The account’s password was updated. |
| 400 | Bad Request | The request is missing one or more elements, or the values of some elements are invalid. |
| 401 | Unauthorized | You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid current password. |
| 403 | Forbidden | The request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access. |
| 404 | Not Found | The requested resource was not found. |
| 405 | Invalid Method | The method specified in the request is not valid for the resource identified in the request URI. |
| 413 | Over Limit | The number of items returned is above the allowed limit. 503, Service Fault, Service is not available. |
Request
This table shows the body parameters for the request:
| Name | Type | Description |
|---|---|---|
| RAX-AUTH:changePasswordCredentials | Object | The change password credentials object. |
| RAX-AUTH:changePasswordCredentials.username | String | The username of the user whose password is being changed. |
| RAX-AUTH:changePasswordCredentials.password | String | The current password of the user. |
| RAX-AUTH:changePasswordCredentials.newPassword | String | The new password to set on the user. |
Example: POST Method request: JSON
This example demonstrates updating the password of a user.
{
"RAX-AUTH:changePasswordCredentials": {
"username": "exampleUser",
"password":"Password1",
"newPassword":"Password2"
}
}
Example: POST Method request: XML
This example demonstrates updating the password of a user.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<rax:changePasswordCredentials
xmlns:rax="[http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0](<>)"
username="exampleUser"
password="Password1"
newPassword="Password2" />
Response
This operation does not return a response body.