• Relational Database Service

rds
  1. Help Center
  2. Relational Database Service
  3. API Reference
  4. Preparations
  5. Obtaining Request Authentication
  6. Token Authentication

Token Authentication

Application Scenarios

If you use a token for authentication, you must obtain the user's token and add X-Auth-Token to the request message header of the service API when making an API call.

This section describes how to make an API call for token authentication.

Invoking an API

  1. Send a POST https://IAM Endpoint/v3/auth/tokens request.

    To obtain the IAM endpoint and region name in the message body, see Regions and Endpoints.

    Table 1 Header description

    Name

    Description

    Mandatory

    Example

    Content-Type

    Specifies the MIME type of the request body.

    Yes

    application/json

    An example request message is as follows:
    NOTE:

    Replace the items in italic in the following example with actual values. For details, see the Identity and Access Management API Reference.

    {
        "auth": {
            "identity": {
                "methods": [
                    "password"
                ],
                "password": {
                    "user": {
                        "name": "username",
                        "password": "password",
                        "domain": {
                            "name": "domainname"
                        }
                    }
                }
            },
            "scope": {
                "project": {
                   "name": "regioncode"
                 }
            }
        }
    }
    NOTE:

    To obtain the regioncode in the request body, see Regions and Endpoints.

  2. Obtain the token. For details, see section "Obtaining the User Token" in the Identity and Access Management API Reference. After the request is processed, the value of X-Subject-Token in the message header is the token value.
  3. Obtain project_id (required by some URIs) from the corresponding token structure. An example of the corresponding token structure is as follows:
    {
        "token": {
            "expires_at": "2016-06-24T07:42:43.907000Z",
            "issued_at": "2016-06-23T07:42:43.907000Z",
            "methods": [
                "password"
            ],
            "project": {
                "name": "projectname",
                "id": "project_id",
                "domain": {
                    "name": "domainname",
                    "id": "domainid",
                    "xdomain_type": "xdomaintype",
                    "xdomain_id": "xdomainid"
                }
            },
            "user": {
                "domain": {
                    "name": "domainname",
                    "id": "domainid",
                    "xdomain_type": "xdomaintype",
                    "xdomain_id": "xdomainid"
                },
                "id": "userid",
                "name": "username"
            },
            "catalog": [],
            "roles": [
                {
                    "name": "rolesname1",
                    "id": "rolesid1"
                },
                {
                    "id": "rolesid2",
                    "name": "rolesname2"
                }
            ]
        }
    }
  4. Make a call to a service API, add X-Auth-Token to the message header, and set the value of X-Auth-Token to the token obtained in step 2.