Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Token management

Tokens are used for authentication.

Generating a security token

Use this procedure to generate a security token.

A security token is required to access the REST API.

Before you begin

  • Prepare your client to make REST calls.

  • Add a new header with the following keys:
    • Authorization: set the value for this key as the user name and password.
    • Content-Type: set the value for this key as application/json

Procedure

  1. Log in to Hitachi Ops Center Administrator.

  2. In the same browser window, log in to the REST API client.

  3. Enter the following to generate the security token:

    POST https://ipAddress/v1/security/tokens
    username <sysadmin>
    password <sysadmin>
    
    The system responds with the security token that you need to access the REST API.
  4. From the returned response headers, copy the value of X-Auth-Token.

  5. Create a new header with the key X-Auth-Token, and set the value to <copied X-Auth-Token value>. The generated token is used in successive REST API calls by adding X-Auth-Token in the header of the REST API and setting the value to <copied X-Auth-Token value>, which is the generated value from the preceding POST call.

Getting a token

You can get a security token. If not used, the token expires in 1200 seconds, if it is used for a REST call the expiry timer resets. A new token must be acquired after the current one expires.

HTTP request syntax (URI)
GET https://ipAddress/v1/security/tokens

The token is passed back in the header.

Request structure

Not applicable.

Response structure
{
     "token":{
          "issuedAt":"",
          "expiresAt":"",
          "tenantId":"",
          "user":{
               "name":"",
               "domain":,
               "roles":[
                    {
                         "name":""
                    },
               ],
               "providerId":""
         },
         "_links":{
              "self":{
                   "href":""
              }
         }
     }
}

Parameter

Type

Description

issuedAt String Date the token was issued.
expiresAt String Date the token expires.
tenantId Integer ID number of the service catalog with services activated for the user. Default is 0 for all services.
name String The user name that is being used to access the domain.
domain String The name or address of the domain.
roles String Roles determine what a user can and cannot do. The security administrator assigns users specific roles.
providerId Integer ID of the authentication provider.
Return codes
Status code HTTP name Description
200 OK Success.
204 No content The request was successful, but the response does not exist.
400 Bad request Required HTTP header was not specified.
401 Unauthorized The operation is not authorized.
403 Forbidden The server failed to authenticate the request.
404 Not found The specified resource ID is not valid or the resource does not exist.
412 Precondition failed The server does not meet one of the preconditions that the requester put in the request.
503 Service unavailable The server is currently unable to receive requests. Retry your request.
504 Gateway timeout The request timed out waiting for a response. The Ops Center Administrator is not able to connect to the node.
Request example
GET https: //172.17.64.116/v1/security/tokens
Response example
{
    "token": {
        "issuedAt": "2018-02-05T20:44:37Z",
        "expiresAt": "2018-02-05T21:06:05Z",
        "tenantId": "0",
        "user": {
        "name": "sysadmin",
            "domain": null,
            "roles": [
                {
                    "name": "ROLE_SYSTEM_ADMIN"
                },
                {
                    "name": "ROLE_SECURITY_ADMIN"
                },
                {
                    "name": "ROLE_STORAGE_ADMIN"
                }
            ],
            "providerId": "57503d78-3294-44c6-8c8a-08edd38a08be"
        },
        "_links": {
            "self": {
                "href": "https://172.17.64.111:80/v1/tokens"
            }
        }
    }
}

Creating a token

You can create a security token. The expiration time for the generated token is 1200 seconds.

HTTP request syntax (URI)
POST https://ipAddress/v1/security/tokens

The token is generated and passed back in the header.

Request structure

Not applicable.

Response structure
{
    "token": {
        "issuedAt": "",
        "expiresAt": "",
        "tenantId": "",
        "user": {
            "name": "",
            "domain": ,
            "roles": [
                {
                    "name": ""
                },
                {
                    "name": ""
                },
                {
                    "name": ""
                }
            ],
            "providerId": ""
        },
        "_links": {
            "self": {
                "href": ""
            }
        }
    }
}

Parameter

Type

Description

issuedAt String Date the token was issued.
expiresAt String Date the token expires.
tenantId Integer ID number of the service catalog with services activated for the user. Default is 0 for all services.
name String The user name that is being used to access the domain.
domain String The name or address of the domain.
roles String Roles determine what a user can and cannot do. The security administrator assigns users specific roles.
providerId Integer ID of the authentication provider.
Return codes
Status code HTTP name Description
200 OK Success.
204 No content The request was successful, but the response does not exist.
400 Bad request Required HTTP header was not specified.
401 Unauthorized The operation is not authorized.
403 Forbidden The server failed to authenticate the request.
404 Not found The specified resource ID is not valid or the resource does not exist.
409 Conflict The specified resource type does not match the existing resource type.
412 Precondition failed The server does not meet one of the preconditions that the requester put in the request.
503 Service unavailable The server is currently unable to receive requests. Retry your request.
504 Gateway timeout The request timed out waiting for a response. The Ops Center Administrator is not able to connect to the node.
Request example
POST https: //172.17.64.116/v1/security/tokens
Response example
{
    "token": {
        "issuedAt": "2018-02-05T21:10:46Z",
        "expiresAt": "2018-02-05T21:30:46Z",
        "tenantId": "0",
        "user": {
        "name": "sysadmin",
            "domain": null,
            "roles": [
                {
                    "name": "ROLE_SYSTEM_ADMIN"
                },
                {
                    "name": "ROLE_SECURITY_ADMIN"
                },
                {
                    "name": "ROLE_STORAGE_ADMIN"
                }
            ],
            "providerId": "57503d78-3294-44c6-8c8a-08edd38a08be"
        },
        "_links": {
            "self": {
                "href": "https://172.17.64.111:80/v1/tokens"
            }
        }
    }
}

Deleting a token

You can delete a security token before it expires.

HTTP request syntax (URI)
DELETE https://ipAddress/v1/security/tokens
Request structure

Not applicable.

Response structure

Not applicable.

Return codes
Status code HTTP name Description
200 OK Success.
204 No content The request was successful, but the response does not exist.
400 Bad request Required HTTP header was not specified.
401 Unauthorized The operation is not authorized.
403 Forbidden The server failed to authenticate the request.
404 Not found The specified resource ID is not valid or the resource does not exist.
409 Conflict The specified resource type does not match the existing resource type.
412 Precondition failed The server does not meet one of the preconditions that the requester put in the request.
503 Service unavailable The server is currently unable to receive requests. Retry your request.
504 Gateway timeout The request timed out waiting for a response. The Ops Center Administrator is not able to connect to the node.