Token management
Tokens are used for authentication.
Generating a security token
Use this procedure to generate a security token.
Before you begin
-
Prepare your client to make REST calls.
- Add a new header with the following keys:
- Authorization: set the value for this key as the user name and password.
- Content-Type: set the value for this key as application/json
Procedure
Log in to Hitachi Ops Center Administrator.
In the same browser window, log in to the REST API client.
Enter the following to generate the security token:
POST https://ipAddress/v1/security/tokens username <sysadmin> password <sysadmin>
The system responds with the security token that you need to access the REST API.From the returned response headers, copy the value of X-Auth-Token.
Create a new header with the key X-Auth-Token, and set the value to <copied X-Auth-Token value>. The generated token is used in successive REST API calls by adding X-Auth-Token in the header of the REST API and setting the value to <copied X-Auth-Token value>, which is the generated value from the preceding POST call.
Getting a token
You can get a security token. If not used, the token expires in 1200 seconds, if it is used for a REST call the expiry timer resets. A new token must be acquired after the current one expires.
GET https://ipAddress/v1/security/tokens
The token is passed back in the header.
Not applicable.
{ "token":{ "issuedAt":"", "expiresAt":"", "tenantId":"", "user":{ "name":"", "domain":, "roles":[ { "name":"" }, ], "providerId":"" }, "_links":{ "self":{ "href":"" } } } }
Parameter |
Type |
Description |
issuedAt | String | Date the token was issued. |
expiresAt | String | Date the token expires. |
tenantId | Integer | ID number of the service catalog with services activated for the user. Default is 0 for all services. |
name | String | The user name that is being used to access the domain. |
domain | String | The name or address of the domain. |
roles | String | Roles determine what a user can and cannot do. The security administrator assigns users specific roles. |
providerId | Integer | ID of the authentication provider. |
Status code | HTTP name | Description |
200 | OK | Success. |
204 | No content | The request was successful, but the response does not exist. |
400 | Bad request | Required HTTP header was not specified. |
401 | Unauthorized | The operation is not authorized. |
403 | Forbidden | The server failed to authenticate the request. |
404 | Not found | The specified resource ID is not valid or the resource does not exist. |
412 | Precondition failed | The server does not meet one of the preconditions that the requester put in the request. |
503 | Service unavailable | The server is currently unable to receive requests. Retry your request. |
504 | Gateway timeout | The request timed out waiting for a response. The Ops Center Administrator is not able to connect to the node. |
GET https: //172.17.64.116/v1/security/tokens
{ "token": { "issuedAt": "2018-02-05T20:44:37Z", "expiresAt": "2018-02-05T21:06:05Z", "tenantId": "0", "user": { "name": "sysadmin", "domain": null, "roles": [ { "name": "ROLE_SYSTEM_ADMIN" }, { "name": "ROLE_SECURITY_ADMIN" }, { "name": "ROLE_STORAGE_ADMIN" } ], "providerId": "57503d78-3294-44c6-8c8a-08edd38a08be" }, "_links": { "self": { "href": "https://172.17.64.111:80/v1/tokens" } } } }
Creating a token
You can create a security token. The expiration time for the generated token is 1200 seconds.
POST https://ipAddress/v1/security/tokens
The token is generated and passed back in the header.
Not applicable.
{ "token": { "issuedAt": "", "expiresAt": "", "tenantId": "", "user": { "name": "", "domain": , "roles": [ { "name": "" }, { "name": "" }, { "name": "" } ], "providerId": "" }, "_links": { "self": { "href": "" } } } }
Parameter |
Type |
Description |
issuedAt | String | Date the token was issued. |
expiresAt | String | Date the token expires. |
tenantId | Integer | ID number of the service catalog with services activated for the user. Default is 0 for all services. |
name | String | The user name that is being used to access the domain. |
domain | String | The name or address of the domain. |
roles | String | Roles determine what a user can and cannot do. The security administrator assigns users specific roles. |
providerId | Integer | ID of the authentication provider. |
Status code | HTTP name | Description |
200 | OK | Success. |
204 | No content | The request was successful, but the response does not exist. |
400 | Bad request | Required HTTP header was not specified. |
401 | Unauthorized | The operation is not authorized. |
403 | Forbidden | The server failed to authenticate the request. |
404 | Not found | The specified resource ID is not valid or the resource does not exist. |
409 | Conflict | The specified resource type does not match the existing resource type. |
412 | Precondition failed | The server does not meet one of the preconditions that the requester put in the request. |
503 | Service unavailable | The server is currently unable to receive requests. Retry your request. |
504 | Gateway timeout | The request timed out waiting for a response. The Ops Center Administrator is not able to connect to the node. |
POST https: //172.17.64.116/v1/security/tokens
{ "token": { "issuedAt": "2018-02-05T21:10:46Z", "expiresAt": "2018-02-05T21:30:46Z", "tenantId": "0", "user": { "name": "sysadmin", "domain": null, "roles": [ { "name": "ROLE_SYSTEM_ADMIN" }, { "name": "ROLE_SECURITY_ADMIN" }, { "name": "ROLE_STORAGE_ADMIN" } ], "providerId": "57503d78-3294-44c6-8c8a-08edd38a08be" }, "_links": { "self": { "href": "https://172.17.64.111:80/v1/tokens" } } } }
Deleting a token
You can delete a security token before it expires.
DELETE https://ipAddress/v1/security/tokens
Not applicable.
Not applicable.
Status code | HTTP name | Description |
200 | OK | Success. |
204 | No content | The request was successful, but the response does not exist. |
400 | Bad request | Required HTTP header was not specified. |
401 | Unauthorized | The operation is not authorized. |
403 | Forbidden | The server failed to authenticate the request. |
404 | Not found | The specified resource ID is not valid or the resource does not exist. |
409 | Conflict | The specified resource type does not match the existing resource type. |
412 | Precondition failed | The server does not meet one of the preconditions that the requester put in the request. |
503 | Service unavailable | The server is currently unable to receive requests. Retry your request. |
504 | Gateway timeout | The request timed out waiting for a response. The Ops Center Administrator is not able to connect to the node. |