User management methods
The management API includes user management methods.
Generate S3 user credentials
You can generate new S3 user credentials for access to the bucket. This endpoint returns a new secretKey-accessKey pair corresponding to the user associated with the OAuth token that was submitted. The creation of a new key pair invalidates any previous key pairs for the user. A user account cannot generate S3 credentials associated with a different user account.
POST https://host_ip:9099/mapi/v1/s3/user/generate_credentials
Not applicable.
The response body is:
{ "id": { "id": "uuid" }, "secretKey": "key", "accessKey": "key" }
Parameter |
Type |
Description |
id | UUID | The ID of the user. |
secretKey | String | The secret key of the S3 credentials to access the bucket. |
accessKey | String | The access key of the S3 credentials to access the bucket. |
Status code |
HTTP name |
Description |
200 | OK | The request was executed successfully. |
401 | Unauthorized | Access was denied because credentials are not valid. |
405 | Method Not Allowed | The specified HTTP method is not allowed for user data. Resend using POST. |
Request example:
POST https://10.10.24.195:9099/mapi/v1/s3/user/generate_credentials
JSON response:
{ "id": { "id": "edded8d-99f1-43f4-88fa-0cd9032ef7bd" }, "secretKey": "bff...", "accessKey": "TSPl8Pop..." }
List users
You can retrieve a list of all users of the HCP for cloud scale system by user ID, display name, and realm. You can also filter the list to retrieve a subset.
POST https://host_ip:9099/mapi/v1/user/list
The request body is:
{ "count": [nnnn], "startingFrom": ["uuid"], "nameFilter": ["match_string"] }
Parameter | Required | Type | Description |
count | No | Integer | The number of users to return. Up to 1000 users; default: 1000. |
startingFrom | No | UUID | The UUID to start from. Leave blank to start from the beginning of the list. |
nameFilter | No | String | A string used to filter the list to return only names that start with this string. |
The response body structure is:
[ { "displayName": "", "id": "", "realmId": "" } . . . ]
Parameter |
Type |
Description |
displayName | String | The display name of the user. |
id | UUID | The ID of the user. |
realmId | String | The realm of the user. |
Status code |
HTTP name |
Description |
200 | OK | The request was executed successfully. |
401 | Unauthorized | Access was denied because credentials are not valid. |
405 | Method Not Allowed | The specified HTTP method is not allowed for user data. Resend using POST. |
Request example:
POST https://10.10.24.195:9099/mapi/v1/user/list
JSON request:
{ "count": 1, "startingFrom": "3fa85f64-0810-1954-b3fc-2c963f66afa6", "nameFilter": "" }
JSON response:
[ { "displayName": "Zhang.Guo-Ming@company.com", "id": "3fa85f64-0810-1954-b3fc-2c963f66afa6" "realmId": "2d64d267-a23b-54c8-9be5-a3832faad4b2" } ]
List user buckets
You can retrieve a list of buckets owned by users of the HCP for cloud scale system by user ID and bucket name. You can also filter the list to retrieve a subset.
POST https://host_ip:9099/mapi/v1/user/list_buckets
The request body is:
{ "id": "uuid", "count": [nnnn], "startingAfter": ["string"] }
Parameter | Required | Type | Description |
id | Yes | UUID | The ID of the user. |
count | No | Integer | The number of buckets to return. Up to 1000 buckets; default: 1000. |
startingAfter | No | String | The bucket name to start after alphabetically. Leave blank to start from the beginning of the list. Use this parameter to retrieve bucket lists in groups. |
The response body structure is:
[ { "bucketId": "", "bucketName": "" }, . . . ]
Parameter |
Type |
Description |
bucketId | UUID | The UUID of the bucket. |
bucketName | String | The display name of the bucket. |
Status code |
HTTP name |
Description |
200 | OK | The request was executed successfully. |
400 | Bad Request | The request is missing a valid parameter. |
401 | Unauthorized | Access was denied because credentials are not valid. |
405 | Method Not Allowed | The specified HTTP method is not allowed for user data. Resend using POST. |
Request example:
POST https://10.10.24.195:9099/mapi/v1/user/list_buckets
JSON request:
{ "id": "3fa85f64-0810-1954-b3fc-2c963f66afa6", "count": 1, "startingAfter": "September" }
JSON response:
[ { "bucketId: "9b805cee-56aa-42a7-b89e-9087d6ade984", "bucketName": "October" } ]
Revoke OAuth user tokens
You can revoke OAuth tokens belonging to a specific user. You can use the endpoint /user/list
to look up the ID of the user whose tokens you want to revoke.
POST https://host_ip:9099/mapi/v1/user/revoke_tokens
The request body is:
{ "id": "uuid" }
Parameter | Required | Type | Description |
id | Yes | UUID | The UUID of the user whose OAuth credentials you are revoking. |
Not applicable.
Status code |
HTTP name |
Description |
200 | OK | The request was executed successfully. |
400 | Bad Request | User ID not valid. |
401 | Unauthorized | Access was denied because credentials are not valid. |
404 | Not Found | The user ID was not found. |
405 | Method Not Allowed | The specified HTTP method is not allowed for user data. Resend using POST. |
Request example:
POST https://10.10.24.195:9099/mapi/v1/user/revoke_tokens
JSON request:
{ "id": "3fa85f64-1024-1954-b3fc-2c963f66afa6" }
Revoke S3 user credentials
You can revoke all S3 credentials belonging to a specific user. Users can revoke their own S3 credentials. Users with appropriate permissions can revoke other users' S3 credentials. You can use the endpoint /user/list
to look up the ID of the user whose credentials you want to revoke.
POST https://host_ip:9099/mapi/v1/user/revoke_credentials
The request body is:
{ "id": "uuid" }
Parameter | Required | Type | Description |
id | Yes | UUID | The UUID of the user whose S3 credentials you are revoking. |
The response body is:
{ "id": { "id": "uuid" }, "secretKey": "key", "accessKey": "key" }
Parameter |
Type |
Description |
id | UUID | The ID of the user. |
secretKey | String | The secret key of the S3 credentials. |
accessKey | String | The access key of the S3 credentials. |
Status code |
HTTP name |
Description |
200 | OK | The request was executed successfully. |
400 | Bad Request | User ID is not valid. |
401 | Unauthorized | Access was denied because credentials are not valid. |
404 | Not Found | The user ID was not found. |
405 | Method Not Allowed | The specified HTTP method is not allowed for user data. Resend using POST. |
Request example:
POST https://10.10.24.195:9099/mapi/v1/user/revoke_credentials
JSON request:
{ "id": "3fa85f64-1024-1954-b3fc-2c963f66afa6" }
JSON response:
{ "id": { "id": "3fa85f64-1024-1954-b3fc-2c963f66afa6" }, "secretKey": "bff...", "accessKey": "TSPl8Pop..." }