Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

User management methods

The management API includes user management methods.

Before issuing a MAPI call, request and submit a CSRF token.

Generate S3 user credentials

You can generate new S3 user credentials for access to the bucket. The method user/generate_credentials returns a new secretKey-accessKey pair corresponding to the user associated with the OAuth token that was submitted. The creation of a new key pair invalidates any previous key pairs for the user. A user account cannot generate S3 credentials associated with a different user account.

HTTP request syntax (URI)
POST https://host_ip:9099/mapi/v1/s3/user/generate_credentials
Request structure

Not applicable.

Response structure

The response body is:

{
  "id": {
    "id": "uuid"
  },
  "secretKey": "key",
  "accessKey": "key"
}

Parameter

Type

Description

idUUID The ID of the user.
secretKeyStringThe secret key of the S3 credentials to access the bucket.
accessKeyStringThe access key of the S3 credentials to access the bucket.
Return codes

Status code

HTTP name

Description

200 OK The request was executed successfully.
401 Unauthorized Access was denied because credentials are not valid.
405 Method Not Allowed The specified HTTP method is not allowed for user data. Resend using POST.
Example

Request example:

POST https://10.10.24.195:9099/mapi/v1/s3/user/generate_credentials

JSON response:

{
  "id": {
    "id": "edded8d-99f1-43f4-88fa-0cd9032ef7bd"
  },
  "secretKey": "bff...",
  "accessKey": "TSPl8Pop..."
}

List users

You can retrieve a list of all users of the HCP for cloud scale system by user ID, display name, and realm. You can also filter the list to retrieve a subset.

HTTP request syntax (URI)
POST https://host_ip:9099/mapi/v1/user/list
Request structure

The request body is:

{
  "count": [nnnn],
  "startingFrom": ["uuid"],
  "nameFilter": ["match_string"]
}
ParameterRequiredType Description
count NoIntegerThe number of users to return. Up to 1000 users; default: 1000.
startingFromNoUUIDThe UUID to start from. Leave blank to start from the beginning of the list.
nameFilterNoStringA string used to filter the list to return only names that start with this string.
Response structure

The response body structure is:

[
  {
    "displayName": "",
    "id": "",
    "realmId": ""
  }
  .
  .
  .
]

Parameter

Type

Description

displayNameStringThe display name of the user.
idUUID The ID of the user.
realmIdStringThe realm of the user.
Return codes

Status code

HTTP name

Description

200 OK The request was executed successfully.
401 Unauthorized Access was denied because credentials are not valid.
405 Method Not Allowed The specified HTTP method is not allowed for user data. Resend using POST.
Example

Request example:

POST https://10.10.24.195:9099/mapi/v1/user/list

JSON request:

{
  "count": 1,
  "startingFrom": "3fa85f64-0810-1954-b3fc-2c963f66afa6",
  "nameFilter": ""
}

JSON response:

[
  {
    "displayName": "Zhang.Guo-Ming@company.com",
    "id": "3fa85f64-0810-1954-b3fc-2c963f66afa6"
    "realmId": "2d64d267-a23b-54c8-9be5-a3832faad4b2"
  }
]

List user buckets

You can retrieve a list of buckets owned by users of the HCP for cloud scale system by user ID and bucket name. You can also filter the list to retrieve a subset.

HTTP request syntax (URI)
POST https://host_ip:9099/mapi/v1/user/list_buckets
Request structure

The request body is:

{
  "id": "uuid",
  "count": [nnnn],
  "startingAfter": ["string"]
}
ParameterRequiredType Description
idYesUUIDThe ID of the user.
count NoIntegerThe number of buckets to return. Up to 1000 buckets; default: 1000.
startingAfterNoStringThe bucket name to start after alphabetically. Leave blank to start from the beginning of the list. Use this parameter to retrieve bucket lists in groups.
Response structure
NoteIf the user ID provided does not exist, the response is an empty list.

The response body structure is:

[
  {
    "bucketId": "",
    "bucketName": ""
  },
  .
  .
  .
]

Parameter

Type

Description

bucketIdUUIDThe UUID of the bucket.
bucketNameStringThe display name of the bucket.
Return codes

Status code

HTTP name

Description

200 OK The request was executed successfully.
400Bad RequestThe request is missing a valid parameter.
401 Unauthorized Access was denied because credentials are not valid.
405 Method Not Allowed The specified HTTP method is not allowed for user data. Resend using POST.
Example

Request example:

POST https://10.10.24.195:9099/mapi/v1/user/list_buckets

JSON request:

{
  "id": "3fa85f64-0810-1954-b3fc-2c963f66afa6",
  "count": 1,
  "startingAfter": "September"
}

JSON response:

[
  {
    "bucketId: "9b805cee-56aa-42a7-b89e-9087d6ade984",
    "bucketName": "October"
  }
]

Revoke OAuth user tokens

The method user/revoke_tokens revokes OAuth tokens belonging to a specific user. You can use the method /user/list to look up the ID of the user whose tokens you want to revoke.

HTTP request syntax (URI)
POST https://host_ip:9099/mapi/v1/user/revoke_tokens
Request structure

The request body is:

{
  "id": "uuid"
}
ParameterRequiredType Description
id YesUUIDThe UUID of the user whose OAuth credentials you are revoking.
Response structure

Not applicable.

Return codes

Status code

HTTP name

Description

200 OK The request was executed successfully.
400Bad RequestUser ID not valid.
401 Unauthorized Access was denied because credentials are not valid.
404Not FoundThe user ID was not found.
405 Method Not Allowed The specified HTTP method is not allowed for user data. Resend using POST.
Example

Request example:

POST https://10.10.24.195:9099/mapi/v1/user/revoke_tokens

JSON request:

{
    "id": "3fa85f64-1024-1954-b3fc-2c963f66afa6"
  }

Revoke S3 user credentials

The method user/revoke_credentials revokes all S3 credentials belonging to a specific user. Users can revoke their own S3 credentials. Users with appropriate permissions can revoke other users' S3 credentials. You can use the method /user/list to look up the ID of the user whose credentials you want to revoke.

HTTP request syntax (URI)
POST https://host_ip:9099/mapi/v1/user/revoke_credentials
Request structure

The request body is:

{
  "id": "uuid"
}
ParameterRequiredType Description
id YesUUIDThe UUID of the user whose S3 credentials you are revoking.
Response structure

The response body is:

{
  "id": {
    "id": "uuid"
  },
  "secretKey": "key",
  "accessKey": "key"
}

Parameter

Type

Description

idUUID The ID of the user.
secretKeyStringThe secret key of the S3 credentials.
accessKeyStringThe access key of the S3 credentials.
Return codes

Status code

HTTP name

Description

200 OK The request was executed successfully.
400Bad RequestUser ID is not valid.
401 Unauthorized Access was denied because credentials are not valid.
404Not FoundThe user ID was not found.
405 Method Not Allowed The specified HTTP method is not allowed for user data. Resend using POST.
Example

Request example:

POST https://10.10.24.195:9099/mapi/v1/user/revoke_credentials

JSON request:

{
    "id": "3fa85f64-1024-1954-b3fc-2c963f66afa6"
  }

JSON response:

{
  "id": {
    "id": "3fa85f64-1024-1954-b3fc-2c963f66afa6"
  },
  "secretKey": "bff...",
  "accessKey": "TSPl8Pop..."
}

 

  • Was this article helpful?