Lists information about all Identity API versions. { "versions": { "values": [ { "id": "v3.4", "links": [ { "href": "http://localhost:35357/v3/", "rel": "self" } ], "media-types": [ { "base": "application/json", "type": "application/vnd.openstack.identity-v3+json" } ], "status": "stable", "updated": "2015-03-30T00:00:00Z" }, { "id": "v2.0", "links": [ { "href": "http://localhost:35357/v2.0/", "rel": "self" }, { "href": "http://docs.openstack.org/", "rel": "describedby", "type": "text/html" } ], "media-types": [ { "base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json" } ], "status": "stable", "updated": "2014-04-17T00:00:00Z" } ] } } Shows details for the Identity API v2.0. { "version": { "status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [ { "base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json" } ], "id": "v2.0", "links": [ { "href": "http://localhost:5000/v2.0/", "rel": "self" }, { "href": "http://docs.openstack.org/", "rel": "describedby", "type": "text/html" } ] } } Lists supported extensions. Lists available extensions. { "extensions": { "values": [ { "updated": "2013-07-07T12:00:0-00:00", "name": "OpenStack S3 API", "links": [ { "href": "https://github.com/openstack/identity-api", "type": "text/html", "rel": "describedby" } ], "namespace": "http://docs.openstack.org/identity/api/ext/s3tokens/v1.0", "alias": "s3tokens", "description": "OpenStack S3 API." }, { "updated": "2013-07-23T12:00:0-00:00", "name": "OpenStack Keystone Endpoint Filter API", "links": [ { "href": "https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-ep-filter-ext.md", "type": "text/html", "rel": "describedby" } ], "namespace": "http://docs.openstack.org/identity/api/ext/OS-EP-FILTER/v1.0", "alias": "OS-EP-FILTER", "description": "OpenStack Keystone Endpoint Filter API." }, { "updated": "2013-12-17T12:00:0-00:00", "name": "OpenStack Federation APIs", "links": [ { "href": "https://github.com/openstack/identity-api", "type": "text/html", "rel": "describedby" } ], "namespace": "http://docs.openstack.org/identity/api/ext/OS-FEDERATION/v1.0", "alias": "OS-FEDERATION", "description": "OpenStack Identity Providers Mechanism." }, { "updated": "2013-07-11T17:14:00-00:00", "name": "OpenStack Keystone Admin", "links": [ { "href": "https://github.com/openstack/identity-api", "type": "text/html", "rel": "describedby" } ], "namespace": "http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0", "alias": "OS-KSADM", "description": "OpenStack extensions to Keystone v2.0 API enabling Administrative Operations." }, { "updated": "2014-01-20T12:00:0-00:00", "name": "OpenStack Simple Certificate API", "links": [ { "href": "https://github.com/openstack/identity-api", "type": "text/html", "rel": "describedby" } ], "namespace": "http://docs.openstack.org/identity/api/ext/OS-SIMPLE-CERT/v1.0", "alias": "OS-SIMPLE-CERT", "description": "OpenStack simple certificate retrieval extension" }, { "updated": "2013-07-07T12:00:0-00:00", "name": "OpenStack EC2 API", "links": [ { "href": "https://github.com/openstack/identity-api", "type": "text/html", "rel": "describedby" } ], "namespace": "http://docs.openstack.org/identity/api/ext/OS-EC2/v1.0", "alias": "OS-EC2", "description": "OpenStack EC2 Credentials backend." } ] } } The extension name. Shows details for an extension. Specify the extension alias in the URI. { "extension": { "updated": "2013-07-07T12:00:0-00:00", "name": "OpenStack S3 API", "links": [ { "href": "https://github.com/openstack/identity-api", "type": "text/html", "rel": "describedby" } ], "namespace": "http://docs.openstack.org/identity/api/ext/s3tokens/v1.0", "alias": "s3tokens", "description": "OpenStack S3 API." } } Authenticates and generates a token. The Identity API is a RESTful web service. It is the entry point to all service APIs. To access the Identity API, you must know its URL. Each REST request against Identity requires the X-Auth-Token header. Clients obtain this token, along with the URL to other service APIs, by first authenticating against Identity with valid credentials. To authenticate, you must provide either a user ID and password or a token. If the authentication token has expired, this call returns the HTTP 401 status code. If the token has expired, this call returns the HTTP 404 status code. The Identity API treats expired tokens as no longer valid tokens. The deployment determines how long expired tokens are stored. To view the trust object, you need to set trust enable on the keystone configuration. { "auth": { "tenantId": "demo", "passwordCredentials": { "userId": "demo", "password": "secretsecret" } } } The tenant name. Both the tenantId and tenantName attributes are optional and mutually exclusive. If you specify both attributes, the server returns the Bad Request (400) response code. The tenant ID. Both the tenantId and tenantName attributes are optional and mutually exclusive. If you specify both attributes, the server returns the Bad Request (400) response code. A passwordCredentials object. To authenticate, you must provide either a user ID and password or a token. The user name. Required if you include the passwordCredentials object. Otherwise, you must provide a token. The password of the user. Required if you include the passwordCredentials object. Otherwise, you must provide a token. A token object. Required if you do not provide a password credential. The token ID. This field is required in the token object. { "auth": { "tenantName": "demo", "token": { "id": "cbc36478b0bd8e67e89469c7749d4127" } } } { "access": { "token": { "issued_at": "2014-01-30T15:30:58.819584", "expires": "2014-01-31T15:30:58Z", "id": "aaaaa-bbbbb-ccccc-dddd", "tenant": { "description": null, "enabled": true, "id": "fc394f2ab2df4114bde39905f800dc57", "name": "demo" } }, "serviceCatalog": [ { "endpoints": [ { "adminURL": "http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57", "region": "RegionOne", "internalURL": "http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57", "id": "2dad48f09e2a447a9bf852bcd93548ef", "publicURL": "http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57" } ], "endpoints_links": [], "type": "compute", "name": "nova" }, { "endpoints": [ { "adminURL": "http://23.253.72.207:9696/", "region": "RegionOne", "internalURL": "http://23.253.72.207:9696/", "id": "97c526db8d7a4c88bbb8d68db1bdcdb8", "publicURL": "http://23.253.72.207:9696/" } ], "endpoints_links": [], "type": "network", "name": "neutron" }, { "endpoints": [ { "adminURL": "http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57", "region": "RegionOne", "internalURL": "http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57", "id": "93f86dfcbba143a39a33d0c2cd424870", "publicURL": "http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57" } ], "endpoints_links": [], "type": "volumev2", "name": "cinder" }, { "endpoints": [ { "adminURL": "http://23.253.72.207:8774/v3", "region": "RegionOne", "internalURL": "http://23.253.72.207:8774/v3", "id": "3eb274b12b1d47b2abc536038d87339e", "publicURL": "http://23.253.72.207:8774/v3" } ], "endpoints_links": [], "type": "computev3", "name": "nova" }, { "endpoints": [ { "adminURL": "http://23.253.72.207:3333", "region": "RegionOne", "internalURL": "http://23.253.72.207:3333", "id": "957f1e54afc64d33a62099faa5e980a2", "publicURL": "http://23.253.72.207:3333" } ], "endpoints_links": [], "type": "s3", "name": "s3" }, { "endpoints": [ { "adminURL": "http://23.253.72.207:9292", "region": "RegionOne", "internalURL": "http://23.253.72.207:9292", "id": "27d5749f36864c7d96bebf84a5ec9767", "publicURL": "http://23.253.72.207:9292" } ], "endpoints_links": [], "type": "image", "name": "glance" }, { "endpoints": [ { "adminURL": "http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57", "region": "RegionOne", "internalURL": "http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57", "id": "37c83a2157f944f1972e74658aa0b139", "publicURL": "http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57" } ], "endpoints_links": [], "type": "volume", "name": "cinder" }, { "endpoints": [ { "adminURL": "http://23.253.72.207:8773/services/Admin", "region": "RegionOne", "internalURL": "http://23.253.72.207:8773/services/Cloud", "id": "289b59289d6048e2912b327e5d3240ca", "publicURL": "http://23.253.72.207:8773/services/Cloud" } ], "endpoints_links": [], "type": "ec2", "name": "ec2" }, { "endpoints": [ { "adminURL": "http://23.253.72.207:8080", "region": "RegionOne", "internalURL": "http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57", "id": "16b76b5e5b7d48039a6e4cc3129545f3", "publicURL": "http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57" } ], "endpoints_links": [], "type": "object-store", "name": "swift" }, { "endpoints": [ { "adminURL": "http://23.253.72.207:35357/v2.0", "region": "RegionOne", "internalURL": "http://23.253.72.207:5000/v2.0", "id": "26af053673df4ef3a2340c4239e21ea2", "publicURL": "http://23.253.72.207:5000/v2.0" } ], "endpoints_links": [], "type": "identity", "name": "keystone" } ], "user": { "username": "demo", "roles_links": [], "id": "9a6590b2ab024747bc2167c4e064d00d", "roles": [ { "name": "Member" }, { "name": "anotherrole" } ], "name": "demo" }, "metadata": { "is_admin": 0, "roles": [ "7598ac3c634d4c3da4b9126a5f67ca2b", "f95c0ab82d6045d9805033ee1fbc80d4" ] }, "trust": { "id": "394998fa61f14736b1f0c1f322882949", "trustee_user_id": "269348fdd9374b8885da1418e0730af1", "trustor_user_id": "3ec3164f750146be97f21559ee4d9c51", "impersonation": false } } } An access object. A token object. The date and time when the token was issued. The date and time stamp format is ISO 8601: CCYY-MM-DDThh:mm:ss±hh:mm For example, 2015-08-27T09:49:58-05:00. The ±hh:mm value, if included, is the time zone as an offset from UTC. In the previous example, the offset value is -05:00. The date and time when the token expires. The date and time stamp format is ISO 8601: CCYY-MM-DDThh:mm:ss±hh:mm For example, 2015-08-27T09:49:58-05:00. The ±hh:mm value, if included, is the time zone as an offset from UTC. In the previous example, the offset value is -05:00. A null value indicates that the token never expires. The authentication token. In the example, the token is my_id. A tenant object. The description of the tenant. If not set, this value is null. Indicates whether the tenant is enabled or disabled. The tenant ID. The tenant name. A serviceCatalog object. One or more endpoints objects. Each object shows the adminURL, region, internalURL, id, and publicURL for the endpoint. Links for the endpoint. Endpoint type. Endpoint name. A user object, which shows the username, roles_links, id, roles, and name. A metadata object. A trust object. The trustee user ID. The ID of the trust. The trustor user ID. The impersonation flag. A valid authentication token. Requests a page size of items. Returns a number of items up to a limit value. Use the limit parameter to make an initial limited request and use the ID of the last-seen item from the response as the marker parameter value in a subsequent limited request. The ID of the last-seen item. Use the limit parameter to make an initial limited request and use the ID of the last-seen item from the response as the marker parameter value in a subsequent limited request. Lists tenants to which the token has access. GET /v2.0/tenants HTTP/1.1 Host: identity.api.openstack.org Content-Type: application/json X-Auth-Token: fa8426a0-8eaf-4d22-8e13-7c1b16a9370c Accept: application/json { "tenants": [ { "id": "1234", "name": "ACME Corp", "description": "A description ...", "enabled": true }, { "id": "3456", "name": "Iron Works", "description": "A description ...", "enabled": true } ], "tenants_links": [] }