Lists information about all Identity API versions.
{
"versions":{
"values":[
{
"id":"v3.0",
"links":[
{
"href":"http://192.168.122.176:5000/v3/",
"rel":"self"
}
],
"media-types":[
{
"base":"application/json",
"type":"application/vnd.openstack.identity-v3+json"
},
{
"base":"application/xml",
"type":"application/vnd.openstack.identity-v3+xml"
}
],
"status":"stable",
"updated":"2013-03-06T00:00:00Z"
},
{
"id":"v2.0",
"links":[
{
"href":"http://192.168.122.176:5000/v2.0/",
"rel":"self"
},
{
"href":"http://docs.openstack.org/",
"rel":"describedby",
"type":"text/html"
}
],
"media-types":[
{
"base":"application/json",
"type":"application/vnd.openstack.identity-v2.0+json"
},
{
"base":"application/xml",
"type":"application/vnd.openstack.identity-v2.0+xml"
}
],
"status":"stable",
"updated":"2014-04-17T00:00:00Z"
}
]
}
}
<?xml version="1.0" encoding="UTF-8"?>
<versions xmlns="http://docs.openstack.org/identity/api/v2.0">
<version status="stable" updated="2013-03-06T00:00:00Z" id="v3.0">
<media-types>
<media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>
<media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>
</media-types>
<links>
<link href="http://192.168.122.176:5000/v3/" rel="self"/>
</links>
</version>
<version status="stable" updated="2014-04-17T00:00:00Z" id="v2.0">
<media-types>
<media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>
<media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>
</media-types>
<links>
<link href="http://192.168.122.176:5000/v2.0/" rel="self"/>
<link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>
</links>
<link href="http://192.168.122.176:5000/v2.0/" rel="self"/>
<link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>
</version>
</versions>
Shows details for the Identity API v2.0.
{
"version": {
"status": "stable",
"updated": "2013-03-06T00:00:00Z",
"media-types": [
{
"base": "application/json",
"type": "application/vnd.openstack.identity-v3+json"
},
{
"base": "application/xml",
"type": "application/vnd.openstack.identity-v3+xml"
}
],
"id": "v3.0",
"links": [
{
"href": "http://23.253.228.211:35357/v3/",
"rel": "self"
}
]
}
}
<?xml version="1.0" encoding="UTF-8"?>
<version xmlns="http://docs.openstack.org/identity/api/v3"
status="stable" updated="2013-03-06T00:00:00Z" id="v3.0">
<media-types>
<media-type base="application/json"
type="application/vnd.openstack.identity-v3+json"/>
<media-type base="application/xml"
type="application/vnd.openstack.identity-v3+xml"/>
</media-types>
<links>
<link href="http://23.253.228.211:35357/v3/" rel="self"/>
</links>
</version>
Lists supported extensions.
Lists available extensions.
{
"extensions": {
"values": [
{
"updated": "2013-07-07T12:00:0-00:00",
"name": "OpenStack S3 API",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/s3tokens/v1.0",
"alias": "s3tokens",
"description": "OpenStack S3 API."
},
{
"updated": "2013-07-23T12:00:0-00:00",
"name": "OpenStack Keystone Endpoint Filter API",
"links": [
{
"href": "https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-ep-filter-ext.md",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-EP-FILTER/v1.0",
"alias": "OS-EP-FILTER",
"description": "OpenStack Keystone Endpoint Filter API."
},
{
"updated": "2013-12-17T12:00:0-00:00",
"name": "OpenStack Federation APIs",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-FEDERATION/v1.0",
"alias": "OS-FEDERATION",
"description": "OpenStack Identity Providers Mechanism."
},
{
"updated": "2013-07-11T17:14:00-00:00",
"name": "OpenStack Keystone Admin",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0",
"alias": "OS-KSADM",
"description": "OpenStack extensions to Keystone v2.0 API enabling Administrative Operations."
},
{
"updated": "2014-01-20T12:00:0-00:00",
"name": "OpenStack Simple Certificate API",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-SIMPLE-CERT/v1.0",
"alias": "OS-SIMPLE-CERT",
"description": "OpenStack simple certificate retrieval extension"
},
{
"updated": "2013-07-07T12:00:0-00:00",
"name": "OpenStack EC2 API",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-EC2/v1.0",
"alias": "OS-EC2",
"description": "OpenStack EC2 Credentials backend."
}
]
}
}
<?xml version="1.0" encoding="UTF-8"?>
<extensions xmlns="http://docs.openstack.org/common/api/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom"/>
Moves to the next item in the list.
Moves to the previous item in the list.
The extension name.
Gets detailed information for a specified extension.
Specify the extension alias in the URI.
{
"extension": {
"updated": "2013-07-07T12:00:0-00:00",
"name": "OpenStack S3 API",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/s3tokens/v1.0",
"alias": "s3tokens",
"description": "OpenStack S3 API."
}
}
<?xml version="1.0" encoding="UTF-8"?>
<extension xmlns="http://docs.openstack.org/common/api/v1.0"
xmlns:atom="http://www.w3.org/2005/Atom"
name="User Metadata Extension"
namespace="http://docs.rackspacecloud.com/identity/api/ext/meta/v2.0"
alias="RS-META" updated="2011-01-12T11:22:33-06:00">
<description>Allows associating arbitrary metadata with a
user.</description>
<atom:link rel="describedby" type="application/pdf"
href="http://docs.rackspacecloud.com/identity/api/ext/identity-meta-20111201.pdf"/>
<atom:link rel="describedby" type="application/vnd.sun.wadl+xml"
href="http://docs.rackspacecloud.com/identity/api/ext/identity-meta.wadl"
/>
</extension>
Authenticates and generates a token.
The Identity API is a ReSTful web service. It is the entry point to all service
APIs. To access the Identity API, you must know its URL.
Each ReST request against Identity requires the X-Auth-Token header. Clients
obtain this token, along with the URL to other service APIs, by first authenticating
against Identity with valid credentials.
To authenticate, you must provide either a user ID and password or a token.
If the authentication token has expired, a 401 response
code is returned.
If the token specified in the request has expired, this call returns a
404 response code.
Identity treats expired tokens as invalid tokens.
The deployment determines how long expired tokens are stored.
{
"auth": {
"tenantName": "demo",
"passwordCredentials": {
"username": "demo",
"password": "secretsecret"
}
}
}
<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://docs.openstack.org/identity/api/v2.0"
tenantName="demo">
<passwordCredentials username="demo" password="secretsecret"/>
</auth>
The tenant name. Both the
tenantId
and tenantName
attributes are
optional, but should not be specified together. If both attributes are
specified, the server responds with a 400
Bad Request
.
The tenant ID. Both the
tenantId
and tenantName
attributes are
optional, but should not be specified together. If both attributes are
specified, the server responds with a 400
Bad Request
.
A
passwordCredentials
object. To authenticate, you must
provide either a user ID and password or a token.
The user name. Required if
you include the passwordCredentials
object. If you do not
provide a password credentials, you must provide a
token.
The password of the user.
Required if you include the passwordCredentials
object. If
you do not provide a password credentials, you must provide a
token.
A token
object. Required if you do not provide password
credentials.
The token ID. This is a
required field in the token
object.
{
"auth": {
"tenantName": "demo",
"token": {
"id": "cbc36478b0bd8e67e89469c7749d4127"
}
}
}
<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://docs.openstack.org/identity/api/v2.0"
tenantName="demo">
<token id="cbc36478b0bd8e67e89469c7749d4127"/>
</auth>
{
"access": {
"token": {
"issued_at": "2014-01-30T15:30:58.819584",
"expires": "2014-01-31T15:30:58Z",
"id": "aaaaa-bbbbb-ccccc-dddd",
"tenant": {
"description": null,
"enabled": true,
"id": "fc394f2ab2df4114bde39905f800dc57",
"name": "demo"
}
},
"serviceCatalog": [
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57",
"id": "2dad48f09e2a447a9bf852bcd93548ef",
"publicURL": "http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57"
}
],
"endpoints_links": [],
"type": "compute",
"name": "nova"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:9696/",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:9696/",
"id": "97c526db8d7a4c88bbb8d68db1bdcdb8",
"publicURL": "http://23.253.72.207:9696/"
}
],
"endpoints_links": [],
"type": "network",
"name": "neutron"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57",
"id": "93f86dfcbba143a39a33d0c2cd424870",
"publicURL": "http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57"
}
],
"endpoints_links": [],
"type": "volumev2",
"name": "cinder"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8774/v3",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8774/v3",
"id": "3eb274b12b1d47b2abc536038d87339e",
"publicURL": "http://23.253.72.207:8774/v3"
}
],
"endpoints_links": [],
"type": "computev3",
"name": "nova"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:3333",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:3333",
"id": "957f1e54afc64d33a62099faa5e980a2",
"publicURL": "http://23.253.72.207:3333"
}
],
"endpoints_links": [],
"type": "s3",
"name": "s3"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:9292",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:9292",
"id": "27d5749f36864c7d96bebf84a5ec9767",
"publicURL": "http://23.253.72.207:9292"
}
],
"endpoints_links": [],
"type": "image",
"name": "glance"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57",
"id": "37c83a2157f944f1972e74658aa0b139",
"publicURL": "http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57"
}
],
"endpoints_links": [],
"type": "volume",
"name": "cinder"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8773/services/Admin",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8773/services/Cloud",
"id": "289b59289d6048e2912b327e5d3240ca",
"publicURL": "http://23.253.72.207:8773/services/Cloud"
}
],
"endpoints_links": [],
"type": "ec2",
"name": "ec2"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8080",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57",
"id": "16b76b5e5b7d48039a6e4cc3129545f3",
"publicURL": "http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57"
}
],
"endpoints_links": [],
"type": "object-store",
"name": "swift"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:35357/v2.0",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:5000/v2.0",
"id": "26af053673df4ef3a2340c4239e21ea2",
"publicURL": "http://23.253.72.207:5000/v2.0"
}
],
"endpoints_links": [],
"type": "identity",
"name": "keystone"
}
],
"user": {
"username": "demo",
"roles_links": [],
"id": "9a6590b2ab024747bc2167c4e064d00d",
"roles": [
{
"name": "Member"
},
{
"name": "anotherrole"
}
],
"name": "demo"
},
"metadata": {
"is_admin": 0,
"roles": [
"7598ac3c634d4c3da4b9126a5f67ca2b",
"f95c0ab82d6045d9805033ee1fbc80d4"
]
}
}
}
<?xml version="1.0" encoding="UTF-8"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0">
<token issued_at="2014-01-30T15:49:11.054709"
expires="2014-01-31T15:49:11Z"
id="aaaaa-bbbbb-ccccc-dddd">
<tenant enabled="true" name="demo"
id="fc394f2ab2df4114bde39905f800dc57"/>
</token>
<serviceCatalog>
<service type="compute" name="nova">
<endpoints_links/>
<endpoint
adminURL="http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57"
region="RegionOne"
publicURL="http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57"
internalURL="http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57"
id="2dad48f09e2a447a9bf852bcd93548ef"
/>
</service>
<service type="network" name="neutron">
<endpoints_links/>
<endpoint
adminURL="http://23.253.72.207:9696/"
region="RegionOne"
publicURL="http://23.253.72.207:9696/"
internalURL="http://23.253.72.207:9696/"
id="97c526db8d7a4c88bbb8d68db1bdcdb8"
/>
</service>
<service type="volumev2" name="cinder">
<endpoints_links/>
<endpoint
adminURL="http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57"
region="RegionOne"
publicURL="http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57"
internalURL="http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57"
id="93f86dfcbba143a39a33d0c2cd424870"
/>
</service>
<service type="computev3" name="nova">
<endpoints_links/>
<endpoint
adminURL="http://23.253.72.207:8774/v3"
region="RegionOne"
publicURL="http://23.253.72.207:8774/v3"
internalURL="http://23.253.72.207:8774/v3"
id="3eb274b12b1d47b2abc536038d87339e"
/>
</service>
<service type="s3" name="s3">
<endpoints_links/>
<endpoint adminURL="http://23.253.72.207:3333"
region="RegionOne"
publicURL="http://23.253.72.207:3333"
internalURL="http://23.253.72.207:3333"
id="957f1e54afc64d33a62099faa5e980a2"
/>
</service>
<service type="image" name="glance">
<endpoints_links/>
<endpoint adminURL="http://23.253.72.207:9292"
region="RegionOne"
publicURL="http://23.253.72.207:9292"
internalURL="http://23.253.72.207:9292"
id="27d5749f36864c7d96bebf84a5ec9767"
/>
</service>
<service type="volume" name="cinder">
<endpoints_links/>
<endpoint
adminURL="http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57"
region="RegionOne"
publicURL="http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57"
internalURL="http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57"
id="37c83a2157f944f1972e74658aa0b139"
/>
</service>
<service type="ec2" name="ec2">
<endpoints_links/>
<endpoint
adminURL="http://23.253.72.207:8773/services/Admin"
region="RegionOne"
publicURL="http://23.253.72.207:8773/services/Cloud"
internalURL="http://23.253.72.207:8773/services/Cloud"
id="289b59289d6048e2912b327e5d3240ca"
/>
</service>
<service type="object-store" name="swift">
<endpoints_links/>
<endpoint adminURL="http://23.253.72.207:8080"
region="RegionOne"
publicURL="http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57"
internalURL="http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57"
id="16b76b5e5b7d48039a6e4cc3129545f3"
/>
</service>
<service type="identity" name="keystone">
<endpoints_links/>
<endpoint
adminURL="http://23.253.72.207:35357/v2.0"
region="RegionOne"
publicURL="http://23.253.72.207:5000/v2.0"
internalURL="http://23.253.72.207:5000/v2.0"
id="26af053673df4ef3a2340c4239e21ea2"
/>
</service>
</serviceCatalog>
<user username="demo" id="9a6590b2ab024747bc2167c4e064d00d"
name="demo">
<roles_links/>
<role name="Member"/>
<role name="anotherrole"/>
</user>
<metadata is_admin="0">
<roles>
<role>7598ac3c634d4c3da4b9126a5f67ca2b</role>
<role>f95c0ab82d6045d9805033ee1fbc80d4</role>
</roles>
</metadata>
</access>
An access
object.
A token
object.
A timestamp that indicates
when the token was issued.
A timestamp that indicates
when the token expires.
The authentication token.
In the example, the token is my_id
.
A tenant
object.
The description of the
tenant. If not set, this value is null
.
Indicates whether the
tenant is enabled or disabled.
The tenant
ID.
The tenant
name.
A
serviceCatalog
object.
One or more
endpoints
objects. Each object shows the
adminURL
, region
,
internalURL
, id
, and publicURL
for the endpoint.
Links for the
endpoint.
Endpoint
type.
Endpoint
name.
A user
object, which shows the username
, roles_links
,
id
, roles
, and
name
.
A metadata
object.
A valid authentication token.
The ID of the last item in the previous list.
The page size.
Lists tenants to which the specified token has access.
GET /v2.0/tenants HTTP/1.1
Host: identity.api.openstack.org
Content-Type: application/json
X-Auth-Token: fa8426a0-8eaf-4d22-8e13-7c1b16a9370c
Accept: application/json
GET /v2.0/tenants HTTP/1.1
Host: identity.api.openstack.org
Content-Type: application/xml
X-Auth-Token: fa8426a0-8eaf-4d22-8e13-7c1b16a9370c
Accept: application/xml
{
"tenants": [
{
"id": "1234",
"name": "ACME Corp",
"description": "A description ...",
"enabled": true
},
{
"id": "3456",
"name": "Iron Works",
"description": "A description ...",
"enabled": true
}
],
"tenants_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<tenants xmlns="http://docs.openstack.org/identity/api/v2.0">
<tenant enabled="true" id="1234" name="ACME Corp">
<description>A description...</description>
</tenant>
<tenant enabled="true" id="3645" name="Iron Works">
<description>A description...</description>
</tenant>
</tenants>