.svg)
API Authentication
API Authorization
Authentication Requirements
To ensure secure access to our API, all endpoints require authorization through a Bearer token. Include the following headers in your HTTP requests to authenticate:
Authorization: Bearer {{Token}}
Here’s an example command using cURL:
curl -X GET \
-H "Authorization: Bearer {{Token}}" \
https://example.com/api/your-endpoint
Replace {{Token}} with the actual Bearer token obtained through the authentication process.
Ensure the token is included in the Authorization header for every request, to successfully authenticate and access the API endpoints.
Keep your tokens secure and never expose them in public repositories or insecure environments.
Authorization Token Endpoint
Overview
This section outlines the process of obtaining a Bearer authorization token from OCP’s IAM.
Please replace dynamic parts such as the base URL, username, and password with the appropriate values enclosed in double curly brackets (for example, {{Host}}, {{Username}}, {{Password}}).
Endpoint details
Hosts
Host | URL |
|---|---|
EU1 | |
US1 | |
US2 | |
US1w |
Obtaining an Access Token
To authenticate with the API, you first need to obtain an access token by making a request to the token endpoint as shown in the example below. The response will include both an access_token and a refresh_token.
HTTP Request
POST /realms/master/protocol/openid-connect/token
Headers
Paramenter | Value |
|---|---|
|
|
Body
Parameter | Description | Value |
|---|---|---|
| The client ID | ocp |
| password | |
| The OCP Username | {{Username}} |
| The OCP Password | {{Password}} |
Example Request
curl --location --request POST '{{Host}}/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=ocp' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username={{Username}}' \
--data-urlencode 'password={{Password}}'Example Response
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgO...",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgO...",
"token_type": "bearer",
"not-before-policy": 0,
"session_state": "6d4e82a1-2d6d-402a-9d52-f3f99d7a477c",
"scope": "openid"
}
The access_token will be required in any later API request for authorization.
Error Responses
If there is an issue with the request, OCP’s IAM will respond with an appropriate error message. Common error responses include:
Response | Reason |
|---|---|
| The provided credentials (username/password) are incorrect. |
Session limit
Given the five-sessions limit in some environments, it is crucial to log out sessions when they are no longer needed.
Logging out helps to manage your sessions efficiently and stay within the session limit imposed by your environment.
You can log out by making a request to the logout endpoint using the refresh_token obtained earlier from the response of the token request.
Here is an example request:
curl -X POST "{{Host}}/auth/realms/master/protocol/openid-connect/logout" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=ocp" \
-d "refresh_token=$REFRESH_TOKEN"Security Considerations
Ensure that the communication with the OCP’s IAM service is over HTTPS to secure the transmission of sensitive information.
Protect your username and password as sensitive information and avoid hardcoding them in your application code.
Implement secure storage and transmission practices for the obtained access token.