API Authentication
API Authorization
Authentication Requirements
To ensure secure access to our API, all endpoints require authorization through a Bearer token. Include the following headers in your HTTP requests to authenticate:
Authorization: Bearer {{Token}}
Here’s an example command using cURL:
curl -X GET \
-H "Authorization: Bearer {{Token}}" \
https://example.com/api/your-endpoint
Replace {{Token}} with the actual Bearer token obtained through the authentication process.
Ensure the token is included in the Authorization
header for every request, to successfully authenticate and access the API endpoints.
Keep your tokens secure and never expose them in public repositories or insecure environments.
Authorization Token Endpoint
Overview
This section outlines the process of obtaining a Bearer authorization token from OCP’s IAM.
Please replace dynamic parts such as the base URL, username, and password with the appropriate values enclosed in double curly brackets (for example, {{Host}}, {{Username}}, {{Password}}).
Endpoint Details
Hosts
HTTP Request
POST /realms/master/protocol/openid-connect/token
Headers
Paramenter | Value |
---|---|
|
|
Body
Parameter | Description | Value |
---|---|---|
| The client ID | ocp |
| password | |
| The OCP Username | {{Username}} |
| The OCP Password | {{Password}} |
Example Request
curl --location --request POST '{{Host}}/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=ocp' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username={{Username}}' \
--data-urlencode 'password={{Password}}'
Example Response
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgO...",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgO...",
"token_type": "bearer",
"not-before-policy": 0,
"session_state": "6d4e82a1-2d6d-402a-9d52-f3f99d7a477c",
"scope": "openid"
}
The access_token
will be required in any later API request for authorization.
Error Responses
If there is an issue with the request, OCP’s IAM will respond with an appropriate error message. Common error responses include:
Response | Reason |
---|---|
| The provided credentials (username/password) are incorrect. |
Security Considerations
Ensure that the communication with the OCP’s IAM service is over HTTPS to secure the transmission of sensitive information.
Protect your username and password as sensitive information and avoid hardcoding them in your application code.
Implement secure storage and transmission practices for the obtained access token.