Skip to main content
Skip table of contents

API Authentication

API Authorization

Authentication Requirements

To ensure secure access to our API, all endpoints require authorization through a Bearer token. Include the following headers in your HTTP requests to authenticate:

Authorization: Bearer {{Token}}

Here’s an example command using cURL:

BASH
curl -X GET \
  -H "Authorization: Bearer {{Token}}" \
  https://example.com/api/your-endpoint

Replace {{Token}} with the actual Bearer token obtained through the authentication process.

Ensure the token is included in the Authorization header for every request, to successfully authenticate and access the API endpoints.

Keep your tokens secure and never expose them in public repositories or insecure environments.

Authorization Token Endpoint

Overview

This section outlines the process of obtaining a Bearer authorization token from OCP’s IAM.

Please replace dynamic parts such as the base URL, username, and password with the appropriate values enclosed in double curly brackets (for example, {{Host}}, {{Username}}, {{Password}}).

Endpoint Details

Hosts

HTTP Request

POST /realms/master/protocol/openid-connect/token

Headers

Paramenter

Value

Content-Type

application/x-www-form-urlencoded

Body

Parameter

Description

Value

client_id

The client ID

ocp

grant_type

password

username

The OCP Username

{{Username}}

password

The OCP Password

{{Password}}

Example Request

BASH
curl --location --request POST '{{Host}}/auth/realms/master/protocol/openid-connect/token' \
     --header 'Content-Type: application/x-www-form-urlencoded' \
     --data-urlencode 'client_id=ocp' \
     --data-urlencode 'grant_type=password' \
     --data-urlencode 'username={{Username}}' \        
     --data-urlencode 'password={{Password}}'

Example Response

JSON
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgO...",
  "expires_in": 300,
  "refresh_expires_in": 1800,
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgO...",
  "token_type": "bearer",
  "not-before-policy": 0,
  "session_state": "6d4e82a1-2d6d-402a-9d52-f3f99d7a477c",
  "scope": "openid"
}

The access_token will be required in any later API request for authorization.

Error Responses

If there is an issue with the request, OCP’s IAM will respond with an appropriate error message. Common error responses include:

Response

Reason

Invalid Grant

The provided credentials (username/password) are incorrect.

Security Considerations

Ensure that the communication with the OCP’s IAM service is over HTTPS to secure the transmission of sensitive information.

Protect your username and password as sensitive information and avoid hardcoding them in your application code.

Implement secure storage and transmission practices for the obtained access token. 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.