Identity API v2.0 (STABLE)

Get an authentication token that permits access to the OpenStack services REST API.

API versions

GET
/

Lists information about all Identity API versions.

 
Normal response codes
200
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
{
   "versions":{
      "values":[
         {
            "id":"v3.0",
            "links":[
               {
                  "href":"http://192.168.122.176:5000/v3/",
                  "rel":"self"
               }
            ],
            "media-types":[
               {
                  "base":"application/json",
                  "type":"application/vnd.openstack.identity-v3+json"
               },
               {
                  "base":"application/xml",
                  "type":"application/vnd.openstack.identity-v3+xml"
               }
            ],
            "status":"stable",
            "updated":"2013-03-06T00:00:00Z"
         },
         {
            "id":"v2.0",
            "links":[
               {
                  "href":"http://192.168.122.176:5000/v2.0/",
                  "rel":"self"
               },
               {
                  "href":"http://docs.openstack.org/",
                  "rel":"describedby",
                  "type":"text/html"
               }
            ],
            "media-types":[
               {
                  "base":"application/json",
                  "type":"application/vnd.openstack.identity-v2.0+json"
               },
               {
                  "base":"application/xml",
                  "type":"application/vnd.openstack.identity-v2.0+xml"
               }
            ],
            "status":"stable",
            "updated":"2014-04-17T00:00:00Z"
         }
      ]
   }
}
<?xml version="1.0" encoding="UTF-8"?>
<versions xmlns="http://docs.openstack.org/identity/api/v2.0">
    <version status="stable" updated="2013-03-06T00:00:00Z" id="v3.0">
        <media-types>
            <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>
            <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>
        </media-types>
        <links>
            <link href="http://192.168.122.176:5000/v3/" rel="self"/>
        </links>
    </version>
    <version status="stable" updated="2014-04-17T00:00:00Z" id="v2.0">
        <media-types>
            <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>
            <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>
        </media-types>
        <links>
            <link href="http://192.168.122.176:5000/v2.0/" rel="self"/>
            <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>
        </links>
        <link href="http://192.168.122.176:5000/v2.0/" rel="self"/>
        <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>
    </version>
</versions>

This operation does not accept a request body.

GET
/v2.0

Shows details for the Identity API v2.0.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
{
    "version": {
        "status": "stable",
        "updated": "2013-03-06T00:00:00Z",
        "media-types": [
            {
                "base": "application/json",
                "type": "application/vnd.openstack.identity-v3+json"
            },
            {
                "base": "application/xml",
                "type": "application/vnd.openstack.identity-v3+xml"
            }
        ],
        "id": "v3.0",
        "links": [
            {
                "href": "http://23.253.228.211:35357/v3/",
                "rel": "self"
            }
        ]
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<version xmlns="http://docs.openstack.org/identity/api/v3"
    status="stable" updated="2013-03-06T00:00:00Z" id="v3.0">
    <media-types>
        <media-type base="application/json"
            type="application/vnd.openstack.identity-v3+json"/>
        <media-type base="application/xml"
            type="application/vnd.openstack.identity-v3+xml"/>
    </media-types>
    <links>
        <link href="http://23.253.228.211:35357/v3/" rel="self"/>
    </links>
</version>

This operation does not accept a request body.

Extensions

GET
/v2.0/extensions

Lists available extensions.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Response parameters
Parameter Style Type Description
next (Optional) plain xsd:anyURI

Moves to the next item in the list.

previous (Optional) plain xsd:anyURI

Moves to the previous item in the list.

{
    "extensions": {
        "values": [
            {
                "updated": "2013-07-07T12:00:0-00:00",
                "name": "OpenStack S3 API",
                "links": [
                    {
                        "href": "https://github.com/openstack/identity-api",
                        "type": "text/html",
                        "rel": "describedby"
                    }
                ],
                "namespace": "http://docs.openstack.org/identity/api/ext/s3tokens/v1.0",
                "alias": "s3tokens",
                "description": "OpenStack S3 API."
            },
            {
                "updated": "2013-07-23T12:00:0-00:00",
                "name": "OpenStack Keystone Endpoint Filter API",
                "links": [
                    {
                        "href": "https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-ep-filter-ext.md",
                        "type": "text/html",
                        "rel": "describedby"
                    }
                ],
                "namespace": "http://docs.openstack.org/identity/api/ext/OS-EP-FILTER/v1.0",
                "alias": "OS-EP-FILTER",
                "description": "OpenStack Keystone Endpoint Filter API."
            },
            {
                "updated": "2013-12-17T12:00:0-00:00",
                "name": "OpenStack Federation APIs",
                "links": [
                    {
                        "href": "https://github.com/openstack/identity-api",
                        "type": "text/html",
                        "rel": "describedby"
                    }
                ],
                "namespace": "http://docs.openstack.org/identity/api/ext/OS-FEDERATION/v1.0",
                "alias": "OS-FEDERATION",
                "description": "OpenStack Identity Providers Mechanism."
            },
            {
                "updated": "2013-07-11T17:14:00-00:00",
                "name": "OpenStack Keystone Admin",
                "links": [
                    {
                        "href": "https://github.com/openstack/identity-api",
                        "type": "text/html",
                        "rel": "describedby"
                    }
                ],
                "namespace": "http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0",
                "alias": "OS-KSADM",
                "description": "OpenStack extensions to Keystone v2.0 API enabling Administrative Operations."
            },
            {
                "updated": "2014-01-20T12:00:0-00:00",
                "name": "OpenStack Simple Certificate API",
                "links": [
                    {
                        "href": "https://github.com/openstack/identity-api",
                        "type": "text/html",
                        "rel": "describedby"
                    }
                ],
                "namespace": "http://docs.openstack.org/identity/api/ext/OS-SIMPLE-CERT/v1.0",
                "alias": "OS-SIMPLE-CERT",
                "description": "OpenStack simple certificate retrieval extension"
            },
            {
                "updated": "2013-07-07T12:00:0-00:00",
                "name": "OpenStack EC2 API",
                "links": [
                    {
                        "href": "https://github.com/openstack/identity-api",
                        "type": "text/html",
                        "rel": "describedby"
                    }
                ],
                "namespace": "http://docs.openstack.org/identity/api/ext/OS-EC2/v1.0",
                "alias": "OS-EC2",
                "description": "OpenStack EC2 Credentials backend."
            }
        ]
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<extensions xmlns="http://docs.openstack.org/common/api/v1.0"
            xmlns:atom="http://www.w3.org/2005/Atom"/>

This operation does not accept a request body.

GET
/v2.0/extensions/​{alias}​

Gets detailed information for a specified extension.

 

Specify the extension alias in the URI.

Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
alias URI xsd:string

The extension name.

{
    "extension": {
        "updated": "2013-07-07T12:00:0-00:00",
        "name": "OpenStack S3 API",
        "links": [
            {
                "href": "https://github.com/openstack/identity-api",
                "type": "text/html",
                "rel": "describedby"
            }
        ],
        "namespace": "http://docs.openstack.org/identity/api/ext/s3tokens/v1.0",
        "alias": "s3tokens",
        "description": "OpenStack S3 API."
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<extension xmlns="http://docs.openstack.org/common/api/v1.0"
    xmlns:atom="http://www.w3.org/2005/Atom"
    name="User Metadata Extension"
    namespace="http://docs.rackspacecloud.com/identity/api/ext/meta/v2.0"
    alias="RS-META" updated="2011-01-12T11:22:33-06:00">
    <description>Allows associating arbitrary metadata with a
        user.</description>
    <atom:link rel="describedby" type="application/pdf"
        href="http://docs.rackspacecloud.com/identity/api/ext/identity-meta-20111201.pdf"/>
    <atom:link rel="describedby" type="application/vnd.sun.wadl+xml"
        href="http://docs.rackspacecloud.com/identity/api/ext/identity-meta.wadl"
    />
</extension>

This operation does not accept a request body.

Tokens

POST
/v2.0/tokens

Authenticates and generates a token.

 

The Identity API is a ReSTful web service. It is the entry point to all service APIs. To access the Identity API, you must know its URL.

Each ReST request against Identity requires the X-Auth-Token header. Clients obtain this token, along with the URL to other service APIs, by first authenticating against Identity with valid credentials.

To authenticate, you must provide either a user ID and password or a token.

If the authentication token has expired, a 401 response code is returned.

If the token specified in the request has expired, this call returns a 404 response code.

Identity treats expired tokens as invalid tokens.

The deployment determines how long expired tokens are stored.

Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), userDisabled (403), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
tenantName (Optional) plain xsd:string

The tenant name. Both the tenantId and tenantName attributes are optional, but should not be specified together. If both attributes are specified, the server responds with a 400 Bad Request.

tenantId (Optional) plain capi:UUID

The tenant ID. Both the tenantId and tenantName attributes are optional, but should not be specified together. If both attributes are specified, the server responds with a 400 Bad Request.

passwordCredentials (Optional) plain xsd:string

A passwordCredentials object. To authenticate, you must provide either a user ID and password or a token.

username (Optional) plain xsd:string

The user name. Required if you include the passwordCredentials object. If you do not provide a password credentials, you must provide a token.

password (Optional) plain xsd:string

The password of the user. Required if you include the passwordCredentials object. If you do not provide a password credentials, you must provide a token.

token (Optional) plain xsd:string

A token object. Required if you do not provide password credentials.

id (Optional) plain xsd:string

The token ID. This is a required field in the token object.

Response parameters
Parameter Style Type Description
access plain xsd:string

An access object.

token plain xsd:string

A token object.

issued_at plain xsd:string

A timestamp that indicates when the token was issued.

expires plain xsd:string

A timestamp that indicates when the token expires.

id plain xsd:string

The authentication token. In the example, the token is my_id.

tenant plain xsd:string

A tenant object.

description plain xsd:string

The description of the tenant. If not set, this value is null.

enabled plain xsd:boolean

Indicates whether the tenant is enabled or disabled.

id plain xsd:string

The tenant ID.

name plain xsd:string

The tenant name.

serviceCatalog plain xsd:string

A serviceCatalog object.

endpoints plain xsd:string

One or more endpoints objects. Each object shows the adminURL, region, internalURL, id, and publicURL for the endpoint.

endpoints_links plain xsd:string

Links for the endpoint.

type plain xsd:string

Endpoint type.

name plain xsd:string

Endpoint name.

user plain xsd:string

A user object, which shows the username, roles_links, id, roles, and name.

metadata plain xsd:string

A metadata object.

{
    "auth": {
        "tenantName": "demo",
        "passwordCredentials": {
            "username": "demo",
            "password": "devstack"
        }
    }
}
{
    "auth": {
        "tenantName": "demo",
        "token": {
            "id": "cbc36478b0bd8e67e89469c7749d4127"
        }
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns="http://docs.openstack.org/identity/api/v2.0"
  tenantName="demo">
  <passwordCredentials username="demo" password="devstack"/>
</auth>
<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns="http://docs.openstack.org/identity/api/v2.0"
  tenantName="demo">
  <token id="cbc36478b0bd8e67e89469c7749d4127"/>
</auth>
{
    "access": {
        "token": {
            "issued_at": "2014-01-30T15:30:58.819584",
            "expires": "2014-01-31T15:30:58Z",
            "id": "aaaaa-bbbbb-ccccc-dddd",
            "tenant": {
                "description": null,
                "enabled": true,
                "id": "fc394f2ab2df4114bde39905f800dc57",
                "name": "demo"
            }
        },
        "serviceCatalog": [
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57",
                        "id": "2dad48f09e2a447a9bf852bcd93548ef",
                        "publicURL": "http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57"
                    }
                ],
                "endpoints_links": [],
                "type": "compute",
                "name": "nova"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:9696/",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:9696/",
                        "id": "97c526db8d7a4c88bbb8d68db1bdcdb8",
                        "publicURL": "http://23.253.72.207:9696/"
                    }
                ],
                "endpoints_links": [],
                "type": "network",
                "name": "neutron"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57",
                        "id": "93f86dfcbba143a39a33d0c2cd424870",
                        "publicURL": "http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57"
                    }
                ],
                "endpoints_links": [],
                "type": "volumev2",
                "name": "cinder"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8774/v3",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8774/v3",
                        "id": "3eb274b12b1d47b2abc536038d87339e",
                        "publicURL": "http://23.253.72.207:8774/v3"
                    }
                ],
                "endpoints_links": [],
                "type": "computev3",
                "name": "nova"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:3333",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:3333",
                        "id": "957f1e54afc64d33a62099faa5e980a2",
                        "publicURL": "http://23.253.72.207:3333"
                    }
                ],
                "endpoints_links": [],
                "type": "s3",
                "name": "s3"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:9292",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:9292",
                        "id": "27d5749f36864c7d96bebf84a5ec9767",
                        "publicURL": "http://23.253.72.207:9292"
                    }
                ],
                "endpoints_links": [],
                "type": "image",
                "name": "glance"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57",
                        "id": "37c83a2157f944f1972e74658aa0b139",
                        "publicURL": "http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57"
                    }
                ],
                "endpoints_links": [],
                "type": "volume",
                "name": "cinder"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8773/services/Admin",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8773/services/Cloud",
                        "id": "289b59289d6048e2912b327e5d3240ca",
                        "publicURL": "http://23.253.72.207:8773/services/Cloud"
                    }
                ],
                "endpoints_links": [],
                "type": "ec2",
                "name": "ec2"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8080",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57",
                        "id": "16b76b5e5b7d48039a6e4cc3129545f3",
                        "publicURL": "http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57"
                    }
                ],
                "endpoints_links": [],
                "type": "object-store",
                "name": "swift"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:35357/v2.0",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:5000/v2.0",
                        "id": "26af053673df4ef3a2340c4239e21ea2",
                        "publicURL": "http://23.253.72.207:5000/v2.0"
                    }
                ],
                "endpoints_links": [],
                "type": "identity",
                "name": "keystone"
            }
        ],
        "user": {
            "username": "demo",
            "roles_links": [],
            "id": "9a6590b2ab024747bc2167c4e064d00d",
            "roles": [
                {
                    "name": "Member"
                },
                {
                    "name": "anotherrole"
                }
            ],
            "name": "demo"
        },
        "metadata": {
            "is_admin": 0,
            "roles": [
                "7598ac3c634d4c3da4b9126a5f67ca2b",
                "f95c0ab82d6045d9805033ee1fbc80d4"
            ]
        }
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0">
        <token issued_at="2014-01-30T15:49:11.054709"
                expires="2014-01-31T15:49:11Z"
                id="aaaaa-bbbbb-ccccc-dddd">
                <tenant enabled="true" name="demo"
                        id="fc394f2ab2df4114bde39905f800dc57"/>
        </token>
        <serviceCatalog>
                <service type="compute" name="nova">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57"
                                internalURL="http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57"
                                id="2dad48f09e2a447a9bf852bcd93548ef"
                        />
                </service>
                <service type="network" name="neutron">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:9696/"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:9696/"
                                internalURL="http://23.253.72.207:9696/"
                                id="97c526db8d7a4c88bbb8d68db1bdcdb8"
                        />
                </service>
                <service type="volumev2" name="cinder">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57"
                                internalURL="http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57"
                                id="93f86dfcbba143a39a33d0c2cd424870"
                        />
                </service>
                <service type="computev3" name="nova">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:8774/v3"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:8774/v3"
                                internalURL="http://23.253.72.207:8774/v3"
                                id="3eb274b12b1d47b2abc536038d87339e"
                        />
                </service>
                <service type="s3" name="s3">
                        <endpoints_links/>
                        <endpoint adminURL="http://23.253.72.207:3333"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:3333"
                                internalURL="http://23.253.72.207:3333"
                                id="957f1e54afc64d33a62099faa5e980a2"
                        />
                </service>
                <service type="image" name="glance">
                        <endpoints_links/>
                        <endpoint adminURL="http://23.253.72.207:9292"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:9292"
                                internalURL="http://23.253.72.207:9292"
                                id="27d5749f36864c7d96bebf84a5ec9767"
                        />
                </service>
                <service type="volume" name="cinder">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57"
                                internalURL="http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57"
                                id="37c83a2157f944f1972e74658aa0b139"
                        />
                </service>
                <service type="ec2" name="ec2">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:8773/services/Admin"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:8773/services/Cloud"
                                internalURL="http://23.253.72.207:8773/services/Cloud"
                                id="289b59289d6048e2912b327e5d3240ca"
                        />
                </service>
                <service type="object-store" name="swift">
                        <endpoints_links/>
                        <endpoint adminURL="http://23.253.72.207:8080"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57"
                                internalURL="http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57"
                                id="16b76b5e5b7d48039a6e4cc3129545f3"
                        />
                </service>
                <service type="identity" name="keystone">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:35357/v2.0"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:5000/v2.0"
                                internalURL="http://23.253.72.207:5000/v2.0"
                                id="26af053673df4ef3a2340c4239e21ea2"
                        />
                </service>
        </serviceCatalog>
        <user username="demo" id="9a6590b2ab024747bc2167c4e064d00d"
                name="demo">
                <roles_links/>
                <role name="Member"/>
                <role name="anotherrole"/>
        </user>
        <metadata is_admin="0">
                <roles>
                        <role>7598ac3c634d4c3da4b9126a5f67ca2b</role>
                        <role>f95c0ab82d6045d9805033ee1fbc80d4</role>
                </roles>
        </metadata>
</access>
GET
/v2.0/tenants

Lists tenants to which the specified token has access.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

marker (Optional) query xsd:string

The ID of the last item in the previous list.

limit (Optional) query xsd:int

The page size.

GET /v2.0/tenants HTTP/1.1
Host: identity.api.openstack.org
Content-Type: application/json
X-Auth-Token: fa8426a0-8eaf-4d22-8e13-7c1b16a9370c
Accept: application/json
GET /v2.0/tenants HTTP/1.1
Host: identity.api.openstack.org
Content-Type: application/xml
X-Auth-Token: fa8426a0-8eaf-4d22-8e13-7c1b16a9370c
Accept: application/xml
{
    "tenants": [
        {
            "id": "1234",
            "name": "ACME Corp",
            "description": "A description ...",
            "enabled": true
        },
        {
            "id": "3456",
            "name": "Iron Works",
            "description": "A description ...",
            "enabled": true
        }
    ],
    "tenants_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<tenants xmlns="http://docs.openstack.org/identity/api/v2.0">
    <tenant enabled="true" id="1234" name="ACME Corp">
        <description>A description...</description>
    </tenant>
    <tenant enabled="true" id="3645" name="Iron Works">
        <description>A description...</description>
    </tenant>
</tenants>

Identity admin API v2.0 (STABLE)

Get an authentication token that permits access to the Compute API.

Versions

GET
/v2.0

Gets detailed information about a specified version of the Identity API.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Response parameters
Parameter Style Type Description
location plain xsd:anyURI
{
    "version": {
        "status": "stable",
        "updated": "2014-04-17T00:00:00Z",
        "media-types": [
            {
                "base": "application/json",
                "type": "application/vnd.openstack.identity-v2.0+json"
            },
            {
                "base": "application/xml",
                "type": "application/vnd.openstack.identity-v2.0+xml"
            }
        ],
        "id": "v2.0",
        "links": [
            {
                "href": "http://23.253.228.211:5000/v2.0/",
                "rel": "self"
            },
            {
                "href": "http://docs.openstack.org/api/openstack-identity-service/2.0/content/",
                "type": "text/html",
                "rel": "describedby"
            },
            {
                "href": "http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf",
                "type": "application/pdf",
                "rel": "describedby"
            }
        ]
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<version xmlns="http://docs.openstack.org/identity/api/v2.0"
    status="stable" updated="2013-03-06T00:00:00Z" id="v2.0">
    <media-types>
        <media-type base="application/json"
            type="application/vnd.openstack.identity-v2.0+json"/>
        <media-type base="application/xml"
            type="application/vnd.openstack.identity-v2.0+xml"/>
    </media-types>
    <links>
        <link href="http://localhost:5000/v2.0/" rel="self"/>
        <link
            href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/"
            type="text/html" rel="describedby"/>
        <link
            href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf"
            type="application/pdf" rel="describedby"/>
    </links>
</version>

This operation does not accept a request body.

Extensions

GET
/v2.0/extensions

Lists available extensions.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Response parameters
Parameter Style Type Description
next (Optional) plain xsd:anyURI

Moves to the next item in the list.

previous (Optional) plain xsd:anyURI

Moves to the previous item in the list.

{
    "extensions": {
        "values": [
            {
                "updated": "2013-07-07T12:00:0-00:00",
                "name": "OpenStack S3 API",
                "links": [
                    {
                        "href": "https://github.com/openstack/identity-api",
                        "type": "text/html",
                        "rel": "describedby"
                    }
                ],
                "namespace": "http://docs.openstack.org/identity/api/ext/s3tokens/v1.0",
                "alias": "s3tokens",
                "description": "OpenStack S3 API."
            },
            {
                "updated": "2013-07-23T12:00:0-00:00",
                "name": "OpenStack Keystone Endpoint Filter API",
                "links": [
                    {
                        "href": "https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-ep-filter-ext.md",
                        "type": "text/html",
                        "rel": "describedby"
                    }
                ],
                "namespace": "http://docs.openstack.org/identity/api/ext/OS-EP-FILTER/v1.0",
                "alias": "OS-EP-FILTER",
                "description": "OpenStack Keystone Endpoint Filter API."
            },
            {
                "updated": "2013-12-17T12:00:0-00:00",
                "name": "OpenStack Federation APIs",
                "links": [
                    {
                        "href": "https://github.com/openstack/identity-api",
                        "type": "text/html",
                        "rel": "describedby"
                    }
                ],
                "namespace": "http://docs.openstack.org/identity/api/ext/OS-FEDERATION/v1.0",
                "alias": "OS-FEDERATION",
                "description": "OpenStack Identity Providers Mechanism."
            },
            {
                "updated": "2013-07-11T17:14:00-00:00",
                "name": "OpenStack Keystone Admin",
                "links": [
                    {
                        "href": "https://github.com/openstack/identity-api",
                        "type": "text/html",
                        "rel": "describedby"
                    }
                ],
                "namespace": "http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0",
                "alias": "OS-KSADM",
                "description": "OpenStack extensions to Keystone v2.0 API enabling Administrative Operations."
            },
            {
                "updated": "2014-01-20T12:00:0-00:00",
                "name": "OpenStack Simple Certificate API",
                "links": [
                    {
                        "href": "https://github.com/openstack/identity-api",
                        "type": "text/html",
                        "rel": "describedby"
                    }
                ],
                "namespace": "http://docs.openstack.org/identity/api/ext/OS-SIMPLE-CERT/v1.0",
                "alias": "OS-SIMPLE-CERT",
                "description": "OpenStack simple certificate retrieval extension"
            },
            {
                "updated": "2013-07-07T12:00:0-00:00",
                "name": "OpenStack EC2 API",
                "links": [
                    {
                        "href": "https://github.com/openstack/identity-api",
                        "type": "text/html",
                        "rel": "describedby"
                    }
                ],
                "namespace": "http://docs.openstack.org/identity/api/ext/OS-EC2/v1.0",
                "alias": "OS-EC2",
                "description": "OpenStack EC2 Credentials backend."
            }
        ]
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<extensions xmlns="http://docs.openstack.org/common/api/v1.0"
            xmlns:atom="http://www.w3.org/2005/Atom"/>

This operation does not accept a request body.

GET
/v2.0/extensions/​{alias}​

Gets detailed information for a specified extension.

 

Specify the extension alias in the URI.

Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
alias URI xsd:string

The extension name.

{
    "extension": {
        "updated": "2013-07-07T12:00:0-00:00",
        "name": "OpenStack S3 API",
        "links": [
            {
                "href": "https://github.com/openstack/identity-api",
                "type": "text/html",
                "rel": "describedby"
            }
        ],
        "namespace": "http://docs.openstack.org/identity/api/ext/s3tokens/v1.0",
        "alias": "s3tokens",
        "description": "OpenStack S3 API."
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<extension xmlns="http://docs.openstack.org/common/api/v1.0"
    xmlns:atom="http://www.w3.org/2005/Atom"
    name="User Metadata Extension"
    namespace="http://docs.rackspacecloud.com/identity/api/ext/meta/v2.0"
    alias="RS-META" updated="2011-01-12T11:22:33-06:00">
    <description>Allows associating arbitrary metadata with a
        user.</description>
    <atom:link rel="describedby" type="application/pdf"
        href="http://docs.rackspacecloud.com/identity/api/ext/identity-meta-20111201.pdf"/>
    <atom:link rel="describedby" type="application/vnd.sun.wadl+xml"
        href="http://docs.rackspacecloud.com/identity/api/ext/identity-meta.wadl"
    />
</extension>

This operation does not accept a request body.

Tokens

POST
/v2.0/tokens

Authenticates and generates a token.

 

Client authentication is provided through a ReST interface by using the POST method with v2.0/tokens supplied as the path. Include a payload of credentials in the body.

The Identity API is a ReSTful web service. It is the entry point to all service APIs. To access the Identity API, you must know its URL.

Each ReST request against the Identity Service requires the X-Auth-Token header. Clients obtain this token, along with the URL to other service APIs, by first authenticating against Identity with valid credentials.

If the authentication token has expired, a 401 response code is returned.

If the token specified in the request body has expired, this call returns a 404 response code.

Identity treats expired tokens as invalid tokens.

The deployment determines how long expired tokens are stored.

Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), userDisabled (403), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
tenantName (Optional) plain xsd:string

The tenant name. Both the tenantId and tenantName attributes are optional, but should not be specified together. If both attributes are specified, the server responds with a 400 Bad Request.

tenantId (Optional) plain capi:UUID

The tenant ID. Both the tenantId and tenantName attributes are optional, but should not be specified together. If both attributes are specified, the server responds with a 400 Bad Request.

passwordCredentials (Optional) plain xsd:string

A passwordCredentials object. To authenticate, you must provide either a user ID and password or a token.

username (Optional) plain xsd:string

The user name. Required if you include the passwordCredentials object. If you do not provide a password credentials, you must provide a token.

password (Optional) plain xsd:string

The password of the user. Required if you include the passwordCredentials object. If you do not provide a password credentials, you must provide a token.

token (Optional) plain xsd:string

A token object. Required if you do not provide password credentials.

id (Optional) plain xsd:string

The token ID. This is a required field in the token object.

Response parameters
Parameter Style Type Description
access plain xsd:string

An access object.

token plain xsd:string

A token object.

issued_at plain xsd:string

A timestamp that indicates when the token was issued.

expires plain xsd:string

A timestamp that indicates when the token expires.

id plain xsd:string

The authentication token. In the example, the token is my_id.

tenant plain xsd:string

A tenant object.

description plain xsd:string

The description of the tenant. If not set, this value is null.

enabled plain xsd:boolean

Indicates whether the tenant is enabled or disabled.

id plain xsd:string

The tenant ID.

name plain xsd:string

The tenant name.

serviceCatalog plain xsd:string

A serviceCatalog object.

endpoints plain xsd:string

One or more endpoints objects. Each object shows the adminURL, region, internalURL, id, and publicURL for the endpoint.

endpoints_links plain xsd:string

Links for the endpoint.

type plain xsd:string

Endpoint type.

name plain xsd:string

Endpoint name.

user plain xsd:string

A user object, which shows the username, roles_links, id, roles, and name.

metadata plain xsd:string

A metadata object.

{
    "auth": {
        "tenantName": "admin",
        "passwordCredentials": {
            "username": "admin",
            "password": "devstack"
        }
    }
}
{
    "auth": {
        "tenantName": "demo",
        "token": {
            "id": "cbc36478b0bd8e67e89469c7749d4127"
        }
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns="http://docs.openstack.org/identity/api/v2.0"
  tenantName="admin">
  <passwordCredentials username="admin" password="devstack"/>
</auth>
<?xml version="1.0" encoding="UTF-8"?>
<auth xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns="http://docs.openstack.org/identity/api/v2.0"
  tenantName="demo">
  <token id="cbc36478b0bd8e67e89469c7749d4127"/>
</auth>
{
    "access": {
        "token": {
            "issued_at": "2014-01-30T17:09:57.647795",
            "expires": "2014-01-31T17:09:57Z",
            "id": "admin_id",
            "tenant": {
                "description": null,
                "enabled": true,
                "id": "73f0aa26640f4971864919d0eb0f0880",
                "name": "admin"
            }
        },
        "serviceCatalog": [
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8774/v2/73f0aa26640f4971864919d0eb0f0880",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8774/v2/73f0aa26640f4971864919d0eb0f0880",
                        "id": "2dad48f09e2a447a9bf852bcd93548ef",
                        "publicURL": "http://23.253.72.207:8774/v2/73f0aa26640f4971864919d0eb0f0880"
                    }
                ],
                "endpoints_links": [],
                "type": "compute",
                "name": "nova"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:9696/",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:9696/",
                        "id": "97c526db8d7a4c88bbb8d68db1bdcdb8",
                        "publicURL": "http://23.253.72.207:9696/"
                    }
                ],
                "endpoints_links": [],
                "type": "network",
                "name": "neutron"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8776/v2/73f0aa26640f4971864919d0eb0f0880",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8776/v2/73f0aa26640f4971864919d0eb0f0880",
                        "id": "93f86dfcbba143a39a33d0c2cd424870",
                        "publicURL": "http://23.253.72.207:8776/v2/73f0aa26640f4971864919d0eb0f0880"
                    }
                ],
                "endpoints_links": [],
                "type": "volumev2",
                "name": "cinder"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8774/v3",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8774/v3",
                        "id": "3eb274b12b1d47b2abc536038d87339e",
                        "publicURL": "http://23.253.72.207:8774/v3"
                    }
                ],
                "endpoints_links": [],
                "type": "computev3",
                "name": "nova"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:3333",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:3333",
                        "id": "957f1e54afc64d33a62099faa5e980a2",
                        "publicURL": "http://23.253.72.207:3333"
                    }
                ],
                "endpoints_links": [],
                "type": "s3",
                "name": "s3"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:9292",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:9292",
                        "id": "27d5749f36864c7d96bebf84a5ec9767",
                        "publicURL": "http://23.253.72.207:9292"
                    }
                ],
                "endpoints_links": [],
                "type": "image",
                "name": "glance"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8776/v1/73f0aa26640f4971864919d0eb0f0880",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8776/v1/73f0aa26640f4971864919d0eb0f0880",
                        "id": "37c83a2157f944f1972e74658aa0b139",
                        "publicURL": "http://23.253.72.207:8776/v1/73f0aa26640f4971864919d0eb0f0880"
                    }
                ],
                "endpoints_links": [],
                "type": "volume",
                "name": "cinder"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8773/services/Admin",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8773/services/Cloud",
                        "id": "289b59289d6048e2912b327e5d3240ca",
                        "publicURL": "http://23.253.72.207:8773/services/Cloud"
                    }
                ],
                "endpoints_links": [],
                "type": "ec2",
                "name": "ec2"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8080",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8080/v1/AUTH_73f0aa26640f4971864919d0eb0f0880",
                        "id": "16b76b5e5b7d48039a6e4cc3129545f3",
                        "publicURL": "http://23.253.72.207:8080/v1/AUTH_73f0aa26640f4971864919d0eb0f0880"
                    }
                ],
                "endpoints_links": [],
                "type": "object-store",
                "name": "swift"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:35357/v2.0",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:5000/v2.0",
                        "id": "26af053673df4ef3a2340c4239e21ea2",
                        "publicURL": "http://23.253.72.207:5000/v2.0"
                    }
                ],
                "endpoints_links": [],
                "type": "identity",
                "name": "keystone"
            }
        ],
        "user": {
            "username": "admin",
            "roles_links": [],
            "id": "1f568815cb8148688e6ee9b2f7527dcc",
            "roles": [
                {
                    "name": "service"
                },
                {
                    "name": "admin"
                }
            ],
            "name": "admin"
        },
        "metadata": {
            "is_admin": 0,
            "roles": [
                "8341d3603a1d4d5985bff09f10704d4d",
                "2e66d57df76946fdbe034bc4da6fdec0"
            ]
        }
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0">
        <token issued_at="2014-01-30T15:49:11.054709"
                expires="2014-01-31T15:49:11Z" id="admin_id">
                <tenant enabled="true" name="admin"
                        id="fc394f2ab2df4114bde39905f800dc57"/>
        </token>
        <serviceCatalog>
                <service type="compute" name="nova">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57"
                                internalURL="http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57"
                                id="2dad48f09e2a447a9bf852bcd93548ef"
                        />
                </service>
                <service type="network" name="neutron">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:9696/"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:9696/"
                                internalURL="http://23.253.72.207:9696/"
                                id="97c526db8d7a4c88bbb8d68db1bdcdb8"
                        />
                </service>
                <service type="volumev2" name="cinder">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57"
                                internalURL="http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57"
                                id="93f86dfcbba143a39a33d0c2cd424870"
                        />
                </service>
                <service type="computev3" name="nova">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:8774/v3"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:8774/v3"
                                internalURL="http://23.253.72.207:8774/v3"
                                id="3eb274b12b1d47b2abc536038d87339e"
                        />
                </service>
                <service type="s3" name="s3">
                        <endpoints_links/>
                        <endpoint adminURL="http://23.253.72.207:3333"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:3333"
                                internalURL="http://23.253.72.207:3333"
                                id="957f1e54afc64d33a62099faa5e980a2"
                        />
                </service>
                <service type="image" name="glance">
                        <endpoints_links/>
                        <endpoint adminURL="http://23.253.72.207:9292"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:9292"
                                internalURL="http://23.253.72.207:9292"
                                id="27d5749f36864c7d96bebf84a5ec9767"
                        />
                </service>
                <service type="volume" name="cinder">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57"
                                internalURL="http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57"
                                id="37c83a2157f944f1972e74658aa0b139"
                        />
                </service>
                <service type="ec2" name="ec2">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:8773/services/Admin"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:8773/services/Cloud"
                                internalURL="http://23.253.72.207:8773/services/Cloud"
                                id="289b59289d6048e2912b327e5d3240ca"
                        />
                </service>
                <service type="object-store" name="swift">
                        <endpoints_links/>
                        <endpoint adminURL="http://23.253.72.207:8080"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57"
                                internalURL="http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57"
                                id="16b76b5e5b7d48039a6e4cc3129545f3"
                        />
                </service>
                <service type="identity" name="keystone">
                        <endpoints_links/>
                        <endpoint
                                adminURL="http://23.253.72.207:35357/v2.0"
                                region="RegionOne"
                                publicURL="http://23.253.72.207:5000/v2.0"
                                internalURL="http://23.253.72.207:5000/v2.0"
                                id="26af053673df4ef3a2340c4239e21ea2"
                        />
                </service>
        </serviceCatalog>
        <user username="admin" id="9a6590b2ab024747bc2167c4e064d00d"
                name="admin">
                <roles_links/>
                <role name="Member"/>
                <role name="anotherrole"/>
        </user>
        <metadata is_admin="0">
                <roles>
                        <role>7598ac3c634d4c3da4b9126a5f67ca2b</role>
                        <role>f95c0ab82d6045d9805033ee1fbc80d4</role>
                </roles>
        </metadata>
</access>
GET
/v2.0/tokens/​{tokenId}​

Validates a token and confirms that it belongs to a specified tenant.

 

Returns the permissions relevant to a particular client. Valid tokens are in the /tokens/{tokenId} path. A user should expect an itemNotFound (404) fault for an token that is not valid.

Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
tokenId URI capi:UUID Required. The token ID.
belongsTo (Optional) query xsd:string

Validates that a token has the specified tenant in scope, for performance. Valid tokens are in the /tokens/{tokenId} path. An itemNotFound (404) fault is returned for a token that is not valid.

{
   "access":{
      "token":{
         "id":"ab48a9efdfedb23ty3494",
         "expires":"2010-11-01T03:32:15-05:00",
         "tenant":{
            "id":"345",
            "name":"My Project"
         }
      },
      "user":{
         "id":"123",
         "name":"jqsmith",
         "roles":[
            {
               "id":"234",
               "name":"compute:admin"
            },
            {
               "id":"234",
               "name":"object-store:admin",
               "tenantId":"1"
            }
         ],
         "roles_links":[

         ]
      }
   }
}
<?xml version="1.0" encoding="UTF-8"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0">
        <token id="ab48a9efdfedb23ty3494"
                expires="2010-11-01T03:32:15-05:00">
                <tenant id="456" name="My Project"/>
        </token>
        <user id="123" username="jqsmith">
                <roles
                        xmlns="http://docs.openstack.org/identity/api/v2.0">
                        <role id="123" name="Admin" tenantId="one"/>
                        <role id="234" name="object-store:admin"
                                tenantId="1"/>
                </roles>
        </user>
</access>

This operation does not accept a request body.

HEAD
/v2.0/tokens/​{tokenId}​

Validates a token and confirms that it belongs to a specified tenant, for performance.

 
Normal response codes
200, 203, 204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
tokenId URI capi:UUID Required. The token ID.
belongsTo (Optional) query xsd:string

Validates that a token has the specified tenant in scope, for performance. Valid tokens are in the /tokens/{tokenId} path. An itemNotFound (404) fault is returned for a token that is not valid.

This operation does not accept a request body and does not return a response body.

Users

POST
/v2.0/users

Adds a user.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string A valid authentication token for an administrative user.
id plain xsd:string The user ID.
name plain xsd:string The user name.
email plain xsd:string The user email.
enabled plain xsd:bool Indicates whether the user is enabled (true) or disabled (false).
Response parameters
Parameter Style Type Description
id plain xsd:string The user ID.
name plain xsd:string The user name.
email plain xsd:string The user email.
enabled plain xsd:bool Indicates whether the user is enabled (true) or disabled (false).
{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      enabled="true" email="john.smith@example.org" name="jqsmith"
      id="u1000"/>
{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      enabled="true" email="john.smith@example.org" name="jqsmith"
      id="u1000"/>
PUT
/v2.0/users/​{userId}​

Updates a user.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
userId URI xsd:string

The ID of the user for which you want to perform the request.

id plain xsd:string The user ID.
name plain xsd:string The user name.
email plain xsd:string The user email.
enabled plain xsd:bool Indicates whether the user is enabled (true) or disabled (false).
Response parameters
Parameter Style Type Description
id plain xsd:string The user ID.
name plain xsd:string The user name.
email plain xsd:string The user email.
enabled plain xsd:bool Indicates whether the user is enabled (true) or disabled (false).
{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      enabled="true" email="john.smith@example.org" name="jqsmith"
      id="u1000"/>
{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      enabled="true" email="john.smith@example.org" name="jqsmith"
      id="u1000"/>
DELETE
/v2.0/users/​{userId}​

Deletes a user.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
userId URI xsd:string

The ID of the user for which you want to perform the request.

This operation does not accept a request body and does not return a response body.

GET
/v2.0/users/​{name}​

Gets detailed information about a specified user by user name.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
name query xsd:string The user name.
{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      enabled="true" email="john.smith@example.org" name="jqsmith"
      id="u1000"/>

This operation does not accept a request body.

GET
/v2.0/users/​{user_id}​

Gets detailed information about a specified user by user ID.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
user_id URI xsd:string The user ID.
{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      enabled="true" email="john.smith@example.org" name="jqsmith"
      id="u1000"/>

This operation does not accept a request body.

GET
/v2.0/users/​{user_id}​/roles

Lists global roles for a specified user. Excludes tenant roles.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
user_id URI xsd:string The user ID.
{
    "roles": [
        {
            "id": "123",
            "name": "compute:admin",
            "description": "Nova Administrator"
        }
    ],
    "roles_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<roles xmlns="http://docs.openstack.org/identity/api/v2.0">
  <role id="123" name="Admin" description="All Access"/>
  <role id="234" name="Guest" description="Guest Access"/>
</roles>

This operation does not accept a request body.

Tenants

GET
/v2.0/tenants

Lists all tenants.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string A valid authentication token for an administrative user.
marker (Optional) query xsd:string The ID of the last item in the previous list.
limit (Optional) query xsd:int The page size.
{
    "tenants": [
        {
            "id": "1234",
            "name": "ACME Corp",
            "description": "A description ...",
            "enabled": true
        },
        {
            "id": "3456",
            "name": "Iron Works",
            "description": "A description ...",
            "enabled": true
        }
    ],
    "tenants_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<tenants xmlns="http://docs.openstack.org/identity/api/v2.0">
    <tenant enabled="true" id="1234" name="ACME Corp">
        <description>A description...</description>
    </tenant>
    <tenant enabled="true" id="3645" name="Iron Works">
        <description>A description...</description>
    </tenant>
</tenants>

This operation does not accept a request body.

GET
/v2.0/tenants

Gets detailed information about a specified tenant by name.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string A valid authentication token for an administrative user.
marker (Optional) query xsd:string The ID of the last item in the previous list.
limit (Optional) query xsd:int The page size.
name query xsd:string The name of the tenant.
{
    "tenant": {
        "id": "1234",
        "name": "ACME corp",
        "description": "A description ...",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<tenant xmlns="http://docs.openstack.org/identity/api/v2.0"
    enabled="true" id="1234" name="ACME Corp">
    <description>A description...</description>
</tenant>
GET
/v2.0/tenants/​{tenantId}​

Gets detailed information about a specified tenant by ID.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string A valid authentication token for an administrative user.
tenantId URI xsd:string The tenant ID.
{
    "tenant": {
        "id": "1234",
        "name": "ACME corp",
        "description": "A description ...",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<tenant xmlns="http://docs.openstack.org/identity/api/v2.0"
    enabled="true" id="1234" name="ACME Corp">
    <description>A description...</description>
</tenant>

This operation does not accept a request body.

GET
/v2.0/tenants/​{tenantId}​/users/​{userId}​/roles

Lists roles for a specified user on a specified tenant. Excludes global roles.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string A valid authentication token for an administrative user.
tenantId URI xsd:string The tenant ID.
userId URI xsd:string The user ID.
{
    "roles": [
        {
            "id": "123",
            "name": "compute:admin",
            "description": "Nova Administrator"
        }
    ],
    "roles_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<roles xmlns="http://docs.openstack.org/identity/api/v2.0">
  <role id="123" name="Admin" description="All Access"/>
  <role id="234" name="Guest" description="Guest Access"/>
</roles>

This operation does not accept a request body.

Identity API v2.0 extensions (STABLE)

Query the Identity API to list available extensions with a GET request to v2.0/extensions.

HP-IDM-serviceId extended parameter

GET
/v2.0/tokens/​{tokenId}​

Validates that a token belongs to a specified tenant and services. Returns the permissions relevant to a particular client.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

tokenId URI xsd:string

The token ID.

belongsTo (Optional) query xsd:string

Validates that a token has the specified tenant in scope, for performance. Valid tokens are in the /tokens/{tokenId} path. An itemNotFound (404) fault is returned for a token that is not valid.

HP-IDM-serviceId (Optional) query xsd:string

A comma-separated string of service IDs. Checks the roles against the specified service IDs. If a service ID is not valid or if no roles are associated with a service ID, a 401 fault is returned.

{
   "access":{
      "token":{
         "id":"ab48a9efdfedb23ty3494",
         "expires":"2010-11-01T03:32:15-05:00",
         "tenant":{
            "id":"345",
            "name":"My Project"
         }
      },
      "user":{
         "id":"123",
         "name":"jqsmith",
         "roles":[
            {
               "id":"234",
               "name":"compute:admin"
            },
            {
               "id":"234",
               "name":"object-store:admin",
               "tenantId":"1"
            }
         ],
         "roles_links":[

         ]
      }
   }
}
<?xml version="1.0" encoding="UTF-8"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0">
        <token id="ab48a9efdfedb23ty3494"
                expires="2010-11-01T03:32:15-05:00">
                <tenant id="456" name="My Project"/>
        </token>
        <user id="123" username="jqsmith">
                <roles
                        xmlns="http://docs.openstack.org/identity/api/v2.0">
                        <role id="123" name="Admin" tenantId="one"/>
                        <role id="234" name="object-store:admin"
                                tenantId="1"/>
                </roles>
        </user>
</access>

This operation does not accept a request body.

HEAD
/v2.0/tokens/​{tokenId}​

Validates that a token belongs to a specified tenant and services. For performance.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

tokenId URI xsd:string

The token ID.

belongsTo (Optional) query xsd:string

Validates that a token has the specified tenant in scope, for performance. Valid tokens are in the /tokens/{tokenId} path. An itemNotFound (404) fault is returned for a token that is not valid.

HP-IDM-serviceId (Optional) query xsd:string

A comma-separated string of service IDs. Checks the roles against the specified service IDs. If a service ID is not valid or if no roles are associated with a service ID, a 401 fault is returned.

This operation does not accept a request body and does not return a response body.

OS-KSADM admin extension

GET
/v2.0/users

Lists users.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

{
    "users": [
        {
            "id": "u1000",
            "name": "jqsmith",
            "email": "john.smith@example.org",
            "enabled": true
        },
        {
            "id": "u1001",
            "name": "jqsmith",
            "email": "john.smith@example.org",
            "enabled": true
        }
    ],
    "users_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<users xmlns="http://docs.openstack.org/identity/api/v2.0">
    <user xmlns="http://docs.openstack.org/identity/api/v2.0"
          enabled="true" email="john.smith@example.org"
          name="jqsmith" id="u1000"/>
    <user xmlns="http://docs.openstack.org/identity/api/v2.0"
          enabled="true" email="john.smith@example.org"
          name="jqsmith" id="u1001"/>
</users>

This operation does not accept a request body.

POST
/v2.0/users

Adds a user.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

name (Optional) plain String The user name.
{
    "user": {
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true,
        "OS-KSADM:password": "secrete"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      xmlns:OS-KSADM="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
      enabled="true" email="john.smith@example.org"
      name="jqsmith"
      OS-KSADM:password="secrete"/>
{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      enabled="true" email="john.smith@example.org"
      name="jqsmith" id="u1000"/>
PUT
/v2.0/users/​{userId}​

Updates a user.

 
Normal response codes
200
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The ID of the user for which you want to perform the request.

{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      enabled="true" email="john.smith@example.org"
      name="jqsmith" id="u1000"/>
{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      enabled="true" email="john.smith@example.org"
      name="jqsmith" id="u1000"/>
DELETE
/v2.0/users/​{userId}​

Deletes a user.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The ID of the user for which you want to perform the request.

This operation does not accept a request body and does not return a response body.

GET
/v2.0/users/​{userId}​/roles

Lists global roles for a specified user.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The ID of the user for which you want to perform the request.

serviceId (Optional) query xsd:string

The service ID.

marker (Optional) query xsd:string

The ID of the last item in the previous list.

limit (Optional) query xsd:int

The page size.

{
    "roles": [
        {
            "id": "8341d3603a1d4d5985bff09f10704d4d",
            "name": "service"
        },
        {
            "id": "2e66d57df76946fdbe034bc4da6fdec0",
            "name": "admin"
        }
    ]
}
<?xml version="1.0" encoding="UTF-8"?>
<roles xmlns="http://docs.openstack.org/identity/api/v2.0">
    <role id="8341d3603a1d4d5985bff09f10704d4d" name="service"/>
    <role id="2e66d57df76946fdbe034bc4da6fdec0" name="admin"/>
</roles>

This operation does not accept a request body.

PUT
/v2.0/users/​{userId}​/roles/OS-KSADM/​{roleId}​

Adds a specific global role to a user.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The ID of the user for which you want to perform the request.

roleId URI xsd:int

The ID of the role that you want to add or delete.

This operation does not accept a request body and does not return a response body.

DELETE
/v2.0/users/​{userId}​/roles/OS-KSADM/​{roleId}​

Deletes a specific global role from a user.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The ID of the user for which you want to perform the request.

roleId URI xsd:int

The ID of the role that you want to add or delete.

This operation does not accept a request body and does not return a response body.

POST
/v2.0/tenants

Creates a tenant.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

{
    "tenant": {
        "name": "ACME corp",
        "description": "A description ...",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<tenant xmlns="http://docs.openstack.org/identity/api/v2.0"
        enabled="true" name="ACME Corp">
    <description>A description...</description>
</tenant>
{
    "tenant": {
        "id": "1234",
        "name": "ACME corp",
        "description": "A description ...",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<tenant xmlns="http://docs.openstack.org/identity/api/v2.0"
        enabled="true" id="1234" name="ACME Corp">
    <description>A description...</description>
</tenant>
POST
/v2.0/tenants/​{tenantId}​

Updates a tenant.

 
Normal response codes
200
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

tenantId URI xsd:string

The tenant ID.

{
    "tenant": {
        "id": "1234",
        "name": "ACME corp",
        "description": "A description ...",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<tenant xmlns="http://docs.openstack.org/identity/api/v2.0"
        enabled="true" id="1234" name="ACME Corp">
    <description>A description...</description>
</tenant>
{
    "tenant": {
        "id": "1234",
        "name": "ACME corp",
        "description": "A description ...",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<tenant xmlns="http://docs.openstack.org/identity/api/v2.0"
        enabled="true" id="1234" name="ACME Corp">
    <description>A description...</description>
</tenant>
DELETE
/v2.0/tenants/​{tenantId}​

Deletes a tenant.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

tenantId URI xsd:string

The tenant ID.

This operation does not accept a request body and does not return a response body.

GET
/v2.0/tenants/​{tenantId}​/users

Lists all users for a tenant.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

tenantId URI xsd:string

The tenant ID.

marker (Optional) query xsd:string

The ID of the last item in the previous list.

limit (Optional) query xsd:int

The page size.

{
    "users": [
        {
            "id": "u1000",
            "name": "jqsmith",
            "email": "john.smith@example.org",
            "enabled": true
        },
        {
            "id": "u1001",
            "name": "jqsmith",
            "email": "john.smith@example.org",
            "enabled": true
        }
    ],
    "users_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<users xmlns="http://docs.openstack.org/identity/api/v2.0">
    <user xmlns="http://docs.openstack.org/identity/api/v2.0"
          enabled="true" email="john.smith@example.org"
          name="jqsmith" id="u1000"/>
    <user xmlns="http://docs.openstack.org/identity/api/v2.0"
          enabled="true" email="john.smith@example.org"
          name="jqsmith" id="u1001"/>
</users>

This operation does not accept a request body.

PUT
/v2.0/tenants/​{tenantId}​/users/​{userId}​/roles/OS-KSADM/​{roleId}​

Adds a specified role to a user for a tenant.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

tenantId URI xsd:string

The tenant ID.

userId URI xsd:string

The user ID.

roleId URI xsd:string

The role ID.

This operation does not accept a request body and does not return a response body.

DELETE
/v2.0/tenants/​{tenantId}​/users/​{userId}​/roles/OS-KSADM/​{roleId}​

Deletes a specified role from a user on a tenant.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

tenantId URI xsd:string

The tenant ID.

userId URI xsd:string

The user ID.

roleId URI xsd:string

The role ID.

This operation does not accept a request body and does not return a response body.

GET
/v2.0/OS-KSADM/roles

Gets a role by name.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

Response parameters
Parameter Style Type Description
id plain xsd:int

The role ID.

name plain xsd:string

The role name.

description plain xsd:string

The role description.

Location (Optional) header xsd:anyURI The location.
{
    "role": {
        "id": "123",
        "name": "Guest",
        "description": "Guest Access"
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<role xmlns="http://docs.openstack.org/identity/api/v2.0"
  id="123" name="Admin" description="All Access" />

This operation does not accept a request body.

GET
/v2.0/OS-KSADM/roles/

Lists roles.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

Response parameters
Parameter Style Type Description
roles plain xsd:string

Role object.

id plain xsd:int

The role ID.

name plain xsd:string

The role name.

description plain xsd:string

The role description.

roles_links plain xsd:dict

Role links.

{
    "roles": [
        {
            "id": "123",
            "name": "compute:admin",
            "description": "Nova Administrator"
        }
    ],
    "roles_links": []
}
<?xml version="1.0" encoding="UTF-8"?>

<roles xmlns="http://docs.openstack.org/identity/api/v2.0">
  <role id="123" name="Admin" description="All Access" />
  <role id="234" name="Guest" description="Guest Access" />
</roles>

This operation does not accept a request body.

POST
/v2.0/OS-KSADM/roles

Adds a role.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

Response parameters
Parameter Style Type Description
Location (Optional) header xsd:anyURI The location.
{
    "role": {
        "id": "123",
        "name": "Guest",
        "description": "Guest Access"
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<role xmlns="http://docs.openstack.org/identity/api/v2.0"
  id="123" name="Admin" description="All Access" />
{
    "role": {
        "id": "123",
        "name": "Guest",
        "description": "Guest Access"
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<role xmlns="http://docs.openstack.org/identity/api/v2.0"
  id="123" name="Admin" description="All Access" />
GET
/v2.0/OS-KSADM/roles/​{roleId}​

Gets information for a specified role.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

roleId URI xsd:string

The role ID.

Response parameters
Parameter Style Type Description
id plain xsd:int

The role ID.

name plain xsd:string

The role name.

description plain xsd:string

The role description.

Location (Optional) header xsd:anyURI The location.
{
    "role": {
        "id": "123",
        "name": "Guest",
        "description": "Guest Access"
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<role xmlns="http://docs.openstack.org/identity/api/v2.0"
  id="123" name="Admin" description="All Access" />

This operation does not accept a request body.

DELETE
/v2.0/OS-KSADM/roles/​{roleId}​

Deletes a role.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

roleId URI xsd:string

The role ID.

This operation does not accept a request body and does not return a response body.

GET
/v2.0/OS-KSADM/services

Lists services.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

marker (Optional) query xsd:string

The ID of the last item in the previous list.

limit (Optional) query xsd:int

The page size.

{
    "OS-KSADM:services": [
        {
            "id": "123",
            "name": "nova",
            "type": "compute",
            "description": "OpenStack Compute Service"
        },
        {
            "id": "234",
            "name": "glance",
            "type": "image",
            "description": "OpenStack Image Service"
        }
    ],
    "OS-KSADM:services_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<services
  xmlns="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0">
  <service id="123" name="nova" type="compute"
    description="OpenStack Compute Service"/>
  <service id="234" name="glance" type="image"
    description="OpenStack Image Service"/>
</services>

This operation does not accept a request body.

POST
/v2.0/OS-KSADM/services

Adds a service.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

marker (Optional) query xsd:string

The ID of the last item in the previous list.

limit (Optional) query xsd:int

The page size.

Response parameters
Parameter Style Type Description
Location (Optional) header xsd:anyURI The location.
{
    "OS-KSADM:service": {
        "id": "123",
        "name": "nova",
        "type": "compute",
        "description": "OpenStack Compute Service"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<service
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
    id="123" name="nova" type="compute"
    description="OpenStack Compute Service"/>
{
    "OS-KSADM:service": {
        "id": "123",
        "name": "nova",
        "type": "compute",
        "description": "OpenStack Compute Service"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<service
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
    id="123" name="nova" type="compute"
    description="OpenStack Compute Service"/>
GET
/v2.0/OS-KSADM/services/

Gets a service by name.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

name query xsd:string

The service name.

{
    "OS-KSADM:service": {
        "id": "123",
        "name": "nova",
        "type": "compute",
        "description": "OpenStack Compute Service"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<service
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
    id="123" name="nova" type="compute"
    description="OpenStack Compute Service"/>

This operation does not accept a request body.

GET
/v2.0/OS-KSADM/services/​{serviceId}​

Gets a service.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

serviceId URI xsd:string

The service ID.

{
    "OS-KSADM:service": {
        "id": "123",
        "name": "nova",
        "type": "compute",
        "description": "OpenStack Compute Service"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<service
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
    id="123" name="nova" type="compute"
    description="OpenStack Compute Service"/>

This operation does not accept a request body.

DELETE
/v2.0/OS-KSADM/services/​{serviceId}​

Deletes a service.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

serviceId URI xsd:string

The service ID.

This operation does not accept a request body and does not return a response body.

OS-KSCATALOG admin extension

GET
/v2.0/tenants/​{tenantId}​/OS-KSCATALOG/endpoints

Lists endpoints for a tenant.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

tenantId URI xsd:string

The tenant ID.

{
    "endpoints": [
        {
            "id": 1,
            "tenantId": "1",
            "region": "North",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 2,
            "tenantId": "1",
            "region": "South",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 3,
            "tenantId": "1",
            "region": "East",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 4,
            "tenantId": "1",
            "region": "West",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 5,
            "tenantId": "1",
            "region": "Global",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        }
    ],
    "endpoints_links": []
}
<?xml version="1.0" encoding="UTF-8"?>

<endpoints
    xmlns="http://docs.openstack.org/identity/api/v2.0">
  <endpoint
      id="1"
      tenantId="1"
      type="compute"
      name="Compute"
      region="North"
      publicURL="https://compute.north.public.com/v1"
      internalURL="https://compute.north.internal.com/v1"
      adminURL="https://compute.north.internal.com/v1">
      <version
          id="1"
          info="https://compute.north.public.com/v1/"
          list="https://compute.north.public.com/"
      />
  </endpoint>
  <endpoint
      id="2"
      tenantId="2"
      type="compute"
      name="Compute"
      region="South"
      publicURL="https://compute.north.public.com/v1"
      internalURL="https://compute.north.internal.com/v1"
      adminURL="https://compute.north.internal.com/v1">
      <version
          id="1"
          info="https://compute.north.public.com/v1/"
          list="https://compute.north.public.com/"
      />
  </endpoint>
  <endpoint
      id="3"
      tenantId="1"
      type="compute"
      name="Compute"
      region="East"
      publicURL="https://compute.north.public.com/v1"
      internalURL="https://compute.north.internal.com/v1"
      adminURL="https://compute.north.internal.com/v1"
  />
  <endpoint
      id="4"
      tenantId="1"
      type="compute"
      name="Compute"
      region="West"
      publicURL="https://compute.north.public.com/v1"
      internalURL="https://compute.north.internal.com/v1"
      adminURL="https://compute.north.internal.com/v1">
      <version
          id="1"
          info="https://compute.north.public.com/v1/"
          list="https://compute.north.public.com/"
      />
  </endpoint>
  <endpoint
      id="5"
      tenantId="1"
      type="compute"
      name="Compute"
      region="Global"
      publicURL="https://compute.north.public.com/v1"
      internalURL="https://compute.north.internal.com/v1"
      adminURL="https://compute.north.internal.com/v1">
      <version
          id="1"
          info="https://compute.north.public.com/v1/"
          list="https://compute.north.public.com/"
      />
  </endpoint>
</endpoints>

This operation does not accept a request body.

POST
/v2.0/tenants/​{tenantId}​/OS-KSCATALOG/endpoints

Adds endpoint to a tenant.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

tenantId URI xsd:string

The tenant ID.

endpoint (Optional) plain EndpointTemplateWithOnlyId
Response parameters
Parameter Style Type Description
Location (Optional) header xsd:anyURI
Location (Optional) header xsd:anyURI
{
    "OS-KSCATALOG:endpointTemplate": {
        "id": 1
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<endpointTemplate
  xmlns="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:type="EndpointTemplateWithOnlyId"
  id="1"/>
{
    "endpoint": {
        "id": 1,
        "tenantId": 1,
        "region": "North",
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "adminURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/"
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<endpoint
            id="1"
            tenantId="1"
            type="compute"
            name="Compute"
            region="North"
            publicURL="https://compute.north.public.com/v1"
            internalURL="https://compute.north.internal.com/v1"
            adminURL="https://compute.north.internal.com/v1"
            xmlns="http://docs.openstack.org/identity/api/v2.0">
            <version
                        id="1"
                        info="https://compute.north.public.com/v1/"
                        list="https://compute.north.public.com/"
            />
</endpoint>
GET
/v2.0/tenants/​{tenantId}​/OS-KSCATALOG/endpoints/​{endpointId}​

Gets endpoint for a tenant.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

tenantId URI xsd:string

The tenant ID.

endpointId URI xsd:string

The endpoint ID.

{
    "endpoint": {
        "id": 1,
        "tenantId": 1,
        "region": "North",
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "adminURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/"
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<endpoint
            id="1"
            tenantId="1"
            type="compute"
            name="Compute"
            region="North"
            publicURL="https://compute.north.public.com/v1"
            internalURL="https://compute.north.internal.com/v1"
            adminURL="https://compute.north.internal.com/v1"
            xmlns="http://docs.openstack.org/identity/api/v2.0">
            <version
                        id="1"
                        info="https://compute.north.public.com/v1/"
                        list="https://compute.north.public.com/"
            />
</endpoint>

This operation does not accept a request body.

DELETE
/v2.0/tenants/​{tenantId}​/OS-KSCATALOG/endpoints/​{endpointId}​

Deletes an endpoint from a tenant.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

tenantId URI xsd:string

The tenant ID.

endpointId URI xsd:string

The endpoint ID.

This operation does not accept a request body and does not return a response body.

GET
/v2.0/OS-KSCATALOG/endpointTemplates

Lists endpoint templates.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

serviceId (Optional) query xsd:string

The service ID.

{
    "OS-KSCATALOG:endpointsTemplates": [
        {
            "id": 1,
            "region": "North",
            "global": true,
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/",
            "enabled": true
        },
        {
            "id": 2,
            "region": "South",
            "type": "compute",
            "publicURL": "https://compute.south.public.com/v1",
            "internalURL": "https://compute.south.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.south.public.com/v1/",
            "versionList": "https://compute.south.public.com/",
            "enabled": false
        },
        {
            "id": 3,
            "region": "North",
            "global": true,
            "type": "object-store",
            "publicURL": "https://object-store.north.public.com/v1.0",
            "versionId": "1.0",
            "versionInfo": "https://object-store.north.public.com/v1.0/",
            "versionList": "https://object-store.north.public.com/",
            "enabled": true
        },
        {
            "id": 4,
            "region": "South",
            "type": "object-store",
            "publicURL": "https://object-store.south.public.com/v2",
            "versionId": "2",
            "versionInfo": "https://object-store.south.public.com/v2/",
            "versionList": "https://object-store.south.public.com/",
            "enabled": true
        },
        {
            "id": 5,
            "global": true,
            "type": "OS-DNS:DNS",
            "publicURL": "https://dns.public.com/v3.2",
            "versionId": "1.0",
            "versionInfo": "https://dns.public.com/v1.0/",
            "versionList": "https://dns.public.com/",
            "enabled": true
        }
    ],
    "OS-KSCATALOG:endpointsTemplates_links": []
}
<?xml version="1.0" encoding="UTF-8"?>

<endpointTemplates xmlns="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0">
  <endpointTemplate
   id="1"
   region="North"
   global="true"
   type="compute"
   name="Compute"
   publicURL="https://compute.north.public.com/v1"
   internalURL="https://compute.north.internal.com/v1"
   enabled="true">
   <version
     id="1"
     list="https://compute.north.public.com/"
     info="https://compute.north.public.com/v1"/>
  </endpointTemplate>
  <endpointTemplate
   id="2"
   region="south"
   type="compute"
   name="Compute"
   publicURL="https://service2.public.com/v1"
   internalURL="https://service2.internal.public.com/v1"
   enabled="false">
   <version
    id="1"
    list="https://service1.public.com/"
    info="https://service1.public.com/v1"/>
  </endpointTemplate>
  <endpointTemplate
   id="3"
   region="DFW"
   global="true"
   type="ext1:service1"
   name="Compute"
   publicURL="https://service1.public.com/v1"
   enabled="true">
   <version
    id="1"
    list="https://service1.public.com/"
    info="https://service1.public.com/v1"/>
  </endpointTemplate>
  <endpointTemplate
   id="4"
   region="ORD"
   type="compute"
   name="Compute"
   publicURL="https://service2.public.com/v1"
   enabled="true">
   <version
    id="1"
    list="https://service1.public.com/"
    info="https://service1.public.com/v1"/>
  </endpointTemplate>
  <endpointTemplate
   id="5"
   global="true"
   type="compute"
   name="Compute"
   publicURL="https://service3.public.com/v1">
   <version
    id="1"
    list="https://service1.public.com/"
    info="https://service1.public.com/v1"/>
  </endpointTemplate>
</endpointTemplates>

This operation does not accept a request body.

POST
/v2.0/OS-KSCATALOG/endpointTemplates

Adds endpoint template.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

serviceId (Optional) query xsd:string

The service ID.

Response parameters
Parameter Style Type Description
Location (Optional) header xsd:anyURI
Location (Optional) header xsd:anyURI
{
    "OS-KSCATALOG:endpointTemplate": {
        "id": 1,
        "region": "North",
        "global": true,
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<endpointTemplate
  xmlns="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0"
  id="1"
  region="North"
  global="true"
  type="compute"
  name="Compute"
  publicURL="https://service-public.com/v1"
  internalURL="https://service-internal.com/v1"
  enabled="true">
  <version
    id="1"
    info="https://compute.north.public.com/v1/"
    list="https://compute.north.public.com/"
  />
</endpointTemplate>
{
    "OS-KSCATALOG:endpointTemplate": {
        "id": 1,
        "region": "North",
        "global": true,
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<endpointTemplate
  xmlns="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0"
  id="1"
  region="North"
  global="true"
  type="compute"
  name="Compute"
  publicURL="https://service-public.com/v1"
  internalURL="https://service-internal.com/v1"
  enabled="true">
  <version
    id="1"
    info="https://compute.north.public.com/v1/"
    list="https://compute.north.public.com/"
  />
</endpointTemplate>
GET
/v2.0/OS-KSCATALOG/endpointTemplates/​{endpointTemplateId}​

Gets endpoint templates.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

endpointTemplateId URI xsd:string

The endpoint template ID.

{
    "OS-KSCATALOG:endpointTemplate": {
        "id": 1,
        "region": "North",
        "global": true,
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<endpointTemplate
  xmlns="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0"
  id="1"
  region="North"
  global="true"
  type="compute"
  name="Compute"
  publicURL="https://service-public.com/v1"
  internalURL="https://service-internal.com/v1"
  enabled="true">
  <version
    id="1"
    info="https://compute.north.public.com/v1/"
    list="https://compute.north.public.com/"
  />
</endpointTemplate>

This operation does not accept a request body.

PUT
/v2.0/OS-KSCATALOG/endpointTemplates/​{endpointTemplateId}​

Updates endpoint template.

 
Normal response codes
200
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

endpointTemplateId URI xsd:string

The endpoint template ID.

{
    "OS-KSCATALOG:endpointTemplate": {
        "id": 1,
        "region": "North",
        "global": true,
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<endpointTemplate
  xmlns="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0"
  id="1"
  region="North"
  global="true"
  type="compute"
  name="Compute"
  publicURL="https://service-public.com/v1"
  internalURL="https://service-internal.com/v1"
  enabled="true">
  <version
    id="1"
    info="https://compute.north.public.com/v1/"
    list="https://compute.north.public.com/"
  />
</endpointTemplate>
{
    "OS-KSCATALOG:endpointTemplate": {
        "id": 1,
        "region": "North",
        "global": true,
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/",
        "enabled": true
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<endpointTemplate
  xmlns="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0"
  id="1"
  region="North"
  global="true"
  type="compute"
  name="Compute"
  publicURL="https://service-public.com/v1"
  internalURL="https://service-internal.com/v1"
  enabled="true">
  <version
    id="1"
    info="https://compute.north.public.com/v1/"
    list="https://compute.north.public.com/"
  />
</endpointTemplate>
DELETE
/v2.0/OS-KSCATALOG/endpointTemplates/​{endpointTemplateId}​

Deletes an endpoint template.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

endpointTemplateId URI xsd:string

The endpoint template ID.

This operation does not accept a request body and does not return a response body.

OS-KSEC2 admin extension

GET
/v2.0/users/​{userId}​/OS-KSADM/credentials

Lists credentials.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

userId URI xsd:string

The user ID.

marker (Optional) query xsd:string

The ID of the last item in the previous list.

limit (Optional) query xsd:int

The page size.

{
    "credentials": [
        {
            "passwordCredentials": {
                "username": "test_user",
                "password": "mypass"
            }
        },
        {
            "OS-KSEC2-ec2Credentials": {
                "username": "test_user",
                "secret": "aaaaa",
                "signature": "bbb"
            }
        }
    ],
    "credentials_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<credentials xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://docs.openstack.org/identity/api/v2.0">
    <passwordCredentials username="test_user" password="test"/>
    <ec2Credentials xmlns="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
        username="testuser" key="aaaaa" signature="bbbbb"/>
</credentials>

This operation does not accept a request body.

POST
/v2.0/users/​{userId}​/OS-KSADM/credentials

Adds a credential to a user.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

userId URI xsd:string

The user ID.

marker (Optional) query xsd:string

The ID of the last item in the previous list.

limit (Optional) query xsd:int

The page size.

{
    "OS-KSEC2-ec2Credentials": {
        "username": "test_user",
        "secret": "aaaaa",
        "signature": "bbb"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
  <ec2Credentials
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
    username="testuser"
    key="aaaaa"
    signature="bbbbb"/>
{
    "OS-KSEC2-ec2Credentials": {
        "username": "test_user",
        "secret": "aaaaa",
        "signature": "bbb"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
  <ec2Credentials
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
    username="testuser"
    key="aaaaa"
    signature="bbbbb"/>
GET
/v2.0/users/​{userId}​/OS-KSADM/credentials/OS-KSEC2:ec2Credentials

Gets user credentials.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

userId URI xsd:string

The user ID.

{
    "OS-KSEC2-ec2Credentials": {
        "username": "test_user",
        "secret": "aaaaa",
        "signature": "bbb"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
  <ec2Credentials
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
    username="testuser"
    key="aaaaa"
    signature="bbbbb"/>

This operation does not accept a request body.

POST
/v2.0/users/​{userId}​/OS-KSADM/credentials/OS-KSEC2:ec2Credentials

Updates credentials for a specified user.

 
Normal response codes
200
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

userId URI xsd:string

The user ID.

{
    "OS-KSEC2-ec2Credentials": {
        "username": "test_user",
        "secret": "aaaaa",
        "signature": "bbb"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
  <ec2Credentials
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
    username="testuser"
    key="aaaaa"
    signature="bbbbb"/>
{
    "OS-KSEC2-ec2Credentials": {
        "username": "test_user",
        "secret": "aaaaa",
        "signature": "bbb"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
  <ec2Credentials
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
    username="testuser"
    key="aaaaa"
    signature="bbbbb"/>
DELETE
/v2.0/users/​{userId}​/OS-KSADM/credentials/OS-KSEC2:ec2Credentials

Deletes user credentials.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

userId URI xsd:string

The user ID.

This operation does not accept a request body and does not return a response body.

GET
/v2.0/users/​{userId}​/OS-KSADM/credentials/OS-KSEC2:ec2Credentials/​{type}​

Lists credentials by type.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

userId URI xsd:string

The user ID.

type query xsd:string

The credential type.

<?xml version="1.0" encoding="UTF-8"?>
<credentials xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://docs.openstack.org/identity/api/v2.0">
    <passwordCredentials username="test_user" password="test"/>
</credentials>
<?xml version="1.0" encoding="UTF-8"?>
<credentials xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://docs.openstack.org/identity/api/v2.0">
    <passwordCredentials username="test_user" password="test"/>
</credentials>

This operation does not accept a request body.

OS-KSS3 admin extension

GET
/v2.0/users/​{userId}​/OS-OS-KSS3/credentials

Lists credentials.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

userId URI xsd:string

The user ID.

marker (Optional) query xsd:string

The ID of the last item in the previous list.

limit (Optional) query xsd:int

The page size.

{
    "credentials": [
        {
            "passwordCredentials": {
                "username": "test_user",
                "password": "mypass"
            }
        },
        {
            "OS-KSS3:s3Credentials": {
                "username": "test_user",
                "secret": "aaaaa",
                "signature": "bbb"
            }
        }
    ],
    "credentials_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<credentials xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://docs.openstack.org/identity/api/v2.0">
    <passwordCredentials username="test_user" password="test"/>
    <s3Credentials xmlns="http://docs.openstack.org/identity/api/ext/OS-KSS3/v1.0"
        username="testuser" key="aaaaa" signature="bbbbb"/>
</credentials>

This operation does not accept a request body.

POST
/v2.0/users/​{userId}​/OS-OS-KSS3/credentials

Adds a credential to a user.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

userId URI xsd:string

The user ID.

marker (Optional) query xsd:string

The ID of the last item in the previous list.

limit (Optional) query xsd:int

The page size.

{
    "OS-KSS3:s3Credentials": {
        "username": "test_user",
        "secret": "aaaaa",
        "signature": "bbb"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<s3Credentials
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSS3/v1.0"
    username="testuser"
    key="aaaaa"
    signature="bbbbb"/>
{
    "OS-KSS3:s3Credentials": {
        "username": "test_user",
        "secret": "aaaaa",
        "signature": "bbb"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<s3Credentials
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSS3/v1.0"
    username="testuser"
    key="aaaaa"
    signature="bbbbb"/>
GET
/v2.0/users/​{userId}​/OS-OS-KSS3/credentials/s3credentials

Gets user credentials.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

userId URI xsd:string

The user ID.

{
    "OS-KSS3:s3Credentials": {
        "username": "test_user",
        "secret": "aaaaa",
        "signature": "bbb"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<s3Credentials
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSS3/v1.0"
    username="testuser"
    key="aaaaa"
    signature="bbbbb"/>

This operation does not accept a request body.

POST
/v2.0/users/​{userId}​/OS-OS-KSS3/credentials/s3credentials

Updates credentials.

 
Normal response codes
200
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

userId URI xsd:string

The user ID.

{
    "OS-KSS3:s3Credentials": {
        "username": "test_user",
        "secret": "aaaaa",
        "signature": "bbb"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<s3Credentials
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSS3/v1.0"
    username="testuser"
    key="aaaaa"
    signature="bbbbb"/>
{
    "OS-KSS3:s3Credentials": {
        "username": "test_user",
        "secret": "aaaaa",
        "signature": "bbb"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<s3Credentials
    xmlns="http://docs.openstack.org/identity/api/ext/OS-KSS3/v1.0"
    username="testuser"
    key="aaaaa"
    signature="bbbbb"/>
DELETE
/v2.0/users/​{userId}​/OS-OS-KSS3/credentials/s3credentials

Deletes user credentials.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

userId URI xsd:string

The user ID.

This operation does not accept a request body and does not return a response body.

GET
/v2.0/users/​{userId}​/OS-OS-KSS3/credentials/s3credentials/​{type}​

Lists credentials by type.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token.

userId URI xsd:string

The user ID.

type query xsd:string

The credential type.

{
    "credentials": [
        {
            "passwordCredentials": {
                "username": "test_user",
                "password": "mypass"
            }
        },
        {
            "OS-KSS3:s3Credentials": {
                "username": "test_user",
                "secret": "aaaaa",
                "signature": "bbb"
            }
        }
    ],
    "credentials_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<credentials xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://docs.openstack.org/identity/api/v2.0">
    <passwordCredentials username="test_user" password="test"/>
    <s3Credentials xmlns="http://docs.openstack.org/identity/api/ext/OS-KSS3/v1.0"
        username="testuser" key="aaaaa" signature="bbbbb"/>
</credentials>

This operation does not accept a request body.

OS-KSVALIDATE admin extension

GET
/v2.0/OS-KSVALIDATE/token/validate

Checks that a token is valid and that it belongs to a specified tenant and service IDs. Returns the permissions for a particular client.

 

Behavior is similar to /tokens/{tokenId}. An itemNotFound (404) fault is returned for a token that is not valid.

This extension might decrypt X-Subject-Token header and internally call the normal validation for Identity, passing in all headers and query parameters. It should therefore support all existing calls on /tokens/{tokenId}, including extensions such as HP-IDM.

Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

X-Subject-Token header xsd:string

A valid authentication token.

belongsTo (Optional) query xsd:string

Validates that a token has the specified tenant in scope, for performance. Valid tokens are in the /tokens/{tokenId} path. An itemNotFound (404) fault is returned for a token that is not valid.

HP-IDM-serviceId (Optional) query xsd:string
{
    "access": {
        "token": {
            "id": "ab48a9efdfedb23ty3494",
            "expires": "2010-11-01T03:32:15-05:00",
            "tenant": {
                "id": "345",
                "name": "My Project"
            }
        },
        "user": {
            "id": "123",
            "name": "jqsmith",
            "roles": [
                {
                    "id": "234",
                    "name": "compute:admin"
                },
                {
                    "id": "234",
                    "name": "object-store:admin",
                    "tenantId": "1"
                }
            ],
            "roles_links": []
        }
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0">
    <token id="ab48a9efdfedb23ty3494" expires="2010-11-01T03:32:15-05:00">
        <tenant id="456" name="My Project" />
    </token>
    <user id="123" name="jqsmith">
        <roles xmlns="http://docs.openstack.org/identity/api/v2.0">
            <role id="123" name="Admin" tenantId="one"/>
            <role id="234" name="object-store:admin" tenantId="1"/>
        </roles>
    </user>
</access>

This operation does not accept a request body.

HEAD
/v2.0/OS-KSVALIDATE/token/validate

Checks that a token is valid and that it belongs to a specified tenant and service IDs, for performance.

 

Behavior is similar to /tokens/{tokenId}. An itemNotFound (404) fault is returned for a token that is not valid.

This extension might decrypt X-Subject-Token header and internally call the normal validation for Identity, passing in all headers and query parameters. It should therefore support all existing calls on /tokens/{tokenId}, including extensions such as HP-IDM.

Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

X-Subject-Token header xsd:string

A valid authentication token.

belongsTo (Optional) query xsd:string

Validates that a token has the specified tenant in scope, for performance. Valid tokens are in the /tokens/{tokenId} path. An itemNotFound (404) fault is returned for a token that is not valid.

HP-IDM-serviceId (Optional) query xsd:string

This operation does not accept a request body and does not return a response body.

GET
/v2.0/OS-KSVALIDATE/token/endpoints

Lists endpoints associated with a specific token.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

X-Subject-Token header xsd:string

A valid authentication token.

HP-IDM-serviceId (Optional) query xsd:string

A comma-separated string of service IDs. Checks the roles against the specified service IDs. If a service ID is not valid or if no roles are associated with a service ID, a 401 fault is returned.

{
    "endpoints": [
        {
            "id": 1,
            "tenantId": "1",
            "region": "North",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 2,
            "tenantId": "1",
            "region": "South",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 3,
            "tenantId": "1",
            "region": "East",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 4,
            "tenantId": "1",
            "region": "West",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 5,
            "tenantId": "1",
            "region": "Global",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        }
    ],
    "endpoints_links": []
}
<?xml version="1.0" encoding="UTF-8"?>

<endpoints
    xmlns="http://docs.openstack.org/identity/api/v2.0">
  <endpoint
      id="1"
      tenantId="1"
      type="compute"
      name="Compute"
      region="North"
      publicURL="https://compute.north.public.com/v1"
      internalURL="https://compute.north.internal.com/v1"
      adminURL="https://compute.north.internal.com/v1">
      <version
          id="1"
          info="https://compute.north.public.com/v1/"
          list="https://compute.north.public.com/"
      />
  </endpoint>
  <endpoint
      id="2"
      tenantId="2"
      type="compute"
      name="Compute"
      region="South"
      publicURL="https://compute.north.public.com/v1"
      internalURL="https://compute.north.internal.com/v1"
      adminURL="https://compute.north.internal.com/v1">
      <version
          id="1"
          info="https://compute.north.public.com/v1/"
          list="https://compute.north.public.com/"
      />
  </endpoint>
  <endpoint
      id="3"
      tenantId="1"
      type="compute"
      name="Compute"
      region="East"
      publicURL="https://compute.north.public.com/v1"
      internalURL="https://compute.north.internal.com/v1"
      adminURL="https://compute.north.internal.com/v1"
  />
  <endpoint
      id="4"
      tenantId="1"
      type="compute"
      name="Compute"
      region="West"
      publicURL="https://compute.north.public.com/v1"
      internalURL="https://compute.north.internal.com/v1"
      adminURL="https://compute.north.internal.com/v1">
      <version
          id="1"
          info="https://compute.north.public.com/v1/"
          list="https://compute.north.public.com/"
      />
  </endpoint>
  <endpoint
      id="5"
      tenantId="1"
      type="compute"
      name="Compute"
      region="Global"
      publicURL="https://compute.north.public.com/v1"
      internalURL="https://compute.north.internal.com/v1"
      adminURL="https://compute.north.internal.com/v1">
      <version
          id="1"
          info="https://compute.north.public.com/v1/"
          list="https://compute.north.public.com/"
      />
  </endpoint>
</endpoints>

This operation does not accept a request body.

RAX-GRPADM admin extension

GET
/v2.0/RAX-GRPADM/groups

Lists groups.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503)
Request parameters
Parameter Style Type Description
marker (Optional) query xsd:string The ID of the last item in the previous list.
limit (Optional) query xsd:int The page size.
name (Optional) query xsd:string The group name.
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

Response parameters
Parameter Style Type Description
next (Optional) plain xsd:anyURI
previous (Optional) plain xsd:anyURI
{
    "RAX-KSGRP:groups": [
        {
            "id": "1234",
            "name": "group1",
            "description": "A Description of the group"
        },
        {
            "id": "1235",
            "name": "group2",
            "description": "A Description of the group"
        },
        {
            "id": "1236",
            "name": "group3",
            "description": "A Description of the group"
        }
    ],
    "RAX-KSGRP:groups_links": [
        {
            "rel": "next",
            "href": "https://identity.openstack.com/v2.0/RAX-GRPADM/groups?marker=1236"
        }
    ]
}
<groups xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
        xmlns:atom="http://www.w3.org/2005/Atom">
    <group id="1234" name="group1">
        <description>A Description of the group</description>
    </group>
    <group id="1235" name="group2">
        <description>A Description of the group</description>
    </group>
    <group id="1236" name="group3">
        <description>A Description of the group</description>
    </group>
    <atom:link rel="next" href="https://identity.openstack.com/v2.0/RAX-GRPADM/groups?marker=1236"/>
</groups>

This operation does not accept a request body.

POST
/v2.0/RAX-GRPADM/groups

Adds a group.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)
Request parameters
Parameter Style Type Description
marker (Optional) query xsd:string The ID of the last item in the previous list.
limit (Optional) query xsd:int The page size.
name (Optional) query xsd:string The group name.
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

group plain grp:GroupForCreate
Response parameters
Parameter Style Type Description
Location header xsd:anyURI

The full URL to the new group is returned in the Location header.

{
    "RAX-KSGRP:group": {
        "name": "group1",
        "description": "A Description of the group"
    }
}
<group name="group1" xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0">
    <description>A Description of the group</description>
</group>
{
    "RAX-KSGRP:group": {
        "id": "1234",
        "name": "group1",
        "description": "A Description of the group"
    }
}
<group id="1234" name="group1" xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0">
    <description>A Description of the group</description>
</group>
GET
/v2.0/RAX-GRPADM/groups/​{groupId}​

Gets information for a group by ID.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

groupId URI xsd:string

The group ID.

{
    "RAX-KSGRP:group": {
        "id": "1234",
        "name": "group1",
        "description": "A Description of the group"
    }
}
<group id="1234" name="group1" xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0">
    <description>A Description of the group</description>
</group>

This operation does not accept a request body.

PUT
/v2.0/RAX-GRPADM/groups/​{groupId}​

Updates a group.

 
Normal response codes
200
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

groupId URI xsd:string

The group ID.

group plain grp:GroupForUpdate
{
    "RAX-KSGRP:group": {
        "name": "newName",
        "description": "A Description of the group"
    }
}
<group name="newName" xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0">
    <description>A new description</description>
</group>
{
    "RAX-KSGRP:group": {
        "id": "1234",
        "name": "newName",
        "description": "A new description"
    }
}
<group id="1234" name="newName" xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0">
    <description>A new description</description>
</group>
DELETE
/v2.0/RAX-GRPADM/groups/​{groupId}​

Deletes a group.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

groupId URI xsd:string

The group ID.

This operation does not accept a request body and does not return a response body.

GET
/v2.0/RAX-GRPADM/groups/​{groupId}​/users

Lists users for a group.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

groupId URI xsd:string

The group ID.

marker (Optional) query xsd:string
limit (Optional) query xsd:int
Response parameters
Parameter Style Type Description
next (Optional) plain xsd:anyURI
previous (Optional) plain xsd:anyURI
{
    "users": [
        {
            "id": "u1000",
            "username": "jqsmith",
            "email": "john.smith@example.org",
            "enabled": true
        },
        {
            "id": "u1001",
            "username": "jqsmith",
            "email": "john.smith@example.org",
            "enabled": true
        }
    ],
    "users_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<users xmlns="http://docs.openstack.org/identity/api/v2.0">
    <user xmlns="http://docs.openstack.org/identity/api/v2.0"
          enabled="true" email="john.smith@example.org"
          username="jqsmith" id="u1000"/>
    <user xmlns="http://docs.openstack.org/identity/api/v2.0"
          enabled="true" email="john.smith@example.org"
          username="jqsmith" id="u1001"/>
</users>
PUT
/v2.0/RAX-GRPADM/groups/​{groupId}​/users/​{userId}​

Adds a user to a group.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

groupId URI xsd:string

The group ID.

userId URI xsd:string

The user ID.

This operation does not accept a request body and does not return a response body.

DELETE
/v2.0/RAX-GRPADM/groups/​{groupId}​/users/​{userId}​

Removes a user from a group.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

groupId URI xsd:string

The group ID.

userId URI xsd:string

The user ID.

This operation does not accept a request body and does not return a response body.

RAX-KSGRP admin extension

GET
/v2.0/users/​{userId}​/RAX-KSGRP

Lists groups for a user.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The user ID.

{
    "RAX-KSGRP:groups": [
        {
            "description": "Default Limits",
            "id": "1",
            "name": "Default"
        },
        {
            "description": "This is the first new group.",
            "id": "1550",
            "name": "New Group 1"
        },
        {
            "description": "Defaults with faster rate limits",
            "id": "214",
            "name": "Faster Defaults"
        }
    ],
    "RAX-KSGRP:groups_links": []
}
<groups xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0">
  <group xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0" id="1" name="Default" >
    <description>Default Limits</description>
  </group>
  <group xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0" id="1550" name="New Group 1" >
    <description>This is the first new group.</description>
  </group>
  <group xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0" id="214" name="Faster Defaults" >
    <description>Defaults with faster rate limits</description>
  </group>
</groups>

This operation does not accept a request body.

RAX-KSKEY admin extension

POST
/v2.0/users/​{userId}​/OS-RAX-KSKEY/credentials

Adds a credential to a user.

 
Normal response codes
201
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The user ID.

{
    "RAX-KSKEY:apiKeyCredentials": {
        "username": "test_user",
        "apiKey": "aaaaa-bbbbb-ccccc-12345678"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<apiKeyCredentials
    xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
    username="testuser"
    apiKey="aaaaa-bbbbb-ccccc-12345678"/>
{
    "RAX-KSKEY:apiKeyCredentials": {
        "username": "test_user",
        "apiKey": "aaaaa-bbbbb-ccccc-12345678"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<apiKeyCredentials
    xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
    username="testuser"
    apiKey="aaaaa-bbbbb-ccccc-12345678"/>
GET
/v2.0/users/​{userId}​/OS-RAX-KSKEY/credentials/

Lists credentials.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The user ID.

X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

marker (Optional) query xsd:string

The ID of the last item in the previous list.

limit (Optional) query xsd:int

The page size.

{
    "credentials": [
        {
            "passwordCredentials": {
                "username": "test_user",
                "password": "mypass"
            }
        },
        {
            "RAX-KSKEY:apiKeyCredentials": {
                "username": "test_user",
                "apiKey": "aaaaa-bbbbb-ccccc-12345678"
            }
        }
    ],
    "credentials_links": []
}
<?xml version="1.0" encoding="UTF-8"?>
<credentials xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://docs.openstack.org/identity/api/v2.0">
    <passwordCredentials username="test_user" password="test"/>
    <apiKeyCredentials
    xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
    username="testuser"
    apiKey="aaaaa-bbbbb-ccccc-12345678"/>
</credentials>

This operation does not accept a request body.

POST
/v2.0/users/​{userId}​/OS-RAX-KSKEY/credentials/RAX-KSKEY:apiKeyCredentials

Updates credentials.

 
Normal response codes
200
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The user ID.

{
    "RAX-KSKEY:apiKeyCredentials": {
        "username": "test_user",
        "apiKey": "aaaaa-bbbbb-ccccc-12345678"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<apiKeyCredentials
    xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
    username="testuser"
    apiKey="aaaaa-bbbbb-ccccc-12345678"/>
{
    "RAX-KSKEY:apiKeyCredentials": {
        "username": "test_user",
        "apiKey": "aaaaa-bbbbb-ccccc-12345678"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<apiKeyCredentials
    xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
    username="testuser"
    apiKey="aaaaa-bbbbb-ccccc-12345678"/>
DELETE
/v2.0/users/​{userId}​/OS-RAX-KSKEY/credentials/RAX-KSKEY:apiKeyCredentials

Deletes user credentials.

 
Normal response codes
204
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The user ID.

This operation does not accept a request body and does not return a response body.

GET
/v2.0/users/​{userId}​/OS-RAX-KSKEY/credentials/RAX-KSKEY:apiKeyCredentials

Gets user credentials.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The user ID.

{
    "RAX-KSKEY:apiKeyCredentials": {
        "username": "test_user",
        "apiKey": "aaaaa-bbbbb-ccccc-12345678"
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<apiKeyCredentials
    xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
    username="testuser"
    apiKey="aaaaa-bbbbb-ccccc-12345678"/>

This operation does not accept a request body.

RAX-KSQA admin extension

GET
/v2.0/users/​{userId}​/RAX-KSQA/secretqa

Gets a secret question and answer for a specified user.

 
Normal response codes
200, 203
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The user ID.

{
    "RAX-KSQA:secretQA": {
        "question": "What is the color of my eyes?",
        "answer": "Leonardo da Vinci"
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<secretQA xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
          question="What is the color of my eyes?"
          answer="Leonardo da Vinci" />

This operation does not accept a request body.

PUT
/v2.0/users/​{userId}​/RAX-KSQA/secretqa

Updates a secret question and answer for a specified user.

 
Normal response codes
200
Error response codes
identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415)
Request parameters
Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

userId URI xsd:string

The user ID.

{
    "RAX-KSQA:secretQA": {
        "question": "What is the color of my eyes?",
        "answer": "Leonardo da Vinci"
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<secretQA xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
          question="What is the color of my eyes?"
          answer="Leonardo da Vinci" />
{
    "RAX-KSQA:secretQA": {
        "question": "What is the color of my eyes?",
        "answer": "Leonardo da Vinci"
    }
}
<?xml version="1.0" encoding="UTF-8"?>

<secretQA xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
          question="What is the color of my eyes?"
          answer="Leonardo da Vinci" />