Identity API v3 (CURRENT)

Gets an authentication token that permits access to the OpenStack services REST API.

API versions

GET
/

List versions

Lists information about all Identity API versions.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)
{
    "versions": {
        "values": [
            {
                "id": "v3.4",
                "links": [
                    {
                        "href": "http://localhost:35357/v3/",
                        "rel": "self"
                    }
                ],
                "media-types": [
                    {
                        "base": "application/json",
                        "type": "application/vnd.openstack.identity-v3+json"
                    }
                ],
                "status": "stable",
                "updated": "2015-03-30T00:00:00Z"
            },
            {
                "id": "v2.0",
                "links": [
                    {
                        "href": "http://localhost:35357/v2.0/",
                        "rel": "self"
                    },
                    {
                        "href": "http://docs.openstack.org/",
                        "rel": "describedby",
                        "type": "text/html"
                    }
                ],
                "media-types": [
                    {
                        "base": "application/json",
                        "type": "application/vnd.openstack.identity-v2.0+json"
                    }
                ],
                "status": "stable",
                "updated": "2014-04-17T00:00:00Z"
            }
        ]
    }
}

This operation does not accept a request body.

GET
/v3

Show API version details

Shows details for the Identity API v3.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404),

Response parameters

Parameter Style Type Description
version plain xsd:string

A version object.

status plain xsd:string

The status of the version. For example, experimental or stable.

updated plain xsd:string

The date and time stamp for the last update.

media-types plain xsd:string

A media-types object, which shows the supported media types.

id plain xsd:string

The version ID, such as v3.0.

links plain xsd:string

The version links.

{
"version": {
"id": "v3.4",
"links": [
{
    "href": "http://localhost:35357/v3/",
    "rel": "self"
}
],
"media-types": [
{
    "base": "application/json",
    "type": "application/vnd.openstack.identity-v3+json"
}
],
"status": "stable",
"updated": "2015-03-30T00:00:00Z"
}
}

This operation does not accept a request body.

Tokens

Manages tokens.

POST
/v3/auth/tokens

Authenticate

Authenticates and generates a token.

 

Returns a token, if successful. Each REST request requires the inclusion of a specific authorization token HTTP x-header, defined as X-Auth-Token. Clients obtain X -Auth-Token and the URL endpoints for other service APIs by supplying their valid credentials to the authentication service.

A REST interface provides client authentication by using the POST method, with auth/tokens supplied as the path. The body of the request must include a payload of credentials including the authentication method and, optionally, the authorization scope. The scope includes either a project or domain. If you include both project and domain, an HTTP 400 Bad Request results, because a token cannot be simultaneously scoped as both a project and domain.

If you do not include the optional scope and the authenticating user has a defined default project (the default_project_id attribute for the user), that default project is treated as the preferred authorization scope.

If no default project is defined, the token is issued without an explicit scope of authorization.

Provide one of the following sets of credentials to authenticate: User ID and password, user name and password scoped by domain ID or name, user ID and password scoped by project ID or name with or without domain scope, or token. \

The following examples demonstrate authentication requests with different types of credentials.

If scope is included, project id uniquely identifies the project. However, project name uniquely identifies the project only when used in conjunction with a domain ID or a domain name.

If the authentication token has expired, a 401 response code is returned.

If the subject token has expired, this call returns a 404 response code.

The Identity API treats expired tokens as not valid tokens.

The deployment determines how long expired tokens are stored.

As the following example responses show, the response to an authentication request returns the token ID in the X-Subject-Token header instead of in the token data.

If the call has no explicit authorization scope, the response does not contain the catalog, project, domain, or roles fields. However, the response still uniquely identifies the user.

A token scoped to a project also has both a service catalog and the user's roles applicable to the project.

A token scoped to a domain also has both a service catalog and the user's roles applicable to the project.

Optionally, The Identity API implementation might return an authentication attribute to indicate the supported authentication methods.

For authentication processes that require multiple round trips, The Identity API implementation might return an HTTP 401 Unauthorized error with additional information for the next authentication step.

The following examples illustrate several possible HTTP 401 Unauthorized authentication errors. Other errors like HTTP 403 Forbidden are also possible.

Normal response codes

201

Error response codes

Unauthorized (401), Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
auth plain xsd:string

An auth object.

identity plain xsd:string

An identity object.

methods plain xsd:string

The authentication method, which is password or token.

With password authentication, you can specify user ID and password, user name and password scoped by domain ID or name, or user ID and password scoped by project ID or name with or without domain scope.

With token authentication, you specify the token ID.

password (Optional) plain xsd:string

A password object.

scope (Optional) plain xsd:string

Token can be scoped for a domain or project. Specify either an id or name to uniquely identify the domain or project. Use project name only in conjunction with a domain id or name.

token (Optional) plain xsd:string

A token object. With token authentication, the id uniquely identifies the token. This method is typically used in combination with a request to change authorization scope.

user (Optional) plain xsd:string

A user object. Specify id or name to uniquely identify the user and password. Use name only in conjunction with a domain id or name.

id (Optional) plain xsd:string

With password authentication, id uniquely identifies the user. However, name uniquely identifies the user when used in conjunction with a domain id or name.

name (Optional) plain xsd:string

The user name.

password (Optional) plain xsd:string

The password.

{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "id": "0ca8f6",
                    "password": "secretsecret"
                }
            }
        }
    }
}
{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "domain": {
                        "id": "1789d1"
                    },
                    "name": "Joe",
                    "password": "secretsecret"
                }
            }
        }
    }
}
{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "domain": {
                        "name": "example.com"
                    },
                    "name": "Joe",
                    "password": "secretsecret"
                }
            }
        }
    }
}
{
    "auth": {
        "identity": {
            "methods": [
                "token"
            ],
            "token": {
                "id": "e80b74"
            }
        }
    }
}
{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "id": "0ca8f6",
                    "password": "secretsecret"
                }
            }
        },
        "scope": {
            "project": {
                "id": "263fd9"
            }
        }
    }
}
{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "id": "0ca8f6",
                    "password": "secretsecret"
                }
            }
        },
        "scope": {
            "domain": {
                "id": "263fd9"
            }
        }
    }
}
{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "id": "0ca8f6",
                    "password": "secretsecret"
                }
            }
        },
        "scope": {
            "project": {
                "domain": {
                    "id": "1789d1"
                },
                "name": "project-x"
            }
        }
    }
}
{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "id": "0ca8f6",
                    "password": "secretsecret"
                }
            }
        },
        "scope": {
            "project": {
                "domain": {
                    "name": "example.com"
                },
                "name": "project-x"
            }
        }
    }
}
{
    "token": {
        "expires_at": "2013-02-27T18:30:59.999999Z",
        "issued_at": "2013-02-27T16:30:59.999999Z",
        "methods": [
            "password"
        ],
        "user": {
            "domain": {
                "id": "1789d1",
                "links": {
                    "self": "http://identity:35357/v3/domains/1789d1"
                },
                "name": "example.com"
            },
            "id": "0ca8f6",
            "links": {
                "self": "http://identity:35357/v3/users/0ca8f6"
            },
            "name": "Joe"
        }
    }
}
{
    "token": {
        "catalog": "FIXME(dolph): need an example here",
        "expires_at": "2013-02-27T18:30:59.999999Z",
        "issued_at": "2013-02-27T16:30:59.999999Z",
        "methods": [
            "password"
        ],
        "project": {
            "domain": {
                "id": "1789d1",
                "links": {
                    "self": "http://identity:35357/v3/domains/1789d1"
                },
                "name": "example.com"
            },
            "id": "263fd9",
            "links": {
                "self": "http://identity:35357/v3/projects/263fd9"
            },
            "name": "project-x"
        },
        "roles": [
            {
                "id": "76e72a",
                "links": {
                    "self": "http://identity:35357/v3/roles/76e72a"
                },
                "name": "admin"
            },
            {
                "id": "f4f392",
                "links": {
                    "self": "http://identity:35357/v3/roles/f4f392"
                },
                "name": "member"
            }
        ],
        "user": {
            "domain": {
                "id": "1789d1",
                "links": {
                    "self": "http://identity:35357/v3/domains/1789d1"
                },
                "name": "example.com"
            },
            "id": "0ca8f6",
            "links": {
                "self": "http://identity:35357/v3/users/0ca8f6"
            },
            "name": "Joe"
        }
    }
}
{
    "token": {
        "catalog": "FIXME(dolph): need an example here",
        "expires_at": "2013-02-27T18:30:59.999999Z",
        "issued_at": "2013-02-27T16:30:59.999999Z",
        "methods": [
            "password"
        ],
        "domain": {
            "id": "1789d1",
            "links": {
                "self": "http://identity:35357/v3/domains/1789d1"
            },
            "name": "example.com"
        },
        "roles": [
            {
                "id": "76e72a",
                "links": {
                    "self": "http://identity:35357/v3/roles/76e72a"
                },
                "name": "admin"
            },
            {
                "id": "f4f392",
                "links": {
                    "self": "http://identity:35357/v3/roles/f4f392"
                },
                "name": "member"
            }
        ],
        "user": {
            "domain": {
                "id": "1789d1",
                "links": {
                    "self": "http://identity:35357/v3/domains/1789d1"
                },
                "name": "example.com"
            },
            "id": "0ca8f6",
            "links": {
                "self": "http://identity:35357/v3/users/0ca8f6"
            },
            "name": "Joe"
        }
    }
}
{
    "error": {
        "code": 401,
        "message": "The request you have made requires authentication",
        "title": "Not Authorized"
    }
}
{
    "error": {
        "code": 401,
        "identity": {
            "methods": [
                "password",
                "token",
                "challenge-response"
            ]
        },
        "message": "Need to authenticate with one or more supported methods",
        "title": "Not Authorized"
    }
}
{
    "error": {
        "code": 401,
        "identity": {
            "challenge-response": {
                "challenge": "What was the zip code of your birthplace?",
                "session_id": "123456"
            },
            "methods": [
                "challenge-response"
            ]
        },
        "message": "Additional authentications steps required.",
        "title": "Not Authorized"
    }
}
GET
/v3/auth/tokens

Validate token

Validates a specified token.

 

Pass your own token in the X-Auth-Token header and the token to be validated in the X-Subject-Token header. The Identity API returns the same response as when the subject token was issued by POST /auth/tokens.

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

X-Subject-Token header xsd:string

The token ID.

Response parameters

Parameter Style Type Description
issued_at (Optional) plain xsd:string

A token object.

expires_at (Optional) plain xsd:string

The date and time stamp for when the token expires.

issued_at (Optional) plain xsd:string

The date and time stamp for when the token was issued.

methods plain xsd:string

The authentication method, which is password or token.

With password authentication, you can specify user ID and password, user name and password scoped by domain ID or name, or user ID and password scoped by project ID or name with or without domain scope.

With token authentication, you specify the token ID.

user (Optional) plain xsd:string

A user object. Specify id or name to uniquely identify the user and password. Use name only in conjunction with a domain id or name.

domain (Optional) plain xsd:string

Specify either id or name to uniquely identify the domain.

id (Optional) plain xsd:string

The domain ID.

links (Optional) plain xsd:dict

The domain links.

name (Optional) plain xsd:string

The domain name.

id (Optional) plain xsd:string

The user ID.

links (Optional) plain xsd:dict

The user links.

name (Optional) plain xsd:string

The user name.

Headers:
X-Auth-Token: 1dd7e3
X-Subject-Token: c67580
{
"token": {
"expires_at": "2013-02-27T18:30:59.999999Z",
"issued_at": "2013-02-27T16:30:59.999999Z",
"methods": [
"password"
],
"user": {
"domain": {
    "id": "1789d1",
    "links": {
        "self": "http://identity:35357/v3/domains/1789d1"
    },
    "name": "example.com"
},
"id": "0ca8f6",
"links": {
    "self": "http://identity:35357/v3/users/0ca8f6"
},
"name": "Joe"
}
}
}
HEAD
/v3/auth/tokens

Check token

Validates a specified token.

 

This call is similar to GET /auth/tokens, but no response body is provided, even in the X-Subject-Token header.

The Identity API returns the same response as when the subject token was issued by POST /auth/tokens, even if an error occurs because the token is not valid. A 204 response indicates that the X-Subject-Token is valid.

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

X-Subject-Token header xsd:string

The token ID.

Headers:
X-Auth-Token: 1dd7e3
X-Subject-Token: c67580

This operation does not return a response body.

DELETE
/v3/auth/tokens

Revoke token

Revokes a specified token.

 

This call is similar to HEAD /auth/tokens, except that the X-Subject-Token token is immediately not valid (regardless of the expires_at attribute). An additional X-Auth-Token is not required.

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

X-Subject-Token header xsd:string

The token ID.

Headers:
X-Auth-Token: 1dd7e3
X-Subject-Token: c67580

This operation does not return a response body.

Service catalog

Manages the catalog of services.

POST
/v3/services

Add service

Adds a service.

 

Normal response codes

201

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

type plain xsd:string

The MIME Media Type of the serialized policy blob.

name (Optional) plain xsd:string

The service name.

Response parameters

Parameter Style Type Description
links plain csapi:dict

Policy links.

services plain xsd:string

A services object.

description (Optional) plain xsd:string

The description.

id plain xsd:string

The service ID.

links plain xsd:string

The service links.

name plain xsd:string

The service name.

type plain xsd:string

The service type.

{
    "service": {
        "type": "volume"
    }
}
{
    "service": {
        "id": "--service-id--",
        "type": "volume"
    }
}
GET
/v3/services

List services

Lists services.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

type (Optional) query xsd:string

Filters by service type. Service types include compute, ec2, image, and identity.

page (Optional) query xsd:string

Enables you to page through the list.

per_page (Optional) query xsd:string

Sets the page size for paging through the list. Default page size is 30.

Response parameters

Parameter Style Type Description
service plain xsd:string

A service object.

id plain xsd:string

The service ID.

type plain xsd:string

The service type.

{
"links": {
"next": null,
"previous": null,
"self": "http://identity:5000/v3/services"
},
"services": [
{
"description": "Keystone Identity Service",
"id": "--service-id--",
"links": {
    "self": "http://identity:5000/v3/services/--service-id--"
},
"name": "keystone",
"type": "identity"
},
{
"id": "--service-id--",
"links": {
    "self": "http://identity:5000/v3/services/--service-id--"
},
"type": "volume"
}
]
}
GET
/v3/services/​{service_id}​

Show service details

Shows details for a specified service.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

service_id URI capi:uuid

The service ID.

Response parameters

Parameter Style Type Description
service plain xsd:string

A service object.

description (Optional) plain xsd:string

The description.

id plain xsd:string

The service ID.

links plain xsd:string

The service links.

name plain xsd:string

The service name.

type plain xsd:string

The service type.

{
"service": {
"description": "Keystone Identity Service",
"id": "--service-id--",
"links": {
"self": "http://identity:5000/v3/services/--service-id--"
},
"name": "keystone",
"type": "identity"
}
}

This operation does not accept a request body.

PATCH
/v3/services/​{service_id}​

Update service

Updates a specified service.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

service_id URI capi:uuid

The service ID.

type plain xsd:string

The MIME Media Type of the serialized policy blob.

Response parameters

Parameter Style Type Description
services plain xsd:string

A services object.

id plain xsd:string

The service ID.

type plain xsd:string

The service type.

{
"type": "volume"
}
{
"service": {
"id": "--service-id--",
"type": "volume"
}
}
DELETE
/v3/services/​{service_id}​

Delete service

Deletes a specified service.

 

Deleting a service when endpoints exist should either (1) delete all associated endpoints or (2) fail until endpoints are deleted.

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

service_id URI capi:uuid

The service ID.

This operation does not accept a request body and does not return a response body.

Endpoints

Manages endpoints.

POST
/v3/endpoints

Add endpoint

Adds an endpoint.

 

Normal response codes

201

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

endpoint plain xsd:string

An endpoint object.

interface plain xsd:string

The interface type, which is admin, public, or internal.

name plain xsd:string

The name.

region plain xsd:string

The service region.

url plain xsd:string

The service URL.

service_id plain xsd:string

The service ID.

Response parameters

Parameter Style Type Description
endpoint plain xsd:string

An endpoint object.

interface plain xsd:string

The interface type, which is admin, public, or internal.

links plain csapi:dict

Policy links.

name plain xsd:string

The name.

region plain xsd:string

The service region.

url plain xsd:string

The service URL.

service_id plain xsd:string

The service ID.

{
    "endpoint": {
        "interface": "[admin|public|internal]",
        "name": "name",
        "region": "--optional--",
        "url": "...",
        "service_id": "--service-id--"
    }
}
{
    "endpoint": {
        "id": "--endpoint-id--",
        "interface": "internal",
        "links": {
            "self": "http://identity:35357/v3/endpoints/--endpoint-id--"
        },
        "name": "the internal volume endpoint",
        "region": "--optional--",
        "service_id": "--service-id--",
        "url": "..."
    }
}
GET
/v3/endpoints

List endpoints

Lists available endpoints.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

interface (Optional) query xsd:string

Filters by interface.

service_id (Optional) query xsd:string

Filters by service_id.

page (Optional) query xsd:string

Enables you to page through the list.

per_page (Optional) query xsd:string

Sets the page size for paging through the list. Default page size is 30.

Response parameters

Parameter Style Type Description
endpoint plain xsd:string

An endpoint object.

interface plain xsd:string

The interface type, which is admin, public, or internal.

name (Optional) plain xsd:string

The name of the resource.

region plain xsd:string

The service region.

url plain xsd:string

The service URL.

service_id plain xsd:string

The service ID.

[
{
"id": "--endpoint-id--",
"interface": "public",
"links": {
"self": "http://identity:35357/v3/endpoints/--endpoint-id--"
},
"name": "the public volume endpoint",
"service_id": "--service-id--"
},
{
"id": "--endpoint-id--",
"interface": "internal",
"links": {
"self": "http://identity:35357/v3/endpoints/--endpoint-id--"
},
"name": "the internal volume endpoint",
"service_id": "--service-id--"
}
]
PATCH
/v3/endpoints/​{endpoint_id}​

Update endpoint

Updates a specified endpoint.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

endpoint_id URI capi:uuid

The endpoint ID.

endpoint plain xsd:string

An endpoint object.

interface (Optional) plain xsd:string

The interface type, which is admin, public, or internal.

name plain xsd:string

The name.

region (Optional) plain xsd:string

The service region.

url (Optional) plain xsd:string

The service URL.

service_id (Optional) plain xsd:string

The service ID.

Response parameters

Parameter Style Type Description
endpoint plain xsd:string

An endpoint object.

interface plain xsd:string

The interface type, which is admin, public, or internal.

links plain csapi:dict

Policy links.

name plain xsd:string

The name.

region plain xsd:string

The service region.

url plain xsd:string

The service URL.

service_id plain xsd:string

The service ID.

{
"endpoint": {
"interface": "--optional--",
"name": "--optional--",
"region": "--optional--",
"url": "--optional--",
"service_id": "--optional--"
}
}
{
"endpoint": {
"id": "--endpoint-id--",
"interface": "internal",
"links": {
"self": "http://identity:35357/v3/endpoints/--endpoint-id--"
},
"name": "the internal volume endpoint",
"region": "--optional--",
"service_id": "--service-id--",
"url": "..."
}
}
DELETE
/v3/endpoints/​{endpoint_id}​

Delete endpoint

Deletes a specified endpoint.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

endpoint_id URI capi:uuid

The endpoint ID.

This operation does not accept a request body and does not return a response body.

Domains

Manages domains.

Domains represent collections of users, groups, and projects. Each is owned by exactly one domain. Users, however, can be associated with multiple projects by granting roles to the user on a project, including projects owned by other domains.

Each domain defines a namespace where certain API-visible name attributes exist, which affects whether those names must be globally unique or unique within that domain. In the Identity API, the uniqueness of the following attributes is as follows:

  • Domain Name. Globally unique across all domains.

  • Role Name. Globally unique across all domains.

  • User Name. Unique within the owning domain.

  • Project Name. Unique within the owning domain.

  • Group Name. Unique within the owning domain.

POST
/v3/domains

Add domain

Adds a domain.

 

Normal response codes

201

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

description (Optional) plain xsd:string

The domain description.

enabled (Optional) plain xsd:boolean

Set to true to enable the domain. Otherwise, set to false.

name plain xsd:string

The domain name.

Response parameters

Parameter Style Type Description
domain (Optional) plain xsd:string

Specify either id or name to uniquely identify the domain.

description (Optional) plain xsd:string

The description.

enabled (Optional) plain xsd:boolean

If true, the domain is enabled. If false, the domain is disabled.

id (Optional) plain xsd:string

The domain ID.

links plain csapi:dict

Policy links.

name (Optional) plain xsd:string

The name of the resource.

{
    "domain": {
        "description": "--optional--",
        "enabled": "--optional--",
        "name": "..."
    }
}
{
    "domain": {
        "description": "desc of domain",
        "enabled": true,
        "id": "--domain-id--",
        "links": {
            "self": "http://identity:35357/v3/domains/--domain-id--"
        },
        "name": "my domain"
    }
}
GET
/v3/domains

List domains

Lists domains.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
name (Optional) query xsd:string

Filters on a name.

enabled (Optional) query xsd:string

Filters on enabled or disabled roles. Values are true or false.

page (Optional) query xsd:string

Enables you to page through the list.

per_page (Optional) query xsd:string

Sets the page size for paging through the list. Default page size is 30.

Response parameters

Parameter Style Type Description
description (Optional) plain xsd:string

The description.

enabled (Optional) plain xsd:boolean

If true, the domain is enabled. If false, the domain is disabled.

id plain csapi:uuid

The credential ID.

links plain csapi:dict

Policy links.

name (Optional) plain xsd:string

The name of the resource.

{
"domains": [
{
"description": "desc of domain",
"enabled": true,
"id": "--domain-id--",
"links": {
    "self": "http://identity:35357/v3/domains/--domain-id--"
},
"name": "my domain"
},
{
"description": "desc of another domain",
"enabled": true,
"id": "--domain-id--",
"links": {
    "self": "http://identity:35357/v3/domains/--domain-id--"
},
"name": "another domain"
}
]
}
GET
/v3/domains/​{domain_id}​

Show domain details

Shows details for a specified domain.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
domain_id URI capi:uuid

The domain ID.

Response parameters

Parameter Style Type Description
domains plain xsd:string

A domains object.

description (Optional) plain xsd:string

The description.

enabled (Optional) plain xsd:boolean

If true, the domain is enabled. If false, the domain is disabled.

id (Optional) plain xsd:string

The domain ID.

links plain csapi:dict

Policy links.

name (Optional) plain xsd:string

The name of the resource.

{
"domain": {
"description": "desc of domain",
"enabled": true,
"id": "--domain-id--",
"links": {
"self": "http://identity:35357/v3/domains/--domain-id--"
},
"name": "my domain"
}
}

This operation does not accept a request body.

PATCH
/v3/domains/​{domain_id}​

Update domain

Updates a specified domain.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
domain_id URI capi:uuid

The domain ID.

X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

description (Optional) plain xsd:string

The domain description.

enabled (Optional) plain xsd:boolean

Set to true to enable the domain. Otherwise, set to false.

name plain xsd:string

The domain name.

{
"domain": {
"description": "my updated domain",
"enabled": true,
"name": "myUpdatedDomain"
}
}
{
"domain": {
"description": "my updated domain",
"enabled": true,
"id": "--domain-id--",
"links": {
"self": "http://identity:35357/v3/domains/--domain-id--"
},
"name": "myUpdatedDomain"
}
}
DELETE
/v3/domains/​{domain_id}​

Delete domain

Deletes a specified domain.

 

To minimize the risk of accidentally deleting a domain, you must first disable the domain by using the update domain API. If you try to delete an enabled domain, the call returns an HTTP 403 Forbidden response.

Deleting a domain deletes all entities owned by it, such as users, groups, and projects, as well as any credentials and granted roles that relate to those entities.

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
domain_id URI capi:uuid

The domain ID.

This operation does not accept a request body and does not return a response body.

GET
/v3/domains/​{domain_id}​/users/​{user_id}​/roles

List roles for domain user

Lists roles for a user on a domain.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
domain_id URI capi:uuid

The domain ID.

user_id URI capi:uuid

The user ID.

{
"roles": [
{
"id": "--role-id--",
"links": {
    "self": "http://identity:35357/v3/roles/--role-id--"
},
"name": "admin"
},
{
"id": "--role-id--",
"links": {
    "self": "http://identity:35357/v3/roles/--role-id--"
},
"name": "manager"
}
],
"links": {
"self": "http://identity:35357/v3/domains/--domain-id--/users/--user-id--/roles",
"previous": null,
"next": null
}
}

This operation does not accept a request body.

PUT
/v3/domains/​{domain_id}​/users/​{user_id}​/roles/​{role_id}​

Grant role to domain user

Grants a role to a specified domain user.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
domain_id URI capi:uuid

The domain ID.

user_id URI capi:uuid

The user ID.

role_id URI capi:uuid

The role ID.

This operation does not accept a request body and does not return a response body.

HEAD
/v3/domains/​{domain_id}​/users/​{user_id}​/roles/​{role_id}​

Check role for domain user

Validates that a user has a role on a domain.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
domain_id URI capi:uuid

The domain ID.

user_id URI capi:uuid

The user ID.

role_id URI capi:uuid

The role ID.

This operation does not accept a request body and does not return a response body.

DELETE
/v3/domains/​{domain_id}​/users/​{user_id}​/roles/​{role_id}​

Revoke role from domain user

Revokes a role from a specified domain user.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
domain_id URI capi:uuid

The domain ID.

user_id URI capi:uuid

The user ID.

role_id URI capi:uuid

The role ID.

This operation does not accept a request body and does not return a response body.

GET
/v3/domains/​{domain_id}​/groups/​{group_id}​/roles

List roles for domain group

Lists roles for a specified domain group.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
domain_id URI capi:uuid

The domain ID.

group_id URI capi:uuid

The group ID.

{
"roles": [
{
"id": "--role-id--",
"links": {
    "self": "http://identity:35357/v3/roles/--role-id--"
},
"name": "admin"
},
{
"id": "--role-id--",
"links": {
    "self": "http://identity:35357/v3/roles/--role-id--"
},
"name": "manager"
}
],
"links": {
"self": "http://identity:35357/v3/domains/--domain-id--/groups/--group-id--/roles",
"previous": null,
"next": null
}
}

This operation does not accept a request body.

PUT
/v3/domains/​{domain_id}​/groups/​{group_id}​/roles/​{role_id}​

Grant role to domain group

Grants a specified role to a specified domain group.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
domain_id URI capi:uuid

The domain ID.

group_id URI capi:uuid

The group ID.

role_id URI capi:uuid The role ID.

This operation does not accept a request body and does not return a response body.

HEAD
/v3/domains/​{domain_id}​/groups/​{group_id}​/roles/​{role_id}​

Check role for domain group

Validates that a group has a role on a domain.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
domain_id URI capi:uuid

The domain ID.

group_id URI capi:uuid

The group ID.

role_id URI capi:uuid The role ID.

This operation does not accept a request body and does not return a response body.

DELETE
/v3/domains/​{domain_id}​/groups/​{group_id}​/roles/​{role_id}​

Revoke role from domain group

Revokes a role from a group on a domain.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
domain_id URI capi:uuid

The domain ID.

group_id URI capi:uuid

The group ID.

role_id URI capi:uuid The role ID.

This operation does not accept a request body and does not return a response body.

Projects

Manages projects.

POST
/v3/projects

Add project

Adds a project.

 

Normal response codes

201

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

{
    "project": {
        "description": "...",
        "domain_id": "...",
        "enabled": "...",
        "name": "..."
    }
}
{
    "project": {
        "domain_id": "--domain-id--",
        "enabled": true,
        "id": "--project-id--",
        "links": {
            "self": "http://identity:35357/v3/projects/--project-id--"
        },
        "name": "a project name"
    }
}
GET
/v3/projects

List projects

Lists projects.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

domain_id (Optional) query xsd:string

Filters on domain_id.

name (Optional) query xsd:string

Filters on a name.

enabled (Optional) query xsd:string

Filters on enabled or disabled roles. Values are true or false.

page (Optional) query xsd:string

Enables you to page through the list.

per_page (Optional) query xsd:string

Sets the page size for paging through the list. Default page size is 30.

{
"projects": [
{
"domain_id": "--domain-id--",
"enabled": true,
"id": "--project-id--",
"links": {
    "self": "http://identity:35357/v3/projects/--project-id--"
},
"name": "a project name"
},
{
"domain_id": "--domain-id--",
"enabled": true,
"id": "--project-id--",
"links": {
    "self": "http://identity:35357/v3/projects/--project-id--"
},
"name": "another project"
}
],
"links": {
"self": "http://identity:35357/v3/projects",
"previous": null,
"next": null
}
}
GET
/v3/projects/​{project_id}​

Show project details

Shows details for a specified project.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

project_id URI xsd:string The project ID.
{
"project": {
"domain_id": "--domain-id--",
"enabled": true,
"id": "--project-id--",
"links": {
"self": "http://identity:35357/v3/projects/--project-id--"
},
"name": "a project name"
}
}

This operation does not accept a request body.

PATCH
/v3/projects/​{project_id}​

Update project

Updates a specified project.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

project_id URI xsd:string The project ID.
{
"project": {
"description": "my updated project",
"domain_id": "...",
"enabled": true,
"name": "myUpdatedProject"
}
}
{
"project": {
"description": "my updated project",
"domain_id": "--domain-id--",
"enabled": true,
"id": "--project-id--",
"links": {
"self": "http://identity:35357/v3/projects/--project-id--"
},
"name": "myUpdatedProject"
}
}
DELETE
/v3/projects/​{project_id}​

Delete project

Deletes a specified project.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

project_id URI xsd:string The project ID.

This operation does not accept a request body and does not return a response body.

GET
/v3/projects/​{project_id}​/users/​{user_id}​/roles

List roles for project user

Lists roles for a user in a project.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

project_id URI xsd:string The project ID.
user_id URI capi:uuid

The user ID.

{
"roles": [
{
"id": "--role-id--",
"links": {
    "self": "http://identity:35357/v3/roles/--role-id--"
},
"name": "admin"
},
{
"id": "--role-id--",
"links": {
    "self": "http://identity:35357/v3/roles/--role-id--"
},
"name": "manager"
}
],
"links": {
"self": "http://identity:35357/v3/projects/--project-id--/users/--user-id--/roles",
"previous": null,
"next": null
}
}

This operation does not accept a request body.

PUT
/v3/projects/​{project_id}​/users/​{user_id}​/roles/​{role_id}​

Grant role to project user

Grants a role to a user on a project.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

project_id URI xsd:string The project ID.
user_id URI capi:uuid

The user ID.

role_id URI capi:uuid

The role ID.

This operation does not accept a request body and does not return a response body.

HEAD
/v3/projects/​{project_id}​/users/​{user_id}​/roles/​{role_id}​

Check role for project user

Validates that a user has a specified role on a project.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

project_id URI xsd:string The project ID.
user_id URI capi:uuid

The user ID.

role_id URI capi:uuid

The role ID.

This operation does not accept a request body and does not return a response body.

DELETE
/v3/projects/​{project_id}​/users/​{user_id}​/roles/​{role_id}​

Revoke role from project user

Revokes a role from a project user.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

project_id URI xsd:string The project ID.
user_id URI capi:uuid

The user ID.

role_id URI capi:uuid

The role ID.

This operation does not accept a request body and does not return a response body.

GET
/v3/projects/​{project_id}​/groups/​{group_id}​/roles

List roles for project group

Lists roles for a project group.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

project_id URI xsd:string The project ID.
group_id URI capi:uuid

The group ID.

{
"roles": [
{
"id": "--role-id--",
"links": {
    "self": "http://identity:35357/v3/roles/--role-id--"
},
"name": "admin"
},
{
"id": "--role-id--",
"links": {
    "self": "http://identity:35357/v3/roles/--role-id--"
},
"name": "manager"
}
],
"links": {
"self": "http://identity:35357/v3/projects/--project-id--/groups/--group-id--/roles",
"previous": null,
"next": null
}
}

This operation does not accept a request body.

PUT
/v3/projects/​{project_id}​/groups/​{group_id}​/roles/​{role_id}​

Grant role to project group

Grants a role to a project group.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

project_id URI xsd:string The project ID.
group_id URI capi:uuid

The group ID.

role_id URI capi:uuid

The role ID.

This operation does not accept a request body and does not return a response body.

HEAD
/v3/projects/​{project_id}​/groups/​{group_id}​/roles/​{role_id}​

Check role for project group

Validates that a project group has a role.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

project_id URI xsd:string The project ID.
group_id URI capi:uuid

The group ID.

role_id URI capi:uuid

The role ID.

This operation does not accept a request body and does not return a response body.

DELETE
/v3/projects/​{project_id}​/groups/​{group_id}​/roles/​{role_id}​

Revoke role from project group

Revokes a role from a project group.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

project_id URI xsd:string The project ID.
group_id URI capi:uuid

The group ID.

role_id URI capi:uuid

The role ID.

This operation does not accept a request body and does not return a response body.

Users

Manages users.

POST
/v3/users

Add user

Adds a user.

 

Normal response codes

201

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

{
    "user": {
        "default_project_id": "...",
        "description": "...",
        "domain_id": "--optional--",
        "email": "...",
        "enabled": "...",
        "name": "...",
        "password": "--optional--"
    }
    }
{
    "user": {
        "default_project_id": "--default-project-id--",
        "description": "a user",
        "domain_id": "1789d1",
        "email": "...",
        "enabled": true,
        "id": "--user-id--",
        "links": {
            "self": "http://identity:35357/v3/users/--user-id--"
        },
        "name": "admin"
    }
    }
GET
/v3/users

List users

Lists users.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

domain_id (Optional) query xsd:string

Filters on domain_id.

name (Optional) query xsd:string

Filters on a name.

enabled (Optional) query xsd:string

Filters on enabled or disabled roles. Values are true or false.

page (Optional) query xsd:string

Enables you to page through the list.

per_page (Optional) query xsd:string

Sets the page size for paging through the list. Default page size is 30.

{
    "users": [
    {
    "default_project_id": "--default-project-id--",
    "description": "a user",
    "domain_id": "1789d1",
    "email": "...",
    "enabled": true,
    "id": "--user-id--",
    "links": {
    "self": "http://identity:35357/v3/users/--user-id--"
    },
    "name": "admin"
    },
    {
    "default_project_id": "--default-project-id--",
    "description": "another user",
    "domain_id": "1789d1",
    "email": "...",
    "enabled": true,
    "id": "--user-id--",
    "links": {
    "self": "http://identity:35357/v3/users/--user-id--"
    },
    "name": "someone"
    }
    ],
    "links": {
    "self": "http://identity:35357/v3/users",
    "previous": null,
    "next": null
    }
    }
GET
/v3/users/​{user_id}​

Show user details

Shows details for a specified user.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

user_id URI capi:uuid The user ID.
{
    "user": {
    "default_project_id": "--default-project-id--",
    "description": "a user",
    "domain_id": "1789d1",
    "email": "...",
    "enabled": true,
    "id": "--user-id--",
    "links": {
    "self": "http://identity:35357/v3/users/--user-id--"
    },
    "name": "admin"
    }
    }

This operation does not accept a request body.

PATCH
/v3/users/​{user_id}​

Update user

Updates the password for or enables or disables a specified user.

 

This operation might return the HTTP 501 Not Implemented code if the back-end driver does not allow this functionality.

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

user_id URI capi:uuid The user ID.
{
    "user": {
    "default_project_id": "...",
    "description": "my updated user",
    "email": "...",
    "enabled": true
    }
    }
{
    "user": {
    "default_project_id": "--default-project-id--",
    "description": "my updated user",
    "domain_id": "1789d1",
    "email": "...",
    "enabled": true,
    "id": "--user-id--",
    "links": {
    "self": "http://identity:35357/v3/users/--user-id--"
    },
    "name": "admin"
    }
    }
DELETE
/v3/users/​{user_id}​

Delete user

Deletes a specified user.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

user_id URI capi:uuid The user ID.

This operation does not accept a request body and does not return a response body.

GET
/v3/users/​{user_id}​/groups

List groups for user

Lists groups for a specified user.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

user_id URI capi:uuid The user ID.
{
    "groups": [
    {
    "description": "Developers cleared for work on all general projects",
    "domain_id": "--domain-id--",
    "id": "--group-id--",
    "links": {
    "self": "http://identity:35357/v3/groups/--group-id--"
    },
    "name": "Developers"
    },
    {
    "description": "Developers cleared for work on secret projects",
    "domain_id": "--domain-id--",
    "id": "--group-id--",
    "links": {
    "self": "http://identity:35357/v3/groups/--group-id--"
    },
    "name": "Secure Developers"
    }
    ],
    "links": {
    "self": "http://identity:35357/v3/users/--user-id--/groups",
    "previous": null,
    "next": null
    }
    }

This operation does not accept a request body.

GET
/v3/users/​{user_id}​/projects

List projects for user

List projects for a specified user.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

user_id URI capi:uuid The user ID.
{
    "projects": [
    {
    "description": "description of this project",
    "domain_id": "--domain-id--",
    "enabled": true,
    "id": "--project-id--",
    "parent_id": "--parent-project-id--",
    "links": {
    "self": "http://identity:35357/v3/projects/--project-id--"
    },
    "name": "a project name"
    },
    {
    "description": "description of this project",
    "domain_id": "--domain-id--",
    "enabled": true,
    "id": "--project-id--",
    "parent_id": "--parent-project-id--",
    "links": {
    "self": "http://identity:35357/v3/projects/--project-id--"
    },
    "name": "another domain"
    }
    ],
    "links": {
    "self": "http://identity:35357/v3/users/--user-id--/projects",
    "previous": null,
    "next": null
    }
    }
    

This operation does not accept a request body.

Groups

Manages groups.

POST
/v3/groups

Add group

Adds a group.

 

Normal response codes

201

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)
{
    "group": {
        "description": "--optional--",
        "domain_id": "--optional--",
        "name": "..."
    }
    }
{
    "group": {
        "description": "Developers cleared for work on secret projects",
        "domain_id": "--domain-id--",
        "id": "--group-id--",
        "links": {
            "self": "http://identity:35357/v3/groups/--group-id--"
        },
        "name": "Secure Developers"
    }
    }
GET
/v3/groups

List groups

Lists groups.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

domain_id (Optional) query xsd:string

Filters on domain_id.

page (Optional) query xsd:string

Enables you to page through the list.

per_page (Optional) query xsd:string

Sets the page size for paging through the list. Default page size is 30.

Response parameters

Parameter Style Type Description
description (Optional) plain xsd:string

The description.

id (Optional) plain xsd:string

The domain ID.

id plain csapi:uuid

The credential ID.

links plain csapi:dict

Policy links.

name (Optional) plain xsd:string

The name of the resource.

{
    "groups": [
    {
    "description": "Developers cleared for work on all general projects",
    "domain_id": "--domain-id--",
    "id": "--group-id--",
    "links": {
    "self": "http://identity:35357/v3/groups/--group-id--"
    },
    "name": "Developers"
    },
    {
    "description": "Developers cleared for work on secret projects",
    "domain_id": "--domain-id--",
    "id": "--group-id--",
    "links": {
    "self": "http://identity:35357/v3/groups/--group-id--"
    },
    "name": "Secure Developers"
    },
    {
    "description": "Testers cleared for work on all general projects",
    "domain_id": "--domain-id--",
    "id": "--group-id--",
    "links": {
    "self": "http://identity:35357/v3/groups/--group-id--"
    },
    "name": "Testers"
    }
    ],
    "links": {
    "self": "http://identity:35357/v3/groups",
    "previous": null,
    "next": null
    }
    }
GET
/v3/groups/​{group_id}​

Show group details

Shows details for a specified group.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
group_id URI capi:uuid The group ID.

Response parameters

Parameter Style Type Description
description (Optional) plain xsd:string

The description.

id (Optional) plain xsd:string

The domain ID.

id plain csapi:uuid

The credential ID.

links plain csapi:dict

Policy links.

name (Optional) plain xsd:string

The name of the resource.

{
    "group": {
    "description": "Developers cleared for work on secret projects",
    "domain_id": "--domain-id--",
    "id": "--group-id--",
    "links": {
    "self": "http://identity:35357/v3/groups/--group-id--"
    },
    "name": "Secure Developers"
    }
    }

This operation does not accept a request body.

PATCH
/v3/groups/​{group_id}​

Update group

Updates a specified group.

 

Use this operation to update the name or description of a group. This operation might return the HTTP 501 Not Implemented code if the back-end driver does not allow this functionality.

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
group_id URI capi:uuid The group ID.
{
    "group": {
    "description": "my updated group",
    "name": "myUpdatedGroup"
    }
    }
{
    "group": {
    "description": "my updated group",
    "domain_id": "--domain-id--",
    "id": "--group-id--",
    "links": {
    "self": "http://identity:35357/v3/groups/--group-id--"
    },
    "name": "myUpdatedGroup"
    }
    }
DELETE
/v3/groups/​{group_id}​

Delete group

Deletes a specified group.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
group_id URI capi:uuid The group ID.

This operation does not accept a request body and does not return a response body.

GET
/v3/groups/​{group_id}​/users

List users in group

Lists the users in a specified group.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
group_id URI capi:uuid The group ID.
name (Optional) query xsd:string

Filters on a name.

page (Optional) query xsd:string

Enables you to page through the list.

per_page (Optional) query xsd:string

Sets the page size for paging through the list. Default page size is 30.

domain_id (Optional) query xsd:string

Filters on domain_id.

description (Optional) query xsd:string

Filters on a description.

name (Optional) query xsd:string

Filters on a name.

enabled (Optional) query xsd:string

Filters on enabled or disabled roles. Values are true or false.

page (Optional) query xsd:string

Enables you to page through the list.

per_page (Optional) query xsd:string

Sets the page size for paging through the list. Default page size is 30.

{
    "users": [
    {
    "default_project_id": "--default-project-id--",
    "description": "a user",
    "domain_id": "--domain-id--",
    "email": "...",
    "enabled": true,
    "id": "--user-id--",
    "links": {
    "self": "http://identity:35357/v3/users/--user-id--"
    },
    "name": "admin"
    },
    {
    "default_project_id": "--default-project-id--",
    "description": "another user",
    "domain_id": "--domain-id--",
    "email": "...",
    "enabled": true,
    "id": "--user-id--",
    "links": {
    "self": "http://identity:35357/v3/users/--user-id--"
    },
    "name": "someone"
    }
    ],
    "links": {
    "self": "http://identity:35357/v3/groups/--group-id--/users",
    "previous": null,
    "next": null
    }
    }
PUT
/v3/groups/​{group_id}​/users/​{user_id}​

Add user to group

Adds a user to a specified group.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
group_id URI capi:uuid The group ID.
user_id URI capi:uuid The user ID.

This operation does not accept a request body and does not return a response body.

DELETE
/v3/groups/​{group_id}​/users/​{user_id}​

Remove user from group

Removes a user from a group.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
group_id URI capi:uuid The group ID.
user_id URI capi:uuid The user ID.

This operation does not accept a request body and does not return a response body.

HEAD
/v3/groups/​{group_id}​/users/​{user_id}​

Check user membership in group

Validates that a user is in a group.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
group_id URI capi:uuid The group ID.
user_id URI capi:uuid The user ID.

This operation does not accept a request body and does not return a response body.

Credentials

Manages credentials.

POST
/v3/credentials

Add credential

Adds a credential.

 

The following example shows how to create an EC2-style credential where the credential blob is a string containing a JSON-serialized dictionary with keys access and secret. This format is required when you specify the ec2 type. To specify other credentials, such as access_key, simply change the type and contents of the data blob.

Normal response codes

201

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)
{
    "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}",
    "project_id": "--project-id--",
    "type": "ec2",
    "user_id": "--user--id--"
    }
    
{
    "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}",
    "id": "--credential-id--",
    "links": {
        "self": "http://identity:35357/v3/credentials/--credential-id--"
    },
    "project_id": "--project-id--",
    "type": "ec2",
    "user_id": "--user--id--"
    }
    
GET
/v3/credentials

List credentials

Lists credentials.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

page (Optional) query xsd:string

Enables you to page through the list.

per_page (Optional) query xsd:string

Sets the page size for paging through the list. Default page size is 30.

Response parameters

Parameter Style Type Description
blob plain xsd:string

The policy rule set itself, as a serialized blob.

id plain csapi:uuid

The credential ID.

links plain csapi:dict

Policy links.

project_id plain csapi:uuid

The UUID for the project.

type plain xsd:string

The MIME media type of the serialized policy blob.

user_id plain xsd:string

The ID of the user who owns the credential.

[
    {
    "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}",
    "id": "--credential-id--",
    "links": {
    "self": "http://identity:35357/v3/credentials/--credential-id--"
    },
    "project_id": "--project-id--",
    "type": "ec2",
    "user_id": "--user--id--"
    },
    {
    "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}",
    "id": "--credential-id--",
    "links": {
    "self": "http://identity:35357/v3/credentials/--credential-id--"
    },
    "project_id": "--project-id--",
    "type": "ec2",
    "user_id": "--user--id--"
    }
    ]
    
GET
/v3/credentials/​{credential_id}​

Show credential details

Shows details for a specified credential.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
credential_id URI capi:uuid The credential ID.
{
    "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}",
    "id": "--credential-id--",
    "links": {
    "self": "http://identity:35357/v3/credentials/--credential-id--"
    },
    "project_id": "--project-id--",
    "type": "ec2",
    "user_id": "--user--id--"
    }
    

This operation does not accept a request body.

PATCH
/v3/credentials/​{credential_id}​

Update credential

Updates a specified credential.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
credential_id URI capi:uuid The credential ID.
{
    "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}",
    "project_id": "--project-id--",
    "type": "ec2",
    "user_id": "--user--id--"
    }
    
{
    "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}",
    "id": "--credential-id--",
    "links": {
    "self": "http://identity:35357/v3/credentials/--credential-id--"
    },
    "project_id": "--project-id--",
    "type": "ec2",
    "user_id": "--user--id--"
    }
    
DELETE
/v3/credentials/​{credential_id}​

Delete credential

Deletes a specified credential.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
credential_id URI capi:uuid The credential ID.

This operation does not accept a request body and does not return a response body.

Roles

Manages roles.

POST
/v3/roles

Add role

Adds a role.

 

Normal response codes

201

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

{
    "role": {
        "name": "a role name"
    }
    }
{
    "id": "--role-id--",
    "links": {
        "self": "http://identity:35357/v3/roles/--role-id--"
    },
    "name": "a role name"
    }
GET
/v3/roles

List roles

Lists roles.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

name (Optional) query xsd:string

Filters on a name.

page (Optional) query xsd:string

Enables you to page through the list.

per_page (Optional) query xsd:string

Sets the page size for paging through the list. Default page size is 30.

{
    "roles": [
    {
    "id": "--role-id--",
    "links": {
    "self": "http://identity:35357/v3/roles/--role-id--"
    },
    "name": "admin"
    },
    {
    "id": "--role-id--",
    "links": {
    "self": "http://identity:35357/v3/roles/--role-id--"
    },
    "name": "manager"
    }
    ],
    "links": {
    "self": "http://identity:35357/v3/roles",
    "previous": null,
    "next": null
    }
    }
    
GET
/v3/role_assignments

List role assignments

Lists role assignments.

 

The list of all role assignments can be long. To filter the list, use the query parameters.

Some typical examples are:

GET /role_assignments?user.id={user_id} lists all role assignments for the specified user.

GET /role_assignments?scope.project.id={project_id} lists all role assignments for the specified project.

Each role assignment entity in the collection contains a link to the assignment that created this entity.

Use the effective query parameter to list effective assignments at the user, project, and domain level. This parameter allows for the effects of group membership. The group role assignment entities themselves are not returned in the collection. This represents the effective role assignments that would be included in a scoped token. You can use the other query parameters with the effective parameter.

For example, to determine what a user can actually do, issue this request:

GET /role_assignments?user.id={user_id}&effective

To return the equivalent set of role assignments that would be included in the token response of a project-scoped token, issue:

GET /role_assignments?user.id={user_id}&scope.project.id={project_id}&effective

In the response, the entity links section for entities that are included by virtue of group members also contains a url that you can use to access the membership of the group.

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
group.id (Optional) query xsd:string

Filters on group ID. Specify group.id={group_id} to list all role assignments for the specified group.

role.id (Optional) query xsd:string

Filters on role ID. Specify role.id={role_id} to list all role assignments for the specified role.

scope.domain.id (Optional) query xsd:string

Filters on domain ID. Specify scope.domain.id={domain_id} to list all role assignments for the specified domain.

scope.project.id (Optional) query xsd:string

Filters on project ID. Specify scope.project.id={project_id} to list all role assignments for the specified project.

user.id (Optional) query xsd:string

Filters on user ID. Specify user.id={user_id} to list all role assignments for the specified user.

effective (Optional) query xsd:key

Lists effective assignments at the user, project, and domain level, allowing for the effects of group membership.

The group role assignment entities themselves are not returned in the collection.

This represents the effective role assignments that would be included in a scoped token. You can use the other query parameters with the effective parameter.

GET /role_assignments?user.id={user_id}&scope.project.id={project_id}&effective
{
    "role_assignments": [
    {
    "links": {
    "assignment": "http://identity:35357/v3/domains/--domain-id--/users/--user-id--/roles/--role-id--"
    },
    "role": {
    "id": "--role-id--"
    },
    "scope": {
    "domain": {
        "id": "--domain-id--"
    }
    },
    "user": {
    "id": "--user-id--"
    }
    },
    {
    "group": {
    "id": "--group-id--"
    },
    "links": {
    "assignment": "http://identity:35357/v3/projects/--project-id--/groups/--group-id--/roles/--role-id--"
    },
    "role": {
    "id": "--role-id--"
    },
    "scope": {
    "project": {
        "id": "--project-id--"
    }
    }
    }
    ],
    "links": {
    "self": "http://identity:35357/v3/role_assignments",
    "previous": null,
    "next": null
    }
    }
GET /role_assignments?user.id={user_id}&scope.project.id={project_id}&effective
{
    "role_assignments": [
    {
    "links": {
    "assignment": "http://identity:35357/v3/domains/--domain-id--/users/--user-id--/roles/--role-id--"
    },
    "role": {
    "id": "--role-id--"
    },
    "scope": {
    "domain": {
        "id": "--domain-id--"
    }
    },
    "user": {
    "id": "--user-id--"
    }
    },
    {
    "links": {
    "assignment": "http://identity:35357/v3/projects/--project-id--/groups/--group-id--/roles/--role-id--",
    "membership": "http://identity:35357/v3/groups/--group-id--/users/--user-id--"
    },
    "role": {
    "id": "--role-id--"
    },
    "scope": {
    "project": {
        "id": "--project-id--"
    }
    },
    "user": {
    "id": "--user-id--"
    }
    }
    ],
    "links": {
    "self": "http://identity:35357/v3/role_assignments?effective",
    "previous": null,
    "next": null
    }
    }

This operation does not accept a request body.

Policies

Manages policies.

POST
/v3/policies

Add policy

Adds a policy.

 

Normal response codes

201

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

blob plain xsd:string

The policy rule set itself, as a serialized blob.

project_id plain csapi:uuid

The UUID for the project.

type plain xsd:string

The MIME Media Type of the serialized policy blob.

user_id plain xsd:string

The ID of the user who owns the credential.

Response parameters

Parameter Style Type Description
blob plain xsd:string

The policy rule set itself, as a serialized blob.

id plain csapi:uuid

The credential ID.

links plain csapi:dict

Policy links.

project_id plain csapi:uuid

The UUID for the project.

type plain xsd:string

The MIME media type of the serialized policy blob.

user_id plain xsd:string

The ID of the user who owns the credential.

{
    "blob": {
        "default": false
    },
    "project_id": "--project-id--",
    "type": "--serialization-mime-type--",
    "user_id": "--user--id--"
    }
    
{
    "blob": "--serialized-blob--",
    "id": "--policy-id--",
    "links": {
        "self": "http://identity:35357/v3/policies/--policy-id--"
    },
    "project_id": "--project-id--",
    "type": "--serialization-mime-type--",
    "user_id": "--user--id--"
    }
    
GET
/v3/policies

List policies

Lists policies.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

type (Optional) query xsd:string

Filters by service type. Service types include compute, ec2, image, and identity.

page (Optional) query xsd:string

Enables you to page through the list.

per_page (Optional) query xsd:string

Sets the page size for paging through the list. Default page size is 30.

Response parameters

Parameter Style Type Description
blob plain xsd:string

The policy rule set itself, as a serialized blob.

id plain csapi:uuid

The credential ID.

links plain csapi:dict

Policy links.

project_id plain csapi:uuid

The UUID for the project.

type plain xsd:string

The MIME media type of the serialized policy blob.

user_id plain xsd:string

The ID of the user who owns the credential.

[
    {
    "blob": "--serialized-blob--",
    "id": "--policy-id--",
    "links": {
    "self": "http://identity:35357/v3/policies/--policy-id--"
    },
    "project_id": "--project-id--",
    "type": "--serialization-mime-type--",
    "user_id": "--user--id--"
    },
    {
    "blob": "--serialized-blob--",
    "id": "--policy-id--",
    "links": {
    "self": "http://identity:35357/v3/policies/--policy-id--"
    },
    "project_id": "--project-id--",
    "type": "--serialization-mime-type--",
    "user_id": "--user--id--"
    }
    ]
    
GET
/v3/policies/​{policy_id}​

Show policy details

Shows details for a specified policy.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

policy_id URI capi:uuid The policy ID.

Response parameters

Parameter Style Type Description
blob plain xsd:string

The policy rule set itself, as a serialized blob.

id plain csapi:uuid

The credential ID.

links plain csapi:dict

Policy links.

project_id plain csapi:uuid

The UUID for the project.

type plain xsd:string

The MIME media type of the serialized policy blob.

user_id plain xsd:string

The ID of the user who owns the credential.

{
    "blob": "--serialized-blob--",
    "id": "--policy-id--",
    "links": {
    "self": "http://identity:35357/v3/policies/--policy-id--"
    },
    "project_id": "--project-id--",
    "type": "--serialization-mime-type--",
    "user_id": "--user--id--"
    }
    

This operation does not accept a request body.

PATCH
/v3/policies/​{policy_id}​

Update policy

Updates a specified policy.

 

Normal response codes

200

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

policy_id URI capi:uuid The policy ID.

Response parameters

Parameter Style Type Description
blob plain xsd:string

The policy rule set itself, as a serialized blob.

id plain csapi:uuid

The credential ID.

links plain csapi:dict

Policy links.

project_id plain csapi:uuid

The UUID for the project.

type plain xsd:string

The MIME media type of the serialized policy blob.

user_id plain xsd:string

The ID of the user who owns the credential.

{
    "blob": "--serialized-blob--",
    "project_id": "--project-id--",
    "type": "--serialization-mime-type--",
    "user_id": "--user--id--"
    }
    
{
    "blob": "--serialized-blob--",
    "id": "--policy-id--",
    "links": {
    "self": "http://identity:35357/v3/policies/--policy-id--"
    },
    "project_id": "--project-id--",
    "type": "--serialization-mime-type--",
    "user_id": "--user--id--"
    }
    
DELETE
/v3/policies/​{policy_id}​

Delete policy

Deletes a specified policy.

 

Normal response codes

204

Error response codes

Bad Request (400), Unauthorized (401), Forbidden (403), Method Not Allowed (405), Request Entity Too Large (413), Service Unavailable (503), Not Found (404)

Request parameters

Parameter Style Type Description
X-Auth-Token header xsd:string

A valid authentication token for an administrative user.

policy_id URI capi:uuid The policy ID.

This operation does not accept a request body and does not return a response body.

  • AURO
  • Latest News

AURO Cloud Computing expands support to include Managed Amazon Web Services infrastructure

Canadian Cloud Leader AURO adds Managed AWS services to provide a hyper cloud solution compliant with Canadian data privacy laws. These offerings allows customers to receive a customized AWS support solution, fulfilling both their infrastructure requirements and business goals.

  • Download
  • Free Whitepapers

Get the guides, facts, reports, and diagrams you need.

Download Now

See more resources

  • Get in Touch
  • 1.855.226.4678

Call Free anytime:

MORE CONTACT OPTIONS