These examples assume a default port value of 35357, and depend on the sampledata bundled with keystone.
Disover API version information, links to documentation (PDF, HTML, WADL), and supported media types:
$ curl http://0.0.0.0:35357
or:
$ curl http://0.0.0.0:35357/v2.0/
Returns:
{
"version":{
"id":"v2.0",
"status":"ALPHA",
"updated":"2011-11-19T00:00:00Z",
"links":[
{
"rel":"self",
"href":"http://127.0.0.1:35357/v2.0/"
},
{
"rel":"describedby",
"type":"text/html",
"href":"http://docs.openstack.org/api/openstack-identity-service/2.0/content/"
},
{
"rel":"describedby",
"type":"application/pdf",
"href":"http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf"
},
{
"rel":"describedby",
"type":"application/vnd.sun.wadl+xml",
"href":"http://127.0.0.1:35357/v2.0/identity-admin.wadl"
}
],
"media-types":[
{
"base":"application/xml",
"type":"application/vnd.openstack.identity-v2.0+xml"
},
{
"base":"application/json",
"type":"application/vnd.openstack.identity-v2.0+json"
}
]
}
}
Discover the API extensions enabled at the endpoint:
$ curl http://0.0.0.0:35357/extensions
Returns:
{
"extensions":{
"values":[]
}
}
Authenticate by exchanging credentials for an access token:
$ curl -d '{"auth":{"passwordCredentials":{"username": "joeuser", "password": "secrete"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens
Returns:
{
"access":{
"token":{
"expires":"2012-02-05T00:00:00",
"id":"887665443383838",
"tenant":{
"id":"1",
"name":"customer-x"
}
},
"serviceCatalog":[
{
"endpoints":[
{
"adminURL":"http://swift.admin-nets.local:8080/",
"region":"RegionOne",
"internalURL":"http://127.0.0.1:8080/v1/AUTH_1",
"publicURL":"http://swift.publicinternets.com/v1/AUTH_1"
}
],
"type":"object-store",
"name":"swift"
},
{
"endpoints":[
{
"adminURL":"http://cdn.admin-nets.local/v1.1/1",
"region":"RegionOne",
"internalURL":"http://127.0.0.1:7777/v1.1/1",
"publicURL":"http://cdn.publicinternets.com/v1.1/1"
}
],
"type":"object-store",
"name":"cdn"
}
],
"user":{
"id":"1",
"roles":[
{
"tenantId":"1",
"id":"3",
"name":"Member"
}
],
"name":"joeuser"
}
}
}
Note
Take note of the value [‘access’][‘token’][‘id’] value produced here (887665443383838, above), as you can use it in the calls below.
Note
This call refers to a token known to be valid, 887665443383838 in this case.
Validate a token:
$ curl -H "X-Auth-Token:999888777666" http://localhost:35357/v2.0/tokens/887665443383838
If the token is valid, returns:
{
"access":{
"token":{
"expires":"2012-02-05T00:00:00",
"id":"887665443383838",
"tenant":{
"id":"1",
"name":"customer-x"
}
},
"user":{
"username":"joeuser",
"tenantName":"customer-x",
"id":"1",
"roles":[
{
"tenantId":"1",
"id":"3",
"name":"Member"
}
],
"tenantId":"1"
}
}
}
This is a high-performance variant of the GET call documented above, which by definition, returns no response body:
$ curl -I -H "X-Auth-Token:999888777666" http://localhost:35357/v2.0/tokens/887665443383838
... which returns 200, indicating the token is valid:
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: None
Date: Tue, 08 Nov 2011 23:07:44 GMT
Note
Not implemented in stable/diablo! This resource is available in essex milestone 1.
List all of the tenants in the system (requires an Admin X-Auth-Token):
$ curl -H "X-Auth-Token:999888777666" http://localhost:35357/v2.0/tenants
Returns:
{
"tenants":{
"values":[
{
"enabled":false,
"description":"None",
"name":"project-y",
"id":"3"
},
{
"enabled":true,
"description":"None",
"name":"ANOTHER:TENANT",
"id":"2"
},
{
"enabled":true,
"description":"None",
"name":"customer-x",
"id":"1"
}
],
"links":[
]
}
}
Retrieve information about a tenant, by tenant ID:
$ curl -H "X-Auth-Token:999888777666" http://localhost:35357/v2.0/tenants/1
Returns:
{
"tenant":{
"enabled":true,
"description":"None",
"name":"customer-x",
"id":"1"
}
}
Note
Not implemented in stable/diablo! This resource is available in essex milestone 1.
List the roles a user has been granted on a tenant:
$ curl -H "X-Auth-Token:999888777666" http://localhost:35357/v2.0/tenants/1/users/1/roles
Returns:
{
"roles_links":[],
"roles":[
{
"id":"3",
"name":"Member"
}
]
}
Retrieve information about a user, by user ID:
$ curl -H "X-Auth-Token:999888777666" http://localhost:35357/v2.0/users/1
Returns:
{
"user":{
"tenantId":"1",
"enabled":true,
"id":"1",
"name":"joeuser"
}
}
Note
Not implemented in stable/diablo! This resource is available in essex milestone 1.
Retrieve the roles granted to a user, given a user ID:
$ curl -H "X-Auth-Token:999888777666" http://localhost:35357/v2.0/users/4/roles
Returns:
{
"roles_links":[],
"roles":[
{
"id":"2",
"name":"KeystoneServiceAdmin"
}
]
}