Access and authentication

Content Platform for Cloud Scale Management API Reference

Version
2.5.x
Audience
anonymous
Part Number
MK-HCPCS007-08

To use the Object Storage Management or System Management MAPIs, you need a user account that has permission to perform the actions you want.

Requesting an access token

After you have a user account, you must request an authentication token from the system. To do this, you send an HTTP POST request to the method /auth/oauth.

When you generate a new access token, a refresh token also gets generated automatically.

Here's an example using the cURL command-line tool:

curl -ik -X POST https://mysystem.example.com:8000/auth/oauth/ \
-d grant_type=password \
-d username=user1 \
-d password=password1 \
-d scope=* \
-d client_secret=my-secret \
-d client_id=my-client \
-d realm=marketingUsers

In response to this request, you receive a JSON response body containing an access_token field. The value for this field is the token. For example:

{
"access_token": "eyJr287bjle..."
"expires_in": 7200
}
Note:
  • To get a list of security realms for the system, send an HTTP GET request to the method /setup. For example, to do this with cURL:
    curl -k -X GET --header 'Accept: application/json' \ 
    'https://mysystem.example.com:8000/api/admin/setup'
  • To get an access token for the local admin user account, you can omit the realm option for the request, or specify a realm value of Local.

Submitting the access token

You must specify the access token as part of all REST API requests that you make. You do this by submitting an Authorization header along with the request. Here's an example that uses cURL:

curl -X GET --header "Accept:application/json" \
https://mysystem.example.com:8000/api/admin/instances \
--header "Authorization: Bearer eyJr287bjle..."

Changing a password

You can use the MAPI to change the system's password using the following cURL commands, where $1=server_name, $2=current_password, and $3=new_password:

TOKEN=$(curl -ik -X POST https://$1.mysystem.com:8000/auth/oauth/ \
-d grant_type=password -d username=admin -d password=$2 \
-d scope=* -d client_secret=client-secret -d client_id=client-id \
-d realm=local 2>&1  | grep access_token | awk -F: '{print $2}' \ 
| awk -F\" '{print $2}')
curl -v -X POST --header 'Content-Type: application/json' \
--header "Authorization: Bearer $TOKEN" \
https://$1.mysystem.com:8000/api/admin/setup/password \
-d '{"password": "'"$3"'"}'