Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Query Arguments for Tokens

The following HTTP request URI query arguments control the creation of a token:

No query argsCauses the default behavior as if setcookie=true was specified.
setcookie=trueCauses the HTTP response to contain a Cookie header that will cause a web browser to replace its current authentication token with the newly generated one.
setcookie=false

Causes the HTTP response to contain the header Gateway-Token instead of the standard Cookie header. Use this to have the browser continue using its current authentication token.

Note

The Gateway-Token header is the same for both SCSP and S3 tokens.

Request Headers for Tokens

The following HTTP request headers control the creation of a token:

X-Owner-Meta{username}Required

Used by the tokenAdmin user to create a token on behalf of another user. An error is returned if any user other than the token administrator attempts to set this header.

By default, the owner of a token will be the user that creates it.

X-User-Token-Expires-Meta{time-specification}Optional

Sets the expiration time for the authentication token. See below for ways that you may express time.

If this header is not given, the default expiration time is set based on Gateway's tokenTTLHours configuration setting, which defaults to 24 hours after token creation.

X-User-Secret-Key-Meta{string}OptionalSets an S3 secret key that is used for signing S3 requests. When this header is present, the token may only be used to sign S3 storage requests, which means that you cannot use the token to authenticate SCSP storage or Management API operations. Values of this string must follow Swarm metadata value rules for encoding, and 7-bit ASCII values are recommended.
X-Custom-Meta-{string}{string}OptionalAdditional custom metadata that is saved with the token. This is for application-specific purposes and it is not interpreted by the Gateway during token creation or use.
X-Custom-Meta-Source{string}OptionalThis metadata header will be displayed as the Description of the token in the Content UI.

You have numerous options for how to specify the time for the token's expiration:

POSIX time

{n}

"1444419929"

Integer value that is the number of seconds elapsed since 00:00:00. Coordinated Universal Time (UTC), 1 January 1970, not counting leap seconds.

Days offset

+{n}

"+365"

Integer number of days (86,400 sec/day) from now.

Year only

{YYYY}

"2015"

Four-digit year; the expiration will be on January 1st at 00:00Z of that year.

Specific day

{YYYY}{MM}{DD}

"2015-10-09"

Year, month, and day; the expiration will be at 00:00Z on that day.

ISO timespec

{YYYY}{MM}{DD}
T{hh}:{mm}:{ss}.{nnn}Z

"2015-10-09T11:18:00.000Z"

ISO time specification; all digits and fixed characters must be supplied; only UTC ("Z") time zone is allowed.

Token Examples

Creating a domain token
POST http://{domain}/.TOKEN/
Auth: john:password

HTTP/1.1 201 Created
Gateway-Request-Id: 41B8FD0D739DF86C 
Set-Cookie: token=d9f8378f71e79b77831f65d9e6891af6; path=/
Content-Length: 0
Creating a tenant token for S3
POST http://{domain}/_admin/manage/tenants/tenant256/tokens/
Auth: john:password
X-User-Token-Expires-Meta: +730
X-User-Secret-Key-Meta: 5ZdMSEubcFHJjnkyEzy722ZQHjd2xsTo
X-Custom-Meta-Source: Laptop Applications
 
HTTP/1.1 201 Created
Gateway-Request-Id: 7612F7FDB63B7C02 
Set-Cookie: token=cc8ea2467d196b047497818f6271f00c; path=/
Content-Length: 0
Creating a tenant token for S3 with curl
$ USER="john"
$ SECRETKEY="1NnYIOXeHfuuW30eARH19iJQXNvvjMSF"
$ EXPIRES="+365"
$ curl -u $USER -X POST --data-binary "" \
	-H "X-User-Secret-Key-Meta: $SECRETKEY" \
	-H "X-User-Token-Expires-Meta: $EXPIRES" \
	"http://mydomain.example.com/_admin/manage/tenants/tenant255/tokens/"
Enter host password for user 'john':
{"token":"8c3955185d3ae8347caca1a14e4e2416", ... }



  • No labels