OpenStack API Documentation

Identity API v2.0 extensions (SUPPORTED)

To list available Identity API v2.0 extensions, issue a GET request to v2.0/extensions.

OS-KSADM admin extension

GET

/v2.0/users

List users

Lists all users.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
limit (Optional)	query	xsd:int	Requests a specified page size of returned items from the query. Returns a number of items up to the specified limit value. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.
marker (Optional)	query	xsd:string	Specifies the ID of the last-seen item. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.

{
    "users": [
        {
            "id": "u1000",
            "name": "jqsmith",
            "email": "john.smith@example.org",
            "enabled": true
        },
        {
            "id": "u1001",
            "name": "jqsmith",
            "email": "john.smith@example.org",
            "enabled": true
        }
    ],
    "users_links": []
}

POST

/v2.0/users

Create user

Creates a user.

Normal response codes

201

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.

{
    "user": {
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true,
        "OS-KSADM:password": "secretsecret"
    }
}

{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}

PUT

/v2.0/users/{userId}

Update user

Updates a specified user.

Normal response codes

200

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
userId	URI	xsd:string	The ID of the user for which to perform the request.

{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}

{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}

DELETE

/v2.0/users/{userId}

Delete user

Deletes a specified user.

Normal response codes

204

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
userId	URI	xsd:string	The ID of the user for which to perform the request.

This operation does not accept a request body and does not return a response body.

PUT

/v2.0/users/{userId}/OS-KSADM/enabled

Enable user

Enables a specified user.

Normal response codes

200

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
userId	URI	xsd:string	The ID of the user for which to perform the request.

{
    "user": {
        "enabled": true
    }
}

{
    "user": {
        "id": "u1000",
        "name": "jqsmith",
        "email": "john.smith@example.org",
        "enabled": true
    }
}

GET

/v2.0/users/{userId}/roles

List global roles for user

Lists global roles for a specified user.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
userId	URI	xsd:string	The ID of the user for which to perform the request.
serviceId (Optional)	query	xsd:string	The service ID.
limit (Optional)	query	xsd:int	Requests a specified page size of returned items from the query. Returns a number of items up to the specified limit value. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.
marker (Optional)	query	xsd:string	Specifies the ID of the last-seen item. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.

{
    "roles": [
        {
            "id": "8341d3603a1d4d5985bff09f10704d4d",
            "name": "service"
        },
        {
            "id": "2e66d57df76946fdbe034bc4da6fdec0",
            "name": "admin"
        }
    ]
}

PUT

/v2.0/users/{userId}/roles/OS-KSADM/{roleId}

Grant global role to user

Grants a specified global role to a specified user.

Normal response codes

201

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
userId	URI	xsd:string	The ID of the user for which to perform the request.
roleId	URI	xsd:int	The role ID.

This operation does not accept a request body and does not return a response body.

DELETE

/v2.0/users/{userId}/roles/OS-KSADM/{roleId}

Delete global role from user

Deletes a specified global role from a specified user.

Normal response codes

204

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
userId	URI	xsd:string	The ID of the user for which to perform the request.
roleId	URI	xsd:int	The role ID.

This operation does not accept a request body and does not return a response body.

POST

/v2.0/tenants

Create tenant

Creates a specified tenant.

Normal response codes

201

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.

{
    "tenant": {
        "name": "ACME corp",
        "description": "A description ...",
        "enabled": true
    }
}

{
    "tenant": {
        "id": "1234",
        "name": "ACME corp",
        "description": "A description ...",
        "enabled": true
    }
}

POST

/v2.0/tenants/{tenantId}

Update tenant

Updates a specified tenant.

Normal response codes

200

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
tenantId	URI	xsd:string	The tenant ID.

{
    "tenant": {
        "id": "1234",
        "name": "ACME corp",
        "description": "A description ...",
        "enabled": true
    }
}

{
    "tenant": {
        "id": "1234",
        "name": "ACME corp",
        "description": "A description ...",
        "enabled": true
    }
}

DELETE

/v2.0/tenants/{tenantId}

Delete tenant

Deletes a specified tenant.

Normal response codes

204

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
tenantId	URI	xsd:string	The tenant ID.

This operation does not accept a request body and does not return a response body.

GET

/v2.0/tenants/{tenantId}/users

List users on a tenant

Lists all users for a specified tenant.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
tenantId	URI	xsd:string	The tenant ID.
limit (Optional)	query	xsd:int	Requests a specified page size of returned items from the query. Returns a number of items up to the specified limit value. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.
marker (Optional)	query	xsd:string	Specifies the ID of the last-seen item. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.

{
    "users": [
        {
            "id": "u1000",
            "name": "jqsmith",
            "email": "john.smith@example.org",
            "enabled": true
        },
        {
            "id": "u1001",
            "name": "jqsmith",
            "email": "john.smith@example.org",
            "enabled": true
        }
    ],
    "users_links": []
}

PUT

/v2.0/tenants/{tenantId}/users/{userId}/roles/OS-KSADM/{roleId}

Grant roles to user on tenant

Grants a specified role to a specified user for a specified tenant.

Normal response codes

201

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
tenantId	URI	xsd:string	The tenant ID.
userId	URI	xsd:string	The user ID.
roleId	URI	xsd:string	The role ID.

This operation does not accept a request body and does not return a response body.

DELETE

/v2.0/tenants/{tenantId}/users/{userId}/roles/OS-KSADM/{roleId}

Revoke role from user on tenant

Revokes a specified role from a specified user for a specified tenant.

Normal response codes

204

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
tenantId	URI	xsd:string	The tenant ID.
userId	URI	xsd:string	The user ID.
roleId	URI	xsd:string	The role ID.

This operation does not accept a request body and does not return a response body.

POST

/v2.0/OS-KSADM

Create role

Creates a role.

Normal response codes

201

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.

Response parameters

Parameter	Style	Type	Description
Location (Optional)	header	xsd:anyURI	The location.

{
    "role": {
        "id": "123",
        "name": "Guest",
        "description": "Guest Access"
    }
}

{
    "role": {
        "id": "123",
        "name": "Guest",
        "description": "Guest Access"
    }
}

GET

/v2.0/OS-KSADM/roles/{role_name}

Show role information by name

Shows information for a specified role, by name.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
name	URI	xsd:string	The role name.

Response parameters

Parameter	Style	Type	Description
id	plain	xsd:int	The role ID.
name	plain	xsd:string	The role name.
description	plain	xsd:string	The role description.
Location (Optional)	header	xsd:anyURI	The location.

{
    "role": {
        "id": "123",
        "name": "Guest",
        "description": "Guest Access"
    }
}

This operation does not accept a request body.

GET

/v2.0/OS-KSADM/{roleId}

Show role information by ID

Shows information for a specified role, by ID.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
roleId	URI	xsd:string	The role ID.

Response parameters

Parameter	Style	Type	Description
id	plain	xsd:int	The role ID.
name	plain	xsd:string	The role name.
description	plain	xsd:string	The role description.
Location (Optional)	header	xsd:anyURI	The location.

{
    "role": {
        "id": "123",
        "name": "Guest",
        "description": "Guest Access"
    }
}

This operation does not accept a request body.

DELETE

/v2.0/OS-KSADM/{roleId}

Delete role

Deletes a specified role.

Normal response codes

204

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
roleId	URI	xsd:string	The role ID.

This operation does not accept a request body and does not return a response body.

GET

/v2.0/OS-KSADM/

List roles

Lists all roles.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
limit (Optional)	query	xsd:int	Requests a specified page size of returned items from the query. Returns a number of items up to the specified limit value. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.
marker (Optional)	query	xsd:string	Specifies the ID of the last-seen item. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.

Response parameters

Parameter	Style	Type	Description
roles	plain	xsd:string	A `roles` object.
id	plain	xsd:int	The role ID.
name	plain	xsd:string	The role name.
description	plain	xsd:string	The role description.
roles_links	plain	xsd:dict	Role links.

{
    "roles": [
        {
            "id": "123",
            "name": "compute:admin",
            "description": "Nova Administrator"
        }
    ],
    "roles_links": []
}

GET

/v2.0/services

List services

Lists all services.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
limit (Optional)	query	xsd:int	Requests a specified page size of returned items from the query. Returns a number of items up to the specified limit value. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.
marker (Optional)	query	xsd:string	Specifies the ID of the last-seen item. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.

{
    "OS-KSADM:services": [
        {
            "id": "123",
            "name": "nova",
            "type": "compute",
            "description": "OpenStack Compute Service"
        },
        {
            "id": "234",
            "name": "glance",
            "type": "image",
            "description": "OpenStack Image Service"
        }
    ],
    "OS-KSADM:services_links": []
}

POST

/v2.0/services

Create service

Creates a service.

Normal response codes

201

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.

Response parameters

Parameter	Style	Type	Description
Location (Optional)	header	xsd:anyURI	The location.

{
    "OS-KSADM:service": {
        "id": "123",
        "name": "nova",
        "type": "compute",
        "description": "OpenStack Compute Service"
    }
}

{
    "OS-KSADM:service": {
        "id": "123",
        "name": "nova",
        "type": "compute",
        "description": "OpenStack Compute Service"
    }
}

GET

/v2.0/services/{serviceName}

Show service information by name

Shows information for a specified service, by name.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
name	URI	xsd:string	The service name.

{
    "OS-KSADM:service": {
        "id": "123",
        "name": "nova",
        "type": "compute",
        "description": "OpenStack Compute Service"
    }
}

This operation does not accept a request body.

GET

/v2.0/services/{serviceId}

Shows service information by ID

Shows information for a specified service, by ID.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
serviceId	URI	xsd:string	The service ID.

{
    "OS-KSADM:service": {
        "id": "123",
        "name": "nova",
        "type": "compute",
        "description": "OpenStack Compute Service"
    }
}

This operation does not accept a request body.

DELETE

/v2.0/services/{serviceId}

Delete service

Deletes a specified service.

Normal response codes

204

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
serviceId	URI	xsd:string	The service ID.

This operation does not accept a request body and does not return a response body.

OS-KSCATALOG admin extension

GET

/v2.0/tenants/{tenantId}/OS-KSCATALOG/endpoints

List endpoints

Lists endpoints for a tenant.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
tenantId	URI	xsd:string	The tenant ID.
limit (Optional)	query	xsd:int	Requests a specified page size of returned items from the query. Returns a number of items up to the specified limit value. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.
marker (Optional)	query	xsd:string	Specifies the ID of the last-seen item. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.

{
    "endpoints": [
        {
            "id": 1,
            "tenantId": "1",
            "region": "North",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 2,
            "tenantId": "1",
            "region": "South",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 3,
            "tenantId": "1",
            "region": "East",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 4,
            "tenantId": "1",
            "region": "West",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 5,
            "tenantId": "1",
            "region": "Global",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        }
    ],
    "endpoints_links": []
}

POST

/v2.0/tenants/{tenantId}/OS-KSCATALOG/endpoints

Create endpoint

Creates endpoint to a tenant.

Normal response codes

201

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
tenantId	URI	xsd:string	The tenant ID.

Response parameters

Parameter	Style	Type	Description
Location (Optional)	header	xsd:anyURI

{
    "OS-KSCATALOG:endpointTemplate": {
        "id": 1
    }
}

{
    "endpoint": {
        "id": 1,
        "tenantId": 1,
        "region": "North",
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "adminURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/"
    }
}

GET

/v2.0/tenants/{tenantId}/OS-KSCATALOG/endpoints/{endpointId}

Get endpoint

Gets endpoint for a tenant.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
tenantId	URI	xsd:string	The tenant ID.
endpointId	URI	xsd:string	The endpoint ID.

{
    "endpoint": {
        "id": 1,
        "tenantId": 1,
        "region": "North",
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "adminURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/"
    }
}

This operation does not accept a request body.

DELETE

/v2.0/tenants/{tenantId}/OS-KSCATALOG/endpoints/{endpointId}

Delete endpoint

Deletes an endpoint from a tenant.

Normal response codes

204

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
tenantId	URI	xsd:string	The tenant ID.
endpointId	URI	xsd:string	The endpoint ID.

This operation does not accept a request body and does not return a response body.

GET

/v2.0/OS-KSCATALOG/endpointTemplates

List endpoint templates

Lists endpoint templates.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
serviceId (Optional)	query	xsd:string	The service ID.
limit (Optional)	query	xsd:int	Requests a specified page size of returned items from the query. Returns a number of items up to the specified limit value. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.
marker (Optional)	query	xsd:string	Specifies the ID of the last-seen item. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.

{
    "OS-KSCATALOG:endpointsTemplates": [
        {
            "id": 1,
            "region": "North",
            "global": true,
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/",
            "enabled": true
        },
        {
            "id": 2,
            "region": "South",
            "type": "compute",
            "publicURL": "https://compute.south.public.com/v1",
            "internalURL": "https://compute.south.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.south.public.com/v1/",
            "versionList": "https://compute.south.public.com/",
            "enabled": false
        },
        {
            "id": 3,
            "region": "North",
            "global": true,
            "type": "object-store",
            "publicURL": "https://object-store.north.public.com/v1.0",
            "versionId": "1.0",
            "versionInfo": "https://object-store.north.public.com/v1.0/",
            "versionList": "https://object-store.north.public.com/",
            "enabled": true
        },
        {
            "id": 4,
            "region": "South",
            "type": "object-store",
            "publicURL": "https://object-store.south.public.com/v2",
            "versionId": "2",
            "versionInfo": "https://object-store.south.public.com/v2/",
            "versionList": "https://object-store.south.public.com/",
            "enabled": true
        },
        {
            "id": 5,
            "global": true,
            "type": "OS-DNS:DNS",
            "publicURL": "https://dns.public.com/v3.2",
            "versionId": "1.0",
            "versionInfo": "https://dns.public.com/v1.0/",
            "versionList": "https://dns.public.com/",
            "enabled": true
        }
    ],
    "OS-KSCATALOG:endpointsTemplates_links": []
}

POST

/v2.0/OS-KSCATALOG/endpointTemplates

Create endpoint template

Creates endpoint template.

Normal response codes

201

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
serviceId (Optional)	query	xsd:string	The service ID.

Response parameters

Parameter	Style	Type	Description
Location (Optional)	header	xsd:anyURI

{
    "OS-KSCATALOG:endpointTemplate": {
        "id": 1,
        "region": "North",
        "global": true,
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/",
        "enabled": true
    }
}

{
    "OS-KSCATALOG:endpointTemplate": {
        "id": 1,
        "region": "North",
        "global": true,
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/",
        "enabled": true
    }
}

GET

/v2.0/OS-KSCATALOG/endpointTemplates/{endpointTemplateId}

Get endpoint template

Gets endpoint templates.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
endpointTemplateId	URI	xsd:string	The endpoint template ID.

{
    "OS-KSCATALOG:endpointTemplate": {
        "id": 1,
        "region": "North",
        "global": true,
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/",
        "enabled": true
    }
}

This operation does not accept a request body.

PUT

/v2.0/OS-KSCATALOG/endpointTemplates/{endpointTemplateId}

Update endpoint template

Updates endpoint template.

Normal response codes

200

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404), badMediaType (415)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
endpointTemplateId	URI	xsd:string	The endpoint template ID.

{
    "OS-KSCATALOG:endpointTemplate": {
        "id": 1,
        "region": "North",
        "global": true,
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/",
        "enabled": true
    }
}

{
    "OS-KSCATALOG:endpointTemplate": {
        "id": 1,
        "region": "North",
        "global": true,
        "type": "compute",
        "publicURL": "https://compute.north.public.com/v1",
        "internalURL": "https://compute.north.internal.com/v1",
        "versionId": "1",
        "versionInfo": "https://compute.north.public.com/v1/",
        "versionList": "https://compute.north.public.com/",
        "enabled": true
    }
}

DELETE

/v2.0/OS-KSCATALOG/endpointTemplates/{endpointTemplateId}

Delete endpoint template.

Deletes an endpoint template.

Normal response codes

204

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
endpointTemplateId	URI	xsd:string	The endpoint template ID.

This operation does not accept a request body and does not return a response body.

OS-KSEC2 admin extension

GET

/v2.0/users/{userId}/OS-KSADM/credentials

List credentials

Lists credentials.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token.
userId	URI	xsd:string	The user ID.
limit (Optional)	query	xsd:int	Requests a specified page size of returned items from the query. Returns a number of items up to the specified limit value. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.
marker (Optional)	query	xsd:string	Specifies the ID of the last-seen item. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.

{
    "credentials": [
        {
            "passwordCredentials": {
                "username": "test_user",
                "password": "secretsecret"
            }
        },
        {
            "OS-KSEC2-ec2Credentials": {
                "username": "test_user",
                "secret": "secretsecret",
                "signature": "bbb"
            }
        }
    ],
    "credentials_links": []
}

POST

/v2.0/users/{userId}/OS-KSADM/credentials

Grant credential to user

Grants a specified credential to a specified user.

Normal response codes

201

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token.
userId	URI	xsd:string	The user ID.

{
    "OS-KSEC2-ec2Credentials": {
        "username": "test_user",
        "secret": "secretsecret",
        "signature": "bbb"
    }
}

{
    "OS-KSEC2-ec2Credentials": {
        "username": "test_user",
        "secret": "secretsecret",
        "signature": "bbb"
    }
}

GET

/v2.0/users/{userId}/OS-KSADM/credentials/OS-KSEC2:ec2Credentials

Get user credentials

Gets user credentials.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token.
userId	URI	xsd:string	The user ID.

{
    "OS-KSEC2-ec2Credentials": {
        "username": "test_user",
        "secret": "secretsecret",
        "signature": "bbb"
    }
}

This operation does not accept a request body.

POST

/v2.0/users/{userId}/OS-KSADM/credentials/OS-KSEC2:ec2Credentials

Update user credentials

Updates credentials for a specified user.

Normal response codes

200

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token.
userId	URI	xsd:string	The user ID.

{
    "OS-KSEC2-ec2Credentials": {
        "username": "test_user",
        "secret": "secretsecret",
        "signature": "bbb"
    }
}

{
    "OS-KSEC2-ec2Credentials": {
        "username": "test_user",
        "secret": "secretsecret",
        "signature": "bbb"
    }
}

DELETE

/v2.0/users/{userId}/OS-KSADM/credentials/OS-KSEC2:ec2Credentials

Delete user credentials

Deletes user credentials.

Normal response codes

204

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token.
userId	URI	xsd:string	The user ID.

This operation does not accept a request body and does not return a response body.

GET

/v2.0/users/{userId}/OS-KSADM/credentials/OS-KSEC2:ec2Credentials/{type}

List credentials by type

Lists credentials by type.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token.
userId	URI	xsd:string	The user ID.
type	query	xsd:string	The credential type.
limit (Optional)	query	xsd:int	Requests a specified page size of returned items from the query. Returns a number of items up to the specified limit value. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.
marker (Optional)	query	xsd:string	Specifies the ID of the last-seen item. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.

{
    "credentials": [
        {
            "passwordCredentials": {
                "username": "test_user",
                "password": "secretsecret"
            }
        }
    ],
    "credentials_links": []
}

OS-KSS3 admin extension

GET

/v2.0/users/{userId}/OS-KSS3/credentials

List credentials

Lists credentials.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token.
userId	URI	xsd:string	The user ID.
limit (Optional)	query	xsd:int	Requests a specified page size of returned items from the query. Returns a number of items up to the specified limit value. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.
marker (Optional)	query	xsd:string	Specifies the ID of the last-seen item. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.

{
    "credentials": [
        {
            "passwordCredentials": {
                "username": "test_user",
                "password": "secretsecret"
            }
        },
        {
            "OS-KSS3:s3Credentials": {
                "username": "test_user",
                "secret": "secretsecret",
                "signature": "bbb"
            }
        }
    ],
    "credentials_links": []
}

POST

/v2.0/users/{userId}/OS-KSS3/credentials

Grant credential to user

Grants a specified credential to a specified user.

Normal response codes

201

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token.
userId	URI	xsd:string	The user ID.

{
    "OS-KSS3:s3Credentials": {
        "username": "test_user",
        "secret": "secretsecret",
        "signature": "bbb"
    }
}

{
    "OS-KSS3:s3Credentials": {
        "username": "test_user",
        "secret": "secretsecret",
        "signature": "bbb"
    }
}

GET

/v2.0/users/{userId}/OS-KSS3/credentials/s3credentials

Get user credentials

Gets user credentials.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token.
userId	URI	xsd:string	The user ID.

{
    "OS-KSS3:s3Credentials": {
        "username": "test_user",
        "secret": "secretsecret",
        "signature": "bbb"
    }
}

This operation does not accept a request body.

POST

/v2.0/users/{userId}/OS-KSS3/credentials/s3credentials

Update user credentials

Updates credentials.

Normal response codes

200

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token.
userId	URI	xsd:string	The user ID.

{
    "OS-KSS3:s3Credentials": {
        "username": "test_user",
        "secret": "secretsecret",
        "signature": "bbb"
    }
}

{
    "OS-KSS3:s3Credentials": {
        "username": "test_user",
        "secret": "secretsecret",
        "signature": "bbb"
    }
}

DELETE

/v2.0/users/{userId}/OS-KSS3/credentials/s3credentials

Revoke user credentials

Revokes user credentials.

Normal response codes

204

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), badMediaType (415), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token.
userId	URI	xsd:string	The user ID.

This operation does not accept a request body and does not return a response body.

GET

/v2.0/users/{userId}/OS-KSS3/credentials/s3credentials/{type}

List credentials by type

Lists credentials by type.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token.
userId	URI	xsd:string	The user ID.
type	query	xsd:string	The credential type.
limit (Optional)	query	xsd:int	Requests a specified page size of returned items from the query. Returns a number of items up to the specified limit value. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.
marker (Optional)	query	xsd:string	Specifies the ID of the last-seen item. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.

{
    "credentials": [
        {
            "passwordCredentials": {
                "username": "test_user",
                "password": "secretsecret"
            }
        },
        {
            "OS-KSS3:s3Credentials": {
                "username": "test_user",
                "secret": "secretsecret",
                "signature": "bbb"
            }
        }
    ],
    "credentials_links": []
}

OS-KSVALIDATE admin extension

GET

/v2.0/OS-KSVALIDATE/token/validate

Validate token

Checks that a token is valid and that it belongs to a specified tenant and service IDs. Returns the permissions for a particular client.

Behavior is similar to /tokens/{tokenId}. An itemNotFound (404) fault is returned for a token that is not valid.

This extension might decrypt X-Subject-Token header and internally call the normal validation for Identity, passing in all headers and query parameters. It should therefore support all existing calls on /tokens/{tokenId}, including extensions such as HP-IDM.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
X-Subject-Token	header	xsd:string	A valid authentication token.
belongsTo (Optional)	query	xsd:string	Validates that a token has the specified tenant in scope, for performance. Valid tokens are in the `/tokens/{tokenId}` path. An itemNotFound (`404`) fault is returned for a token that is not valid.
HP-IDM-serviceId (Optional)	query	xsd:string

{
    "access": {
        "token": {
            "id": "ab48a9efdfedb23ty3494",
            "expires": "2010-11-01T03:32:15-05:00",
            "tenant": {
                "id": "345",
                "name": "My Project"
            }
        },
        "user": {
            "id": "123",
            "name": "jqsmith",
            "roles": [
                {
                    "id": "234",
                    "name": "compute:admin"
                },
                {
                    "id": "234",
                    "name": "object-store:admin",
                    "tenantId": "1"
                }
            ],
            "roles_links": []
        }
    }
}

This operation does not accept a request body.

HEAD

/v2.0/OS-KSVALIDATE/token/validate

Check token

Checks that a token is valid and that it belongs to a specified tenant and service IDs, for performance.

Behavior is similar to /tokens/{tokenId}. An itemNotFound (404) fault is returned for a token that is not valid.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
X-Subject-Token	header	xsd:string	A valid authentication token.
belongsTo (Optional)	query	xsd:string	Validates that a token has the specified tenant in scope, for performance. Valid tokens are in the `/tokens/{tokenId}` path. An itemNotFound (`404`) fault is returned for a token that is not valid.
HP-IDM-serviceId (Optional)	query	xsd:string

This operation does not accept a request body and does not return a response body.

GET

/v2.0/OS-KSVALIDATE/token/endpoints

List endpoints for token

Lists endpoints associated with a specific token.

Normal response codes

200, 203

Error response codes

identityFault (400, 500, …), badRequest (400), unauthorized (401), forbidden (403), badMethod (405), overLimit (413), serviceUnavailable (503), itemNotFound (404)

Request parameters

Parameter	Style	Type	Description
X-Auth-Token	header	xsd:string	A valid authentication token for an administrative user.
X-Subject-Token	header	xsd:string	A valid authentication token.
HP-IDM-serviceId (Optional)	query	xsd:string	A comma-separated string of service IDs. Checks the roles against the specified service IDs. If a service ID is not valid or if no roles are associated with a service ID, a 401 fault is returned.
limit (Optional)	query	xsd:int	Requests a specified page size of returned items from the query. Returns a number of items up to the specified limit value. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.
marker (Optional)	query	xsd:string	Specifies the ID of the last-seen item. Use the `limit` parameter to make an initial limited request and use the ID of the last-seen item from the response as the `marker` parameter value in a subsequent limited request.

{
    "endpoints": [
        {
            "id": 1,
            "tenantId": "1",
            "region": "North",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 2,
            "tenantId": "1",
            "region": "South",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 3,
            "tenantId": "1",
            "region": "East",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 4,
            "tenantId": "1",
            "region": "West",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        },
        {
            "id": 5,
            "tenantId": "1",
            "region": "Global",
            "type": "compute",
            "publicURL": "https://compute.north.public.com/v1",
            "internalURL": "https://compute.north.internal.com/v1",
            "adminURL": "https://compute.north.internal.com/v1",
            "versionId": "1",
            "versionInfo": "https://compute.north.public.com/v1/",
            "versionList": "https://compute.north.public.com/"
        }
    ],
    "endpoints_links": []
}