# Authentication

Authentication and token management operations

## Validate and show token information

> Validates and shows information for a token, including its expiration date and authorization scope

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Authentication","description":"Authentication and token management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"parameters":{"X-Auth-Token":{"name":"X-Auth-Token","description":"A valid authentication token","schema":{"type":"string"},"in":"header","required":true},"X-Subject-Token":{"name":"X-Subject-Token","description":"The authentication token to validate","schema":{"type":"string"},"in":"header","required":true}},"schemas":{"TokenResponse":{"required":["token"],"type":"object","properties":{"token":{"required":["methods","user","audit_ids","expires_at","issued_at"],"type":"object","properties":{"methods":{"type":"array","items":{"type":"string"}},"user":{"$ref":"#/components/schemas/User"},"audit_ids":{"type":"array","items":{"type":"string"}},"expires_at":{"format":"date-time","type":"string"},"issued_at":{"format":"date-time","type":"string"},"project":{"$ref":"#/components/schemas/Project"},"domain":{"$ref":"#/components/schemas/Domain"},"system":{"type":"object","properties":{"all":{"type":"boolean"}}},"roles":{"type":"array","items":{"$ref":"#/components/schemas/Role"}},"catalog":{"type":"array","items":{"$ref":"#/components/schemas/CatalogEntry"}},"is_domain":{"type":"boolean"},"application_credential":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"restricted":{"type":"boolean"}}}}}}},"User":{"required":["id","name","enabled"],"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"type":"string"},"enabled":{"type":"boolean"},"domain_id":{"type":"string"},"domain":{"$ref":"#/components/schemas/Domain"},"default_project_id":{"type":"string"},"email":{"type":"string"},"password_expires_at":{"nullable":true,"format":"date-time","type":"string"},"options":{"type":"object"},"links":{"$ref":"#/components/schemas/Links"}}},"Domain":{"required":["id","name","enabled"],"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"type":"string"},"enabled":{"type":"boolean"},"links":{"$ref":"#/components/schemas/Links"},"options":{"type":"object"}}},"Links":{"required":["self"],"type":"object","properties":{"self":{"type":"string"},"previous":{"nullable":true,"type":"string"},"next":{"nullable":true,"type":"string"}}},"Project":{"required":["id","name","enabled"],"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"type":"string"},"enabled":{"type":"boolean"},"domain_id":{"type":"string"},"domain":{"$ref":"#/components/schemas/Domain"},"parent_id":{"type":"string"},"is_domain":{"type":"boolean"},"tags":{"type":"array","items":{"type":"string"}},"options":{"type":"object"},"links":{"$ref":"#/components/schemas/Links"}}},"Role":{"required":["id","name"],"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"type":"string"},"domain_id":{"type":"string"},"options":{"type":"object"},"links":{"$ref":"#/components/schemas/Links"}}},"CatalogEntry":{"required":["id","type","endpoints"],"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"},"name":{"type":"string"},"endpoints":{"type":"array","items":{"$ref":"#/components/schemas/EndpointInCatalog"}}}},"EndpointInCatalog":{"required":["id","interface","url"],"type":"object","properties":{"id":{"type":"string"},"interface":{"enum":["public","internal","admin"],"type":"string"},"region":{"type":"string"},"region_id":{"type":"string"},"url":{"type":"string"}}},"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Unauthorized":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"User must authenticate before making a request"},"Forbidden":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Policy does not allow current user to do this operation"},"NotFound":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"The requested resource could not be found"}}},"paths":{"/auth/tokens":{"get":{"tags":["Authentication"],"parameters":[{"$ref":"#/components/parameters/X-Auth-Token"},{"$ref":"#/components/parameters/X-Subject-Token"},{"name":"nocatalog","description":"Excludes the service catalog from the response","schema":{"type":"boolean"},"in":"query","required":false},{"name":"allow_expired","description":"Allow fetching a token that has expired","schema":{"type":"boolean"},"in":"query","required":false}],"responses":{"200":{"headers":{"X-Subject-Token":{"schema":{"type":"string"},"description":"The authentication token"}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TokenResponse"}}},"description":"Token validation successful"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/Forbidden"},"404":{"$ref":"#/components/responses/NotFound"}},"summary":"Validate and show token information","description":"Validates and shows information for a token, including its expiration date and authorization scope"}}}}
```

## Authenticate user and generate token

> Authenticates an identity and generates a token. Uses various authentication methods\
> including password, token, and multi-factor authentication.<br>

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Authentication","description":"Authentication and token management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"schemas":{"AuthRequest":{"required":["auth"],"type":"object","properties":{"auth":{"required":["identity"],"type":"object","properties":{"identity":{"required":["methods"],"type":"object","properties":{"methods":{"type":"array","items":{"enum":["password","token","application_credential","totp"],"type":"string"}},"password":{"type":"object","properties":{"user":{"$ref":"#/components/schemas/UserIdentity"}}},"token":{"type":"object","properties":{"id":{"type":"string"}}},"application_credential":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"secret":{"type":"string"},"user":{"$ref":"#/components/schemas/UserIdentity"}}},"totp":{"type":"object","properties":{"user":{"type":"object","properties":{"id":{"type":"string"},"passcode":{"type":"string"}}}}}}},"scope":{"type":"object","properties":{"project":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"domain":{"$ref":"#/components/schemas/DomainReference"}}},"domain":{"$ref":"#/components/schemas/DomainReference"},"system":{"type":"object","properties":{"all":{"type":"boolean"}}}}}}}}},"UserIdentity":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"domain":{"$ref":"#/components/schemas/DomainReference"},"password":{"type":"string"}}},"DomainReference":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"}}},"TokenResponse":{"required":["token"],"type":"object","properties":{"token":{"required":["methods","user","audit_ids","expires_at","issued_at"],"type":"object","properties":{"methods":{"type":"array","items":{"type":"string"}},"user":{"$ref":"#/components/schemas/User"},"audit_ids":{"type":"array","items":{"type":"string"}},"expires_at":{"format":"date-time","type":"string"},"issued_at":{"format":"date-time","type":"string"},"project":{"$ref":"#/components/schemas/Project"},"domain":{"$ref":"#/components/schemas/Domain"},"system":{"type":"object","properties":{"all":{"type":"boolean"}}},"roles":{"type":"array","items":{"$ref":"#/components/schemas/Role"}},"catalog":{"type":"array","items":{"$ref":"#/components/schemas/CatalogEntry"}},"is_domain":{"type":"boolean"},"application_credential":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"restricted":{"type":"boolean"}}}}}}},"User":{"required":["id","name","enabled"],"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"type":"string"},"enabled":{"type":"boolean"},"domain_id":{"type":"string"},"domain":{"$ref":"#/components/schemas/Domain"},"default_project_id":{"type":"string"},"email":{"type":"string"},"password_expires_at":{"nullable":true,"format":"date-time","type":"string"},"options":{"type":"object"},"links":{"$ref":"#/components/schemas/Links"}}},"Domain":{"required":["id","name","enabled"],"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"type":"string"},"enabled":{"type":"boolean"},"links":{"$ref":"#/components/schemas/Links"},"options":{"type":"object"}}},"Links":{"required":["self"],"type":"object","properties":{"self":{"type":"string"},"previous":{"nullable":true,"type":"string"},"next":{"nullable":true,"type":"string"}}},"Project":{"required":["id","name","enabled"],"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"type":"string"},"enabled":{"type":"boolean"},"domain_id":{"type":"string"},"domain":{"$ref":"#/components/schemas/Domain"},"parent_id":{"type":"string"},"is_domain":{"type":"boolean"},"tags":{"type":"array","items":{"type":"string"}},"options":{"type":"object"},"links":{"$ref":"#/components/schemas/Links"}}},"Role":{"required":["id","name"],"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"type":"string"},"domain_id":{"type":"string"},"options":{"type":"object"},"links":{"$ref":"#/components/schemas/Links"}}},"CatalogEntry":{"required":["id","type","endpoints"],"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"},"name":{"type":"string"},"endpoints":{"type":"array","items":{"$ref":"#/components/schemas/EndpointInCatalog"}}}},"EndpointInCatalog":{"required":["id","interface","url"],"type":"object","properties":{"id":{"type":"string"},"interface":{"enum":["public","internal","admin"],"type":"string"},"region":{"type":"string"},"region_id":{"type":"string"},"url":{"type":"string"}}},"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}},"AuthReceiptResponse":{"required":["receipt"],"type":"object","properties":{"receipt":{"required":["methods","user","expires_at","issued_at","required_auth_methods"],"type":"object","properties":{"methods":{"type":"array","items":{"type":"string"}},"user":{"$ref":"#/components/schemas/User"},"expires_at":{"format":"date-time","type":"string"},"issued_at":{"format":"date-time","type":"string"},"required_auth_methods":{"type":"array","items":{"type":"array","items":{"type":"string"}}}}}}}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Forbidden":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Policy does not allow current user to do this operation"},"NotFound":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"The requested resource could not be found"}}},"paths":{"/auth/tokens":{"post":{"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthRequest"}}},"required":true},"tags":["Authentication"],"parameters":[{"name":"nocatalog","description":"Excludes the service catalog from the authentication response","schema":{"type":"boolean"},"in":"query","required":false}],"responses":{"201":{"headers":{"X-Subject-Token":{"schema":{"type":"string"},"description":"The authentication token"}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/TokenResponse"}}},"description":"Token created successfully"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"headers":{"Openstack-Auth-Receipt":{"schema":{"type":"string"},"description":"Auth receipt for multi-factor authentication"}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthReceiptResponse"}}},"description":"Authentication failed or partial authentication (MFA)"},"403":{"$ref":"#/components/responses/Forbidden"},"404":{"$ref":"#/components/responses/NotFound"}},"summary":"Authenticate user and generate token","description":"Authenticates an identity and generates a token. Uses various authentication methods\nincluding password, token, and multi-factor authentication.\n"}}}}
```

## Revoke token

> Revokes a token, making it immediately invalid

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Authentication","description":"Authentication and token management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"parameters":{"X-Auth-Token":{"name":"X-Auth-Token","description":"A valid authentication token","schema":{"type":"string"},"in":"header","required":true},"X-Subject-Token":{"name":"X-Subject-Token","description":"The authentication token to validate","schema":{"type":"string"},"in":"header","required":true}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Unauthorized":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"User must authenticate before making a request"},"Forbidden":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Policy does not allow current user to do this operation"},"NotFound":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"The requested resource could not be found"}},"schemas":{"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}}}},"paths":{"/auth/tokens":{"delete":{"tags":["Authentication"],"parameters":[{"$ref":"#/components/parameters/X-Auth-Token"},{"$ref":"#/components/parameters/X-Subject-Token"}],"responses":{"204":{"description":"Token revoked successfully"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/Forbidden"},"404":{"$ref":"#/components/responses/NotFound"}},"summary":"Revoke token","description":"Revokes a token, making it immediately invalid"}}}}
```

## Validate token (no response body)

> Validates a token without returning a response body

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Authentication","description":"Authentication and token management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"parameters":{"X-Auth-Token":{"name":"X-Auth-Token","description":"A valid authentication token","schema":{"type":"string"},"in":"header","required":true},"X-Subject-Token":{"name":"X-Subject-Token","description":"The authentication token to validate","schema":{"type":"string"},"in":"header","required":true}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Unauthorized":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"User must authenticate before making a request"},"Forbidden":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Policy does not allow current user to do this operation"},"NotFound":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"The requested resource could not be found"}},"schemas":{"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}}}},"paths":{"/auth/tokens":{"head":{"tags":["Authentication"],"parameters":[{"$ref":"#/components/parameters/X-Auth-Token"},{"$ref":"#/components/parameters/X-Subject-Token"},{"name":"allow_expired","description":"Allow fetching a token that has expired","schema":{"type":"boolean"},"in":"query","required":false}],"responses":{"200":{"description":"Token is valid"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/Forbidden"},"404":{"$ref":"#/components/responses/NotFound"}},"summary":"Validate token (no response body)","description":"Validates a token without returning a response body"}}}}
```

## Get service catalog

> Returns a service catalog for the provided token

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Authentication","description":"Authentication and token management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"parameters":{"X-Auth-Token":{"name":"X-Auth-Token","description":"A valid authentication token","schema":{"type":"string"},"in":"header","required":true}},"schemas":{"CatalogResponse":{"required":["catalog","links"],"type":"object","properties":{"catalog":{"type":"array","items":{"$ref":"#/components/schemas/CatalogEntry"}},"links":{"$ref":"#/components/schemas/Links"}}},"CatalogEntry":{"required":["id","type","endpoints"],"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"},"name":{"type":"string"},"endpoints":{"type":"array","items":{"$ref":"#/components/schemas/EndpointInCatalog"}}}},"EndpointInCatalog":{"required":["id","interface","url"],"type":"object","properties":{"id":{"type":"string"},"interface":{"enum":["public","internal","admin"],"type":"string"},"region":{"type":"string"},"region_id":{"type":"string"},"url":{"type":"string"}}},"Links":{"required":["self"],"type":"object","properties":{"self":{"type":"string"},"previous":{"nullable":true,"type":"string"},"next":{"nullable":true,"type":"string"}}},"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Unauthorized":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"User must authenticate before making a request"},"Forbidden":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Policy does not allow current user to do this operation"},"NotFound":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"The requested resource could not be found"}}},"paths":{"/auth/catalog":{"get":{"tags":["Authentication"],"parameters":[{"$ref":"#/components/parameters/X-Auth-Token"}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CatalogResponse"}}},"description":"Service catalog retrieved successfully"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/Forbidden"},"404":{"$ref":"#/components/responses/NotFound"}},"summary":"Get service catalog","description":"Returns a service catalog for the provided token"}}}}
```

## List available tenants

> Returns the list of tenants that are available to be scoped to

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Authentication","description":"Authentication and token management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"parameters":{"X-Auth-Token":{"name":"X-Auth-Token","description":"A valid authentication token","schema":{"type":"string"},"in":"header","required":true}},"schemas":{"ProjectsResponse":{"required":["projects","links"],"type":"object","properties":{"projects":{"type":"array","items":{"$ref":"#/components/schemas/Project"}},"links":{"$ref":"#/components/schemas/Links"}}},"Project":{"required":["id","name","enabled"],"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"type":"string"},"enabled":{"type":"boolean"},"domain_id":{"type":"string"},"domain":{"$ref":"#/components/schemas/Domain"},"parent_id":{"type":"string"},"is_domain":{"type":"boolean"},"tags":{"type":"array","items":{"type":"string"}},"options":{"type":"object"},"links":{"$ref":"#/components/schemas/Links"}}},"Domain":{"required":["id","name","enabled"],"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"type":"string"},"enabled":{"type":"boolean"},"links":{"$ref":"#/components/schemas/Links"},"options":{"type":"object"}}},"Links":{"required":["self"],"type":"object","properties":{"self":{"type":"string"},"previous":{"nullable":true,"type":"string"},"next":{"nullable":true,"type":"string"}}},"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Unauthorized":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"User must authenticate before making a request"},"Forbidden":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Policy does not allow current user to do this operation"},"NotFound":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"The requested resource could not be found"}}},"paths":{"/auth/projects":{"get":{"tags":["Authentication"],"parameters":[{"$ref":"#/components/parameters/X-Auth-Token"}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ProjectsResponse"}}},"description":"Tenants listed successfully"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/Forbidden"},"404":{"$ref":"#/components/responses/NotFound"}},"summary":"List available tenants","description":"Returns the list of tenants that are available to be scoped to"}}}}
```

## List available domains

> Returns the list of domains that are available to be scoped to

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Authentication","description":"Authentication and token management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"parameters":{"X-Auth-Token":{"name":"X-Auth-Token","description":"A valid authentication token","schema":{"type":"string"},"in":"header","required":true}},"schemas":{"DomainsResponse":{"required":["domains","links"],"type":"object","properties":{"domains":{"type":"array","items":{"$ref":"#/components/schemas/Domain"}},"links":{"$ref":"#/components/schemas/Links"}}},"Domain":{"required":["id","name","enabled"],"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"type":"string"},"enabled":{"type":"boolean"},"links":{"$ref":"#/components/schemas/Links"},"options":{"type":"object"}}},"Links":{"required":["self"],"type":"object","properties":{"self":{"type":"string"},"previous":{"nullable":true,"type":"string"},"next":{"nullable":true,"type":"string"}}},"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Unauthorized":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"User must authenticate before making a request"},"Forbidden":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Policy does not allow current user to do this operation"},"NotFound":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"The requested resource could not be found"}}},"paths":{"/auth/domains":{"get":{"tags":["Authentication"],"parameters":[{"$ref":"#/components/parameters/X-Auth-Token"}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/DomainsResponse"}}},"description":"Domains listed successfully"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/Forbidden"},"404":{"$ref":"#/components/responses/NotFound"}},"summary":"List available domains","description":"Returns the list of domains that are available to be scoped to"}}}}
```

## List available systems

> Returns the list of systems that are available to be scoped to

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Authentication","description":"Authentication and token management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"parameters":{"X-Auth-Token":{"name":"X-Auth-Token","description":"A valid authentication token","schema":{"type":"string"},"in":"header","required":true}},"schemas":{"SystemResponse":{"required":["system","links"],"type":"object","properties":{"system":{"type":"array","items":{"type":"object","properties":{"all":{"type":"boolean"}}}},"links":{"$ref":"#/components/schemas/Links"}}},"Links":{"required":["self"],"type":"object","properties":{"self":{"type":"string"},"previous":{"nullable":true,"type":"string"},"next":{"nullable":true,"type":"string"}}},"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Unauthorized":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"User must authenticate before making a request"}}},"paths":{"/auth/system":{"get":{"tags":["Authentication"],"parameters":[{"$ref":"#/components/parameters/X-Auth-Token"}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SystemResponse"}}},"description":"Systems listed successfully"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"}},"summary":"List available systems","description":"Returns the list of systems that are available to be scoped to"}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.platform9.com/api-docs/identity-service/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.