Authentication

Authentication and token management operations

Validate and show token information

get

Validates and shows information for a token, including its expiration date and authorization scope

Authorizations

X-Auth-TokenstringRequired

Authentication token obtained from the authentication service

Query parameters

nocatalogbooleanOptional

Excludes the service catalog from the response

allow_expiredbooleanOptional

Allow fetching a token that has expired

Header parameters

X-Auth-TokenstringRequired

A valid authentication token

X-Subject-TokenstringRequired

The authentication token to validate

Responses

200

Token validation successful

application/json

400

Some content in the request was invalid

application/json

401

User must authenticate before making a request

application/json

403

Policy does not allow current user to do this operation

application/json

404

The requested resource could not be found

application/json

get

/auth/tokens

GET /keystone/v3/auth/tokens HTTP/1.1
Host: example.platform9.com
X-Auth-Token: text
X-Subject-Token: text
Accept: */*

{
  "token": {
    "methods": [
      "text"
    ],
    "user": {
      "id": "text",
      "name": "text",
      "description": "text",
      "enabled": true,
      "domain_id": "text",
      "domain": {
        "id": "text",
        "name": "text",
        "description": "text",
        "enabled": true,
        "links": {
          "self": "text",
          "previous": "text",
          "next": "text"
        },
        "options": {}
      },
      "default_project_id": "text",
      "email": "text",
      "password_expires_at": "2025-12-19T16:21:32.773Z",
      "options": {},
      "links": {
        "self": "text",
        "previous": "text",
        "next": "text"
      }
    },
    "audit_ids": [
      "text"
    ],
    "expires_at": "2025-12-19T16:21:32.773Z",
    "issued_at": "2025-12-19T16:21:32.773Z",
    "project": {
      "id": "text",
      "name": "text",
      "description": "text",
      "enabled": true,
      "domain_id": "text",
      "domain": {
        "id": "text",
        "name": "text",
        "description": "text",
        "enabled": true,
        "links": {
          "self": "text",
          "previous": "text",
          "next": "text"
        },
        "options": {}
      },
      "parent_id": "text",
      "is_domain": true,
      "tags": [
        "text"
      ],
      "options": {},
      "links": {
        "self": "text",
        "previous": "text",
        "next": "text"
      }
    },
    "domain": {
      "id": "text",
      "name": "text",
      "description": "text",
      "enabled": true,
      "links": {
        "self": "text",
        "previous": "text",
        "next": "text"
      },
      "options": {}
    },
    "system": {
      "all": true
    },
    "roles": [
      {
        "id": "text",
        "name": "text",
        "description": "text",
        "domain_id": "text",
        "options": {},
        "links": {
          "self": "text",
          "previous": "text",
          "next": "text"
        }
      }
    ],
    "catalog": [
      {
        "id": "text",
        "type": "text",
        "name": "text",
        "endpoints": [
          {
            "id": "text",
            "interface": "public",
            "region": "text",
            "region_id": "text",
            "url": "text"
          }
        ]
      }
    ],
    "is_domain": true,
    "application_credential": {
      "id": "text",
      "name": "text",
      "restricted": true
    }
  }
}

Authenticate user and generate token

post

Authenticates an identity and generates a token. Uses various authentication methods including password, token, and multi-factor authentication.

Authorizations

X-Auth-TokenstringRequired

Authentication token obtained from the authentication service

Query parameters

nocatalogbooleanOptional

Excludes the service catalog from the authentication response

Body

Responses

201

Token created successfully

application/json

400

Some content in the request was invalid

application/json

401

Authentication failed or partial authentication (MFA)

application/json

403

Policy does not allow current user to do this operation

application/json

404

The requested resource could not be found

application/json

post

/auth/tokens

POST /keystone/v3/auth/tokens HTTP/1.1
Host: example.platform9.com
X-Auth-Token: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 194

{
  "auth": {
    "identity": {
      "methods": [
        "password"
      ],
      "password": {
        "user": {
          "id": "ee4dfb6e5540447cb3741905149d9b6e",
          "password": "devstacker"
        }
      }
    },
    "scope": {
      "project": {
        "id": "a6944d763bf64ee6a275f1263fae0352"
      }
    }
  }
}

{
  "token": {
    "methods": [
      "text"
    ],
    "user": {
      "id": "text",
      "name": "text",
      "description": "text",
      "enabled": true,
      "domain_id": "text",
      "domain": {
        "id": "text",
        "name": "text",
        "description": "text",
        "enabled": true,
        "links": {
          "self": "text",
          "previous": "text",
          "next": "text"
        },
        "options": {}
      },
      "default_project_id": "text",
      "email": "text",
      "password_expires_at": "2025-12-19T16:21:32.773Z",
      "options": {},
      "links": {
        "self": "text",
        "previous": "text",
        "next": "text"
      }
    },
    "audit_ids": [
      "text"
    ],
    "expires_at": "2025-12-19T16:21:32.773Z",
    "issued_at": "2025-12-19T16:21:32.773Z",
    "project": {
      "id": "text",
      "name": "text",
      "description": "text",
      "enabled": true,
      "domain_id": "text",
      "domain": {
        "id": "text",
        "name": "text",
        "description": "text",
        "enabled": true,
        "links": {
          "self": "text",
          "previous": "text",
          "next": "text"
        },
        "options": {}
      },
      "parent_id": "text",
      "is_domain": true,
      "tags": [
        "text"
      ],
      "options": {},
      "links": {
        "self": "text",
        "previous": "text",
        "next": "text"
      }
    },
    "domain": {
      "id": "text",
      "name": "text",
      "description": "text",
      "enabled": true,
      "links": {
        "self": "text",
        "previous": "text",
        "next": "text"
      },
      "options": {}
    },
    "system": {
      "all": true
    },
    "roles": [
      {
        "id": "text",
        "name": "text",
        "description": "text",
        "domain_id": "text",
        "options": {},
        "links": {
          "self": "text",
          "previous": "text",
          "next": "text"
        }
      }
    ],
    "catalog": [
      {
        "id": "text",
        "type": "text",
        "name": "text",
        "endpoints": [
          {
            "id": "text",
            "interface": "public",
            "region": "text",
            "region_id": "text",
            "url": "text"
          }
        ]
      }
    ],
    "is_domain": true,
    "application_credential": {
      "id": "text",
      "name": "text",
      "restricted": true
    }
  }
}

Revoke token

delete

Revokes a token, making it immediately invalid

Authorizations

X-Auth-TokenstringRequired

Authentication token obtained from the authentication service

Header parameters

X-Auth-TokenstringRequired

A valid authentication token

X-Subject-TokenstringRequired

The authentication token to validate

Responses

204

Token revoked successfully

400

Some content in the request was invalid

application/json

401

User must authenticate before making a request

application/json

403

Policy does not allow current user to do this operation

application/json

404

The requested resource could not be found

application/json

delete

/auth/tokens

DELETE /keystone/v3/auth/tokens HTTP/1.1
Host: example.platform9.com
X-Auth-Token: text
X-Subject-Token: text
Accept: */*

No content

Validate token (no response body)

head

Validates a token without returning a response body

Authorizations

X-Auth-TokenstringRequired

Authentication token obtained from the authentication service

Query parameters

allow_expiredbooleanOptional

Allow fetching a token that has expired

Header parameters

X-Auth-TokenstringRequired

A valid authentication token

X-Subject-TokenstringRequired

The authentication token to validate

Responses

200

Token is valid

No content

400

Some content in the request was invalid

application/json

401

User must authenticate before making a request

application/json

403

Policy does not allow current user to do this operation

application/json

404

The requested resource could not be found

application/json

head

/auth/tokens

HEAD /keystone/v3/auth/tokens HTTP/1.1
Host: example.platform9.com
X-Auth-Token: text
X-Subject-Token: text
Accept: */*

No content

Get service catalog

get

Returns a service catalog for the provided token

Authorizations

X-Auth-TokenstringRequired

Authentication token obtained from the authentication service

Header parameters

X-Auth-TokenstringRequired

A valid authentication token

Responses

200

Service catalog retrieved successfully

application/json

400

Some content in the request was invalid

application/json

401

User must authenticate before making a request

application/json

403

Policy does not allow current user to do this operation

application/json

404

The requested resource could not be found

application/json

get

/auth/catalog

GET /keystone/v3/auth/catalog HTTP/1.1
Host: example.platform9.com
X-Auth-Token: text
Accept: */*

{
  "catalog": [
    {
      "id": "text",
      "type": "text",
      "name": "text",
      "endpoints": [
        {
          "id": "text",
          "interface": "public",
          "region": "text",
          "region_id": "text",
          "url": "text"
        }
      ]
    }
  ],
  "links": {
    "self": "text",
    "previous": "text",
    "next": "text"
  }
}

List available tenants

get

Returns the list of tenants that are available to be scoped to

Authorizations

X-Auth-TokenstringRequired

Authentication token obtained from the authentication service

Header parameters

X-Auth-TokenstringRequired

A valid authentication token

Responses

200

Tenants listed successfully

application/json

400

Some content in the request was invalid

application/json

401

User must authenticate before making a request

application/json

403

Policy does not allow current user to do this operation

application/json

404

The requested resource could not be found

application/json

get

/auth/projects

GET /keystone/v3/auth/projects HTTP/1.1
Host: example.platform9.com
X-Auth-Token: text
Accept: */*

{
  "projects": [
    {
      "id": "text",
      "name": "text",
      "description": "text",
      "enabled": true,
      "domain_id": "text",
      "domain": {
        "id": "text",
        "name": "text",
        "description": "text",
        "enabled": true,
        "links": {
          "self": "text",
          "previous": "text",
          "next": "text"
        },
        "options": {}
      },
      "parent_id": "text",
      "is_domain": true,
      "tags": [
        "text"
      ],
      "options": {},
      "links": {
        "self": "text",
        "previous": "text",
        "next": "text"
      }
    }
  ],
  "links": {
    "self": "text",
    "previous": "text",
    "next": "text"
  }
}

List available domains

get

Returns the list of domains that are available to be scoped to

Authorizations

X-Auth-TokenstringRequired

Authentication token obtained from the authentication service

Header parameters

X-Auth-TokenstringRequired

A valid authentication token

Responses

200

Domains listed successfully

application/json

400

Some content in the request was invalid

application/json

401

User must authenticate before making a request

application/json

403

Policy does not allow current user to do this operation

application/json

404

The requested resource could not be found

application/json

get

/auth/domains

GET /keystone/v3/auth/domains HTTP/1.1
Host: example.platform9.com
X-Auth-Token: text
Accept: */*

{
  "domains": [
    {
      "id": "text",
      "name": "text",
      "description": "text",
      "enabled": true,
      "links": {
        "self": "text",
        "previous": "text",
        "next": "text"
      },
      "options": {}
    }
  ],
  "links": {
    "self": "text",
    "previous": "text",
    "next": "text"
  }
}

List available systems

get

Returns the list of systems that are available to be scoped to

Authorizations

X-Auth-TokenstringRequired

Authentication token obtained from the authentication service

Header parameters

X-Auth-TokenstringRequired

A valid authentication token

Responses

200

Systems listed successfully

application/json

400

Some content in the request was invalid

application/json

401

User must authenticate before making a request

application/json

get

/auth/system

GET /keystone/v3/auth/system HTTP/1.1
Host: example.platform9.com
X-Auth-Token: text
Accept: */*

{
  "system": [
    {
      "all": true
    }
  ],
  "links": {
    "self": "text",
    "previous": "text",
    "next": "text"
  }
}

PreviousModels NextCredentials

Last updated 14 days ago

Was this helpful?

Good afternoon

Validate and show token information

Authenticate user and generate token

Revoke token

Validate token (no response body)

Get service catalog

List available tenants

List available domains

List available systems