Scyld Cloud Auth Documentation

Authentication API

All calls to the Scyld Cloud Auth API or other Scyld Cloud Management Services APIs require an authentication token to be included as the “X-Auth-Token” HTTP header. This token, when issued from Scyld Cloud Auth API is accompanied by an expiration timestamp, after which the token is no longer valid and a new token should be acquired.

To obtain an authentication token for use with the APIs, a user issues a call to /auth/request_token using their unique API key and API secret and HTTP-header based OAuth. This requires some manipulation of the HTTP headers; this is generally done using a library in the user’s programming language of choice.

/auth/request_token

This URL serves as the “Access Token URL” in the OAuth protocol definition. See OAuth protocol details or language-specific documentation. In order to use this, the user must have a valid API key and API secret. Only the superuser can initialize these user properties through an API call. Users should log into the web portal to set up their key and secret for the first time.

Required fields for OAuth request

  • oauth_consumer_key - User’s API key.
  • oauth_consumer_secret - User’s API secret.

Example:

Request Authorization Header:
OAuth oauth_nonce="K7ny27JTpKVsTgdyLdDfmQQWVLERj2zAK5BslRsqyw", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1300228849", oauth_consumer_key="my_api_key", oauth_signature="Qqr2BMLdv028fxCErFyi8KXFM%2BddU%3D", oauth_version="1.0"


Response, in JSON format:
{'authentication_token': 'ZUhwy4u5CVdjRISboetKTqgBMN81nfJ7',
 'expires_at_utc': '2012-06-11T20:52:04',
 'success': True}

/auth/verify_token

This method verifies the validity of an authentication token and its ownership by a particular user.

Request Parameters

  • auth_token - Required.
  • email or userid or (system_username and cloud_controller_id) - One of these identifiers is required.

A successful response will include a timestamp at which the token is due to expire.

Response Payload

  • userid - String uuid.
  • expires_at_utc - String.

Sample output for a call where the auth token was found to be valid::

{'data': {
    'expires_at_utc': '2012-10-20T20:55:28Z',
    'userid': 'cd32807f6913466e89d1aabcb3a40682'
 },
 'message': '',
 'success': True,
 'version': '0.99'}

/auth/login

Checks a username and password. This call is restricted to hosts listed in the application configuration file, as the “login_allowed.hosts” setting). Returns an authentication token on success as some hosts will use this token to forward to external applications.

Request Parameters

  • login - Required.
  • password - Required.

A successful response will include a timestamp at which the token is due to expire.

Response Payload

  • userid - String uuid.
  • email: String.
  • authentication_token: token.
  • expires_at_utc - String. Expiration timestamp for authentication token.

Sample output for a successful login::

{'data': {
    'authentication_token': 'rCZ1SKghFV0zExAylQe698cU5a3i2tpj',
    'email': 'msmith@gmail.com',
    'userid': 'cd32807f6913466e89d1aabcb3a40682',
    'expires_at_utc': '2012-10-20T20:55:28Z'
 },
 'message': '',
 'success': True,
 'version': '0.99'}