Table of Contents | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
Token Essentials
In addition to HTTP Basic authentication, Gateway allows configuring token-based authentication. Token-based authentication works in two steps:
Request a token, by using HTTP Basic authentication to perform a one-time authentication within the Management API or to a special URI path in the Storage API.
Submit this token on all subsequent requests as proof of the user's credentials.
Tokens have these characteristics:
Ownership.: They are always owned by the user who created them, except for tokens created by the token administrator.
Expiration.: They expire at a fixed time after creation; default is 24 hours.
S3 key.Key: They may contain an optional secret access key for use with the S3 protocol.
Deletion.: Both the owner and the token administrator can list and delete the owner's active tokens.
See Token-Based Authentication.
Infotip |
---|
BestpracticesPractice
|
Accessing Tokens
Tokens can be accessed under the gear icon, which appears in the title bar of all tenants and domains (not buckets):
...
Creating Tokens
The default owner and expiration date can be overridden, as well as choosing to enable the S3 Secret Key when creating a token manually (for the current tenant or domain):
...
Info |
---|
ImportantThe S3 Secret Key for the token must be copied from the Success message before closing it: for security reasons, the S3 Secret Key is not displayed in the Content UI after this point. |
...
Infotip |
---|
BestpracticePracticeDelete the token and create a new one so security is not compromised if S3 Secret Key is lost. |
See Integrating S3 ApplicationsApplication Integration.
Managing Tokens
The UI lists all valid tokens, whether created here or programmatically, by the Management API. As soon as a token expires, it no longer appears in the listing and count of tokens.
...
Double-click a token to view the properties and, optionally, delete it:
...
Infonote |
---|
CautionTokens cannot be restored if deleted through this interface. |
...