Versions Compared

Old Version 6

changes.mady.by.user Kyle Miller

Saved on

compared with

New Version Current

changes.mady.by.user Bala Harish A(AC)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel2
outlinefalse
typelist
printablefalse

Token Essentials

In addition to HTTP Basic authentication, Gateway allows configuring token-based authentication. Token-based authentication works in two steps:

  1. Request a token, by using HTTP Basic authentication to perform a one-time authentication within the Management API or to a special URI path in the Storage API.

  2. Submit this token on all subsequent requests as proof of the user's credentials.

Tokens have these characteristics:

  • Ownership.: They are always owned by the user who created them, except for tokens created by the token administrator.

  • Expiration.: They expire at a fixed time after creation; default is 24 hours.

  • S3 key.Key: They may contain an optional secret access key for use with the S3 protocol.

  • Deletion.: Both the owner and the token administrator can list and delete the owner's active tokens.

See Token-Based Authentication.

Infotip

Best

practices

Practice

  • Token behavior cannot be selectively restricted (such as to work for specific actions or in specific domains/buckets). Prevent sharing of tokens with untrusted users/clients, as with any credentials.

  • Fully qualify the names of any token administrators (such as caringoadmin@ or caringoadmin+acmetenant) defined in an IDSYS document to avoid ambiguity when multiple IDSYS are used.

Accessing Tokens

Tokens can be accessed under the gear icon, which appears in the title bar of all tenants and domains (not buckets):

...

Creating Tokens

The default owner and expiration date can be overridden, as well as choosing to enable the S3 Secret Key when creating a token manually (for the current tenant or domain):

...

Info

Important

The S3 Secret Key for the token must be copied from the Success message before closing it: for security reasons, the S3 Secret Key is not displayed in the Content UI after this point. 

...

Infotip

Best

practice

Practice

Delete the token and create a new one so security is not compromised if S3 Secret Key is lost. 

See Integrating S3 ApplicationsApplication Integration.

Managing Tokens

The UI lists all valid tokens, whether created here or programmatically, by the Management API. As soon as a token expires, it no longer appears in the listing and count of tokens.

...

Double-click a token to view the properties and, optionally, delete it:

...

Infonote

Caution

Tokens cannot be restored if deleted through this interface. 

...