Client authentication is provided via a ReST interface using the GET method, with v1.0
supplied as the path. Additionally, two headers are required, X-Auth-User
and X-Auth-Key
with values for the username and API Access Key respectively.
Each ReST request against the OpenStack Object Storage system requires the inclusion of a specific authorization token HTTP x-header, defined as X-Auth-Token
. Clients obtain this token, along with the Cloud Servers API URL, by first using an authentication service and supplying a valid username and API access key.
To authenticate, you must supply your username and API access key in x-headers:
-
Use your OpenStack Object Storage (Swift) username as the username for the API. Place it in the
X-Auth-User
x-header. -
Get your API access key from authentication service you chose when installing. You have some options for auth, including tempauth (which is included with Swift), swauth (an auth service for Swift as WSGI middleware that uses Swift itself as a backing store that is provided via download from Github), the OpenStack Identity Service (project named Keystone), or you can use your own authentication system. Place your access key in the
X-Auth-Key
x-header.
Example 2.1. Authentication HTTP Request
GET /v1.0 HTTP/1.1 Host: auth.api.yourcloud.com X-Auth-User: jdoe X-Auth-Key: a86850deb2742ec3cb41518e26aa2d89
When authentication is successful, an HTTP status 204 (No Content) is returned with the X-Storage-Url
and X-Auth-Token
headers. Any 2xx response is a good response. For example, a 202 response means the request has been accepted. Also, additional X-
headers may be returned. These additional headers are related to other Rackspace services and can be ignored. An HTTP status of 401 (Unauthorized) is returned upon authentication failure. All subsequent container/object operations against OpenStack Object Storage should be made against the URI specified in X-Storage-Url
and must include the X-Auth-Token
header.
Example 2.2. Authentication HTTP Response
HTTP/1.1 204 No Content Date: Mon, 12 Nov 2010 15:32:21 GMT Server: Apache X-Storage-Url: https://storage.swiftdrive.com/v1/CF_xer7_34 X-Auth-Token: eaaafd18-0fed-4b3a-81b4-663c99ec1cbb Content-Length: 0 Content-Type: text/plain; charset=UTF-8
The X-Storage-Url
will need to be parsed and used in the connection and request line of all subsequent requests against Object Storage. In the example response above, users connecting to OpenStack Object Storage would send most container/object requests with a host header ofstorage.swiftdrive.com
and the request line's version and account as /v1/CF_xer7_34
. Note that authentication tokens are valid for a 24 hour period for many authentication configurations.