1.0 Overview
The method used to configure authentication varies depending on what type of authentication you wish to perform. More details can be found here authentication.
Every authentication creates a session that grants a bearer token which can be passed for any other API requests. Please note that the bearer token expires if the session remains inactive for a long period of time. Please check with Fortanix DSM admin for the expiration values. By default, user sessions expire after 24 hours and app sessions expire after 10 min if remained idle.
The sample code below authenticates using provided credentials and then saves the bearer token in the API Client for subsequent use by other API requests.
2.0 User Authentication
This example describes user authentication using a user’s email and password.
NOTE
If a user is part of multiple accounts, you must first select a particular account, before proceeding to key management operations.
How to get account Id: Go to Account Settings. Copy the Account ID displayed on the right.
Figure 1: Account ID
C#
Configuration.Default.BasePath = ""<Endpoint URL>";
Configuration.Default.Username = <user email>;
Configuration.Default.Password = <user password>;
AuthenticationApi authenticationApi = new AuthenticationApi();
AuthResponse response = authenticationApi.Authorize();
Configuration.Default.AddApiKey("Authorization", response.AccessToken);
Configuration.Default.AddApiKeyPrefix("Authorization", "Bearer");
//Select account
SelectAccountRequest request = new SelectAccountRequest().acctId(<Account Id>);
authenticationApi.SelectAccount(request);Go
client := sdkms.Client{
Endpoint: "<Endpoint URL>",
HTTPClient: http.DefaultClient,
}
ctx := context.Background()
_, err := client. AuthenticateWithUserPass(ctx, <user email>, <user password>)
#Select account
request := sdkms.SelectAccountRequest {
AcctId: <Account Id>
}
_, err = client.SelectAccount(ctx, request)Java
ApiClient apiClient = new ApiClient();
apiClient.setBasePath(<Endpoint URL>);
apiClient.setUsername(<user email>);
apiClient.setPassword(<user password>);
AuthenticationApi authenticationApi = new AuthenticationApi(apiClient);
AuthResponse authResponse = authenticationApi.authorize();
ApiKeyAuth bearerTokenAuth = (ApiKeyAuth) apiClient.getAuthentication("bearerToken");
bearerTokenAuth.setApiKey(authResponse.getAccessToken());
bearerTokenAuth.setApiKeyPrefix("Bearer");
//Select account
SelectAccountRequest request = new SelectAccountRequest().acctId(<Account Id>);
authenticationApi.selectAccount(request);Python
config = sdkms.v1.Configuration()
config.host = "<Endpoint URL>"
config.username = <user email>
config.password = <user password>
client = sdkms.v1.ApiClient(configuration=config)
auth_instance = sdkms.v1.AuthenticationApi(api_client=client)
auth = auth_instance.authorize()
config.api_key['Authorization'] = auth.access_token
config.api_key_prefix['Authorization'] = 'Bearer'
#Select account
request = sdkms.v1.SelectAccountRequest(<account id>)
auth_instance.select_account(request)REST API using curl
$ curl <Endpoint URL>/sys/v1/session/auth -X POST -u <user email>:<user password>
{"token_type":"Bearer","expires_in":600,"access_token":"YhXwwa- 6C...L9kRxswmPZkEFQ2ig5g","entity_id":"7916b324-33a1-4a06-8778-59ec0492bb10"}
#select account
$ curl <Endpoint URL>/sys/v1/session/select_account -H 'Authorization: Bearer YhXwwa- 6C...L9kRxswmPZkEFQ2ig5g ' -d '{"acct_id": "<account id>"}'
#use the "access_token" as Bearer Auth in other API requests. E.g:
$ curl <Endpoint URL>/other_apis -H 'Authorization: Bearer YhXwwa- 6C...L9kRxswmPZkEFQ2ig5g ' ...