Constraints

All APIs of IAM can be called using the global region endpoint. Some APIs can be called using endpoints of both the global region and other regions (see Table 1), and other APIs can be called using only the global region endpoint.

Note

Tokens or temporary AKs/SKs obtained using domain names of all regions except the global region can only be used to access services in the same region.

Table 1 Global and region-specific APIs

Category

API URI

Link

Token Management

POST /v3/auth/tokens

Obtaining a User Token

Obtaining an Agency Token

Obtaining a Scoped Token

GET /v3/auth/tokens

Verifying a Token and Returning a Valid Token

Access Key Management

POST /v3.0/OS-CREDENTIAL/securitytokens

Obtaining a Temporary AK/SK

Services and Endpoints

GET /v3/services{?type}

Querying Services

GET /v3/endpoints{? interface, service_id}

Querying Endpoints

Version Information Management

GET /

Querying Keystone API Version Information

GET /v3

Querying Information About Keystone API Version 3.0

Project Management

GET /v3/auth/projects

Querying the List of Projects Accessible to Users

Tenant Management

GET /v3/auth/domains

Querying the List of Domains Accessible to Users

Federated Identity Authentication Management

GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth

Obtaining an Unscoped Token (SP Initiated)

POST /v3.0/OS-FEDERATION/tokens

IdP Initiated

GET /v3/OS-FEDERATION/projects

Querying the List of Projects Accessible to Federated Users

GET /v3/OS-FEDERATION/domains

Querying the List of Domains Accessible to Federated Users

GET /v3-ext/auth/OS-FEDERATION/SSO/metadata

Querying the Metadata File of Keystone