Bearer tokens
The bearer token is a JWT payload that securely transfers files as a JSON object. A trusted authority that can create JWT can be used to create Bearer Tokens that the Node API can validate to allow Node user authentication. A bearer token is created from an access key ID, access key secret, and an SSL private-public key pair. Bearer token authentication is required for transfers to and from IBM Aspera on Cloud.
- To create a bearer token for testing, use the asnodedadmin tool with the
minimum required data. Admin or root permissions are needed to run commands. If no SSL key file is
provided, the tool asks if you want to create one and prompt for the file name.
Run the following command:
The bearer token is returned in standard output.The following table has the options that are required and the description of each option:Option Required Type Description --bearer-createRequired Command to create a bearer token. --user-idRequired. When creating a bearer token for a user String The /permissions endpoint uses a user_idoption to manage file system and transfer access for the user.--group-idsRequired. When creating a bearer token for a group String The /permissions endpoint uses a user_idoption to manage file system and transfer access for the user.--scope-roleRequired String The access level of the bearer token. Value can be admin (default) or user. admin can change the access key configuration, but user cannot.--access-keyRequired String The ID of the access key that is used to create the bearer token. - When the bearer token is created, set it as the environment variable
ASPERA_SCP_TOKEN. Keep Bearer and add your token to run the
command.
# export ASPERA_SCP_TOKEN="Bearer eJwlysmuolgAgOE9T1FxS1Uz..." - To transfer files by using ascp commands, specify the access key ID that is
associated with the token, and the root file ID for the transfer by using JSON syntax in the
ascp command. For
example,
# ascp --tags='{"aspera":{"node":{"access_key":"access_key_id","file_id":"1"}}}' src user@hostame:/