Platform user API keys

An API key is a unique code that is passed in to an API to identify the calling application or user. They are used to track and control how the API is being used, for example, to prevent malicious use or abuse of the API. API keys often act as both unique identifiers and tokens for authentication. API keys have a set of access rights specific to the identity associated with them. API keys that are specific to user are known as platform API keys.

To create and list platform API keys, provide the User access token in the authorization header and set boundTo to self.

<Cluster Master Host>:<Cluster Master API Port> are used to access the APIs. The parameters are defined in Master endpoints.

Create platform user API key

The sample curl command resembles the following code:

curl -k -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header "Authorization: Bearer $ACCESS_TOKEN" -d '{"name": "test_platform_apikey", "description": "Description for test platform apikey ","boundTo": "self"}' 'https://<Cluster Master Host>:<Cluster Master API Port>/iam-token/apikeys/'

The output resembles the following code:

Response:
{"metadata":{"uuid":"ApiKey-6050fa05-e591-427f-beea-565c5377b79d","crn":"crn:v1:icp:private:iam-identity::::apikey:ApiKey-6050fa05-e591-427f-beea-565c5377b79d","createdAt":"2018-08-13T07:38+0000","modifiedAt":"2018-08-13T07:38+0000"},"entity":{"name":"test_platform_apikey","description":"Description for test platform apikey ","boundTo":"crn:v1:icp:private:iam-identity:::IBMid:user:ravi","format":"APIKEY","apiKey":"Oy2nk5QS93sXxccWjt8o38nUrO383_PZ7AnOSZOb26gY"}}

List platform API key that is bound to a CRN

The sample curl command resembles the following code:

curl -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $ACCESS_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/iam-token/apikeys/?boundTo=self'

The output resembles the following code:

Response:
{"currentPage":1,"pageSize":20,"items":[{"metadata":{"uuid":"ApiKey-6050fa05-e591-427f-beea-565c5377b79d","crn":"crn:v1:icp:private:iam-identity::::apikey:ApiKey-6050fa05-e591-427f-beea-565c5377b79d","createdAt":"2018-08-13T07:38+0000","modifiedAt":"2018-08-13T07:38+0000"},"entity":{"name":"test_platform_apikey","description":"Description for test platform apikey ","boundTo":"crn:v1:icp:private:iam-identity:::IBMid:user:ravi","format":"APIKEY","apiKey":"Oy2nk5QS93sXxccWjt8o38nUrO383_PZ7AnOSZOb26gY"}}]}

Update Platform API key

The sample curl command resembles the following code:

curl -k -X PUT -H 'Content-Type: application/json' -H 'Accept: application/json' -H "Authorization: Bearer $ACCESS_TOKEN" -d '{"name": "test_platform_apikey","description": "Updated description for test_platform_apikey"}' 'https://<Cluster Master Host>:<Cluster Master API Port>/iam-token/apikeys/ApiKey-6050fa05-e591-427f-beea-565c5377b79d'

The output resembles the following code:

Response:
{"metadata":{"uuid":"ApiKey-6050fa05-e591-427f-beea-565c5377b79d","crn":"crn:v1:icp:private:iam-identity::::apikey:ApiKey-6050fa05-e591-427f-beea-565c5377b79d","createdAt":"2018-08-13T07:38+0000","modifiedAt":"2018-08-13T08:55+0000"},"entity":{"name":"test_platform_apikey","description":"Updated Description for test_platform_apikey","boundTo":"crn:v1:icp:private:iam-identity:::IBMid:user:ravi","format":"APIKEY","apiKey":"Oy2nk5QS93sXxccWjt8o38nUrO383_PZ7AnOSZOb26gY"}}

Delete platform API key

The sample curl command resembles the following code:

curl -k -X DELETE -H 'Accept: application/json' -H "Authorization: Bearer $ACCESS_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/iam-token/apikeys/ApiKey-1c40ff8e-5b33-441e-b06f-d5cb89cd1a88'

The output resembles the following code:

Response:
no content
Response Code: 204

Introspect platform API key

The sample curl command resembles the following code:

curl -k -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' -d 'apikey=Oy2nk5QS93sXxccWjt8o38nUrO383_PZ7AnOSZOb26gY' 'https://<Cluster Master Host>:<Cluster Master API Port>/iam-token/oidc/introspect'

The output resembles the following code:

Response:
{"active":true,"iss":"https://<cluster_ca_domain>:10443/oidc/token","realmId":"IBMid","sub":"ravi","account":{},"scope":"openid","client_id":"default","grant_type":"urn:ibm:params:oauth:grant-type:apikey"}

Retrieve token from platform API key

The sample curl command resembles the following code:

curl -k -X POST -H "Content-Type: application/x-www-form-urlencoded" -H "Accept: application/json" -d 'grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey=Oy2nk5QS93sXxccWjt8o38nUrO383_PZ7AnOSZOb26gY&response_type=cloud_iam' 'https://<Cluster Master Host>:<Cluster Master API Port>/iam-token/oidc/token'

The output resembles the following code:

Response:
{"access_token":"eyJraWQiOiIyMDE3MDUxNS0wMDowMDowMCIsImFsZyI6IlJTMjU2In0.eyJyZWFsbWlkIjoiSUJNaWQiLCJzdWIiOiJyYXZpIiwiaWF0IjoxNTM0MTUwOTU3LCJleHAiOjE1MzQyMzczNTcsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0OjEwNDQzL29pZGMvdG9rZW4iLCJncmFudF90eXBlIjoidXJuOmlibTpwYXJhbXM6b2F1dGg6Z3JhbnQtdHlwZTphcGlrZXkiLCJzY29wZSI6Im9wZW5pZCIsImNsaWVudF9pZCI6ImRlZmF1bHQifQ.eQGgLevdKu7ZTpKKO4bJP2MHDJDTxNmpDNTYLYBepN-48xZmk0l-3CTd3YC71y9Ve-UNUn5qL9m-B6G25sBc5KmyW2ZU7DS6MKeLrE9-bI-HVp9GhNJ5DC06TSxCM6zcS26YqM1GXpqxOSTINgm7L9rKN10n9uYwszccha12bVR5ctLtrD8_5er1OaugKewgfXOWR8g1gwljwmms2FMnp72wE3DynwG16Bzon7U8FzC4YBmh4mFAHMc7C10553jLoOBMf7iq_3Yj4dNRegZhVpYQBC97A1vatODoNkrXbcuBtA9ujJ4dzLj76Lam5c_iLTGbjTnwkgcALEUXjCv7kQ","refresh_token":"f-3Mv3cPfhQzMVsBNlzjANu-ltpbVAhMbEGG_5Rwb-wnl0oEeuHhVT5XpfermzmJILSejwUIx0ncMO5ollt2uI-ZPG7dm_Lu3GAnlyPUMQKV72BMxUZsaLNDTTsbKRR_1vDwl9Uwix9EmX58on6WYiZ-hswb0_gz6wt1-OgXVYp8P4zoDIkovrl2DgANkv3k1Q_MW8lul3eJrlzQxZmm61lJ74ixxPdl0yTNndsq3bRWJPafbIs60ikitTt4Cu2BumUbHFqjKGq8l7rih9342HIHWf31jrpALKco5w-K4uWymG3VOT2SzdIj8R_ICofH2AFxwxbTYEXXPo7kzSxQx0ZI1R7rqYSW5x_hJ1_E40_XjjWyF29N-z4TIxuuG1NaARnoxrk3FopO2H4zEQOJYGMGIutCTHVQVLLWZeQK1AwoV8CyotluqT1maKk48P6ms1tTOhGLIqw64cgJUSRuL393tkqR3GvsgQgtPCQ5FPQBo2AkVfZzgZvaQLP6yHspku0zludQ1S3PE9aNVryf3_BnnZO0_6AcI-4cFiu2SiUNKQ==","token_type":"Bearer","expires_in":86400,"expiration":1534237357}

Introspect IAM access token

The sample curl command resembles the following code:

curl -k -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' -d 'token=eyJraWQiOiIyMDE3MDUxNS0wMDowMDowMCIsImFsZyI6IlJTMjU2In0.eyJyZWFsbWlkIjoiSUJNaWQiLCJzdWIiOiJyYXZpIiwiaWF0IjoxNTM0MTUwOTU3LCJleHAiOjE1MzQyMzczNTcsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0OjEwNDQzL29pZGMvdG9rZW4iLCJncmFudF90eXBlIjoidXJuOmlibTpwYXJhbXM6b2F1dGg6Z3JhbnQtdHlwZTphcGlrZXkiLCJzY29wZSI6Im9wZW5pZCIsImNsaWVudF9pZCI6ImRlZmF1bHQifQ.eQGgLevdKu7ZTpKKO4bJP2MHDJDTxNmpDNTYLYBepN-48xZmk0l-3CTd3YC71y9Ve-UNUn5qL9m-B6G25sBc5KmyW2ZU7DS6MKeLrE9-bI-HVp9GhNJ5DC06TSxCM6zcS26YqM1GXpqxOSTINgm7L9rKN10n9uYwszccha12bVR5ctLtrD8_5er1OaugKewgfXOWR8g1gwljwmms2FMnp72wE3DynwG16Bzon7U8FzC4YBmh4mFAHMc7C10553jLoOBMf7iq_3Yj4dNRegZhVpYQBC97A1vatODoNkrXbcuBtA9ujJ4dzLj76Lam5c_iLTGbjTnwkgcALEUXjCv7kQ' 'https://<Cluster Master Host>:<Cluster Master API Port>/iam-token/oidc/introspect'

The output resembles the following code:

Response:
{"active":true,"iss":"https://<cluster_ca_domain>:10443/oidc/token","realmId":"IBMid","sub":"ravi","account":{},"scope":"openid","client_id":"default","iat":1531117013,"exp":1531203413,"grant_type":"urn:ibm:params:oauth:grant-type:apikey"}