Delegated Login

Authenticates a user on behalf of a service account. This endpoint allows a service account to generate a user authentication token without requiring the user’s credentials. Use this operation when you want to authenticate users through your own identity provider while still using Delegated Signing within the IBM Digital Asset Haven platform.

The token returned by this endpoint can be used for read operations across the IBM Digital Asset Haven API. Write operations require the user to authorize the action by providing a User Action Signature.

HTTP request
POST /auth/login/delegated
Authentication
Authentication Type Supported
Organization User (CustomerEmployee) No
Delegated User (EndUser) No
Service Account Yes
Required permissions
Auth:Login:Delegated.
Authorization requirements
Header Type Required Description
Authorization string Yes Bearer token used to authenticate the request. See Authentication flows for instructions on generating this token.
X-DFNS-USERACTION string Yes User action signature used to authorize change-inducing requests. See User Action Signing flows for instructions on generating this signature.
Request body
Field Type Required Description
username string Yes The username of the user to authenticate. Must match an existing user within the organization.
Response
200: Success