Delegated Login
Authenticates a user on behalf of a service account. This endpoint allows a service account to generate a user authentication token without requiring the user’s credentials. Use this operation when you want to authenticate users through your own identity provider while still using Delegated Signing within the IBM Digital Asset Haven platform.
The token returned by this endpoint can be used for read operations across the IBM Digital Asset Haven API. Write operations require the user to authorize the action by providing a User Action Signature.
- HTTP request
- POST /auth/login/delegated
- Authentication
-
Authentication Type Supported Organization User (CustomerEmployee) No Delegated User (EndUser) No Service Account Yes - Required permissions
- Auth:Login:Delegated.
- Authorization requirements
-
Header Type Required Description Authorizationstring Yes Bearer token used to authenticate the request. See Authentication flows for instructions on generating this token. X-DFNS-USERACTIONstring Yes User action signature used to authorize change-inducing requests. See User Action Signing flows for instructions on generating this signature. - Request body
-
Field Type Required Description usernamestring Yes The username of the user to authenticate. Must match an existing user within the organization. - Response
- 200: Success