Chapter 2. General API Information
2.1. Authentication
The OpenShift API supports multiple authentication mechanisms, including Basic Authentication and authorization tokens.
Basic Authentication
With Basic Authentication a client is required to send the user name and password, separated by a colon, with all requests to correctly authenticate. This string is encoded with Base64 algorithm and transmitted in the HTTP authorization header in the following formats.
- Ruby
require 'base64' base64string = Base64.encode64("#{username}:#{password}").strip headers = { "Authorization" => "Basic #{base64string}" }
- Python
import base64 base64string = base64.encodestring('%s:%s' % (username, password))[:-1] request.add_header("Authorization", "Basic %s" % base64string)
- cURL
- The cURL library supports basic authentication using the
--useroption, as shown in the following example.$
curl https://openshift.redhat.com/broker/rest/user --user user@example.com
Authorization Tokens
You can also use authorization tokens to authenticate with the remote server instead of your user name and password. However, before you can use an authorization token you must first create one with the appropriate scope option. See Chapter 6, Authorizations for more information on creating and managing authorization tokens.
When you have an authorization token, you can substitute it in place of your login credentials, as shown in the following format:
$ curl https://openshift.redhat.com/broker/rest/user -H "Authorization: Bearer token_id"
Example 2.1. cURL Command with Authorization Token
The following example shows a REST call to delete an application using an authorization token for authentication instead of a user name and password.
curl -X DELETE https://openshift.redhat.com/broker/rest/application/5406971c5973ca2a7f0000c6 -H "Authorization: Bearer 14fc97947174a911c3d1154aa846197cbc18ad550d7ad1cdd58aab105e65783a"
