Onedata API Reference

REST API references for Onezone, Oneprovider, and Onepanel.

Version:

Onezone REST API Oneprovider REST API Onepanel REST API

Version:

Verify an access token

POST /tokens/verify_access_token

Verifies an access token provided in serialized form. Upon success, returns the token's subject.

Optionally, contextual information that may be required to verify token caveats can be provided in the request body: IP address of the token bearer, identity token of the service which is handling the request, consumer's identity token, interface to which the token bearer has connected and information if data access caveats should be allowed in the token.

If the token cannot be positively verified, HTTP code 4xx is returned with an error describing the reason of failure.

This operation has public access.

Example cURL requests

Verify an access token

curl -d '{"token": "MDAxNmxvY2F00aW9uIHZ2...", "peerIp": "38.190.241.12"}' \
-H 'Content-type: application/json' \
https://$HOST/api/v3/onezone/tokens/verify_access_token

Request body

application/json

The token to be verified and optionally peer's IP address.

Property	Type & Description
token string (SerializedToken) The token in serialized form.
peerIp string The IP address of the token bearer.
serviceToken string (SerializedToken) Identity token of the service that is processing the token being verified.
consumerToken string (SerializedToken) Identity token of the consumer that wishes to use the token being verified.
interface string The interface to which the token bearer has connected as seen by the verifying party. Enum: restoneclientgraphsync
allowDataAccessCaveats boolean Indication if verifying party allows data access caveats in the token.

Request Examples

application/json

{
  "token": "MDAxNmxvY2F00aW9uIHJlZ2lzdHJ5CjAwM2JpZGVudGlmaW",
  "peerIp": "38.190.241.12",
  "serviceToken": "JKzmG9uZXpvbmUKMDAzYmlkZW50aWZpZXIgOEhmSEFSSGdr",
  "consumerToken": "MDAzYmlkZW50aWZpZXIgOEhmSEFSSGdrbHFCa1pWSTRsNk5",
  "interface": "rest",
  "allowDataAccessCaveats": false
}

Responses

application/json

200

Successful token verification result.

Property

Type & Description

subject

object (TokenPropertySubject)

The subject of the token - the user or Oneprovider in whose name the token was issued. The bearer (consumer) of the token adopts the subject's identity when accessing services with that token.

type string Type of the subject Enum: useroneprovider
id string Id of the subject

ttl

integer

Token's TTL in seconds (or null if infinite)

Example

application/json

{
  "subject": {
    "type": "user",
    "id": "1b510f18b3b05611871c0acdffa9aed4"
  },
  "ttl": 3600
}

400

Invalid request.

Property

Type & Description

error

object

Object describing an error.

id required string String identifying the error type. Does not change between error instances.
description required string Human readable error description. May contain information specific to given error instance.
details object Details about the error instance. The object schema is specific to each error type.

Example

application/json

{
  "error": {
    "id": "badValueString",
    "details": {
      "key": "name"
    },
    "description": "Bad value: provided \"name\" must be a string."
  }
}

401

Authentication error.

Property

Type & Description

error

object

Object describing an error.

id required string String identifying the error type. Does not change between error instances.
description required string Human readable error description. May contain information specific to given error instance.
details object Details about the error instance. The object schema is specific to each error type.

Example

application/json

{
  "error": {
    "id": "badValueString",
    "details": {
      "key": "name"
    },
    "description": "Bad value: provided \"name\" must be a string."
  }
}

403

Authorization error.

Property

Type & Description

error

object

Object describing an error.

id required string String identifying the error type. Does not change between error instances.
description required string Human readable error description. May contain information specific to given error instance.
details object Details about the error instance. The object schema is specific to each error type.

Example

application/json

{
  "error": {
    "id": "badValueString",
    "details": {
      "key": "name"
    },
    "description": "Bad value: provided \"name\" must be a string."
  }
}

404

Resource not found.

Property

Type & Description

error

object

Object describing an error.

id required string String identifying the error type. Does not change between error instances.
description required string Human readable error description. May contain information specific to given error instance.
details object Details about the error instance. The object schema is specific to each error type.

Example

application/json

{
  "error": {
    "id": "badValueString",
    "details": {
      "key": "name"
    },
    "description": "Bad value: provided \"name\" must be a string."
  }
}

500

Internal server Error.

Property

Type & Description

error

object

Object describing an error.

id required string String identifying the error type. Does not change between error instances.
description required string Human readable error description. May contain information specific to given error instance.
details object Details about the error instance. The object schema is specific to each error type.

Example

application/json

{
  "error": {
    "id": "badValueString",
    "details": {
      "key": "name"
    },
    "description": "Bad value: provided \"name\" must be a string."
  }
}