> CDS > Hedvig S3 Protocol-Compatible Object Storage User Guide > Security Tokens as AWS Secret Access Keys

Generating Security Tokens using the Hedvig REST API

The procedure for using the Hedvig REST API to generate security tokens is a simple set of curl commands.

Procedure

  1. Login to the Hedvig REST API.

    curl -G hedvig1.snc1.hedviginc.com/rest/ --data-urlencode "request={type:Login, category:UserManagement, params:{userName:'HedvigAdmin',password:'admin23', cluster:'cluster.hedviginc.com'}}" | python -m json.tool

  2. Get the session ID from the returned result.

    { "requestId": "5E7D8FD7-8390-C47E-3AAC-519C51AC5F79", "result": { "datacenters": [ { "dcname": "snc1" }, { "dcname": "snc2" }, { "dcname": "snc3" } ], "displayActivityLog": true, "displayName": "HedvigAdmin", "dualdc": true, "hcisetup": false, "primaryTenant": "Hedvig", "rackAware": true, "roles": { "Hedvig": "SuperUser" } "sessionId": "8a2f0b5656d299f9b5899c6e9a908769", "userName": "HedvigAdmin", }, "status": "ok", "type": "Login
}

  3. Send a security token.

    curl -X PUT <storage node>/rest/  --data-urlencode "request={type:SendSecurityToken,category:UserManagement,sessionId: '8a2f0b5656d299f9b5899c6e9a908769',params:{tenant:'Hedvig',userName:'HedvigAdmin'}}" | python -m json.tool
{ "requestId": "BE10F116-B503-9871-4EC5-E9924CF62041", "status": "ok", "type": "SendSecurityToken" "securitytoken": "RLdautVLuQ08oewLV8y0BFcOrr8D6Dj7Ws2cqbVa", "user" : “HedvigAdmin”
}

  4. Get a security token.

    curl -X PUT <storage node>/rest/  --data-urlencode "request={type:ManageSecurityTokens,category:UserManagement,sessionId:'8a2f0b5656d299f9b5899c6e9a908769',params:{tenant:'Hedvig',userName:'HedvigAdmin', "SecurityTokenOpType":"get"}}" | python -m json.tool
{ "requestId": "4E9B61D9-A796-C67F-201D-7106C6BB15D6", "result": [ { "dateCreated": 450591, "id": 7, "securityToken": "fVxvOMk5al/N/lr/pNzAXdjqLaUG0vTnQpJkKErj", "state": "ACTIVE" } ], "status": "ok", "type": "ManageSecurityTokens"
}

  5. Set a security token.

    curl -X PUT <storage node>/rest/  --data-urlencode "request={type:ManageSecurityTokens,category:UserManagement,sessionId:'8a2f0b5656d299f9b5899c6e9a908769',params:{tenant:'Hedvig',userName:'HedvigAdmin', SecurityTokenOpType:"set", securityTokenInfo:{}}}" | python -m json.tool
{ "requestId": "0EB9B7EC-771A-B66B-A754-CF681F70090D", "status": "ok", "type": "ManageSecurityTokens"
}
curl -X PUT <storage node>/rest/  --data-urlencode "request={type:ManageSecurityTokens,category:UserManagement,sessionId:'8a2f0b5656d299f9b5899c6e9a908769',params:{tenant:'Hedvig',userName:'HedvigAdmin', SecurityTokenOpType:"get"}}" | python -m json.tool
{ "requestId": "7EC98D3C-F001-49AF-DA0D-12E082F0AEAA", "result": [ { "dateCreated": 450591, "id": 7, "securityToken": "fVxvOMk5al/N/lr/pNzAXdjqLaUG0vTnQpJkKErj", "state": "ACTIVE" }, { "dateCreated": 450952, "id": 11, "securityToken": "ZDhNOeOo6BYCtM7QLepV8LctvIm5PJXsF9bs7wg+", "state": "ACTIVE" } ], "status": "ok", "type": "ManageSecurityTokens"
}

    To set a self-generated security token, pass in the securityToken field in securityTokenInfo. If it is not set, Hedvig will auto-generate a new one for you.

    curl -X PUT <storage node>/rest/ --data-urlencode "request={type:ManageSecurityTokens,category:UserManagement,sessionId:'682e9b895ffd3d1839936f307fe31907',params:{tenant:'Hedvig',userName:'hedviguser', SecurityTokenOpType:"set",securityTokenInfo:{securityToken:'DcNASHNLYCqLyAfOmjpZWRPA7ReuzKP5uNSJWfoJ'}}}" | python -m json.tool

  6. Activate a security token.

    curl -X PUT <storage node>/rest/ --data-urlencode "request={type:ManageSecurityTokens,category:UserManagement,sessionId:'8a2f0b5656d299f9b5899c6e9a908769',params:{tenant:'Hedvig',userName:'HedvigAdmin', SecurityTokenOpType:"get"}}" | python -m json.tool
{ "requestId": "8209D2A1-F7BF-CE75-D4E8-C5A3E5E44D46", "result": [ { "dateCreated": 450952, "id": 11, "securityToken": "ZDhNOeOo6BYCtM7QLepV8LctvIm5PJXsF9bs7wg+", "state": "INACTIVE" }, { "dateCreated": 450962, "id": 12, "securityToken": "Utgm/3bt/Tf2mpevN/3RTxoaGLN2aaPbmtJ3egnu", "state": "ACTIVE" } ], "status": "ok", "type": "ManageSecurityTokens"
}
curl -X PUT <storage node>/rest/ --data-urlencode "request={type:ManageSecurityTokens,category:UserManagement,sessionId:'8a2f0b5656d299f9b5899c6e9a908769',params:{tenant:'Hedvig',userName:'HedvigAdmin', SecurityTokenOpType:"activate",securityTokenInfo:{id=11}}}"
{ "requestId": "AA2F8A5D-3A08-FF79-E0AD-D946FA2E224D", "status": "ok", "type": "ManageSecurityTokens"
}
curl -X PUT <storage node>/rest/ --data-urlencode "request={type:ManageSecurityTokens,category:UserManagement,sessionId:'8a2f0b5656d299f9b5899c6e9a908769',params:{tenant:'Hedvig',userName:'HedvigAdmin', SecurityTokenOpType:"get"}}" | python -m json.tool
{ "requestId": "9E09ED96-A45B-86E3-0778-7122749F895B", "result": [ { "dateCreated": 450952, "id": 11, "securityToken": "ZDhNOeOo6BYCtM7QLepV8LctvIm5PJXsF9bs7wg+", "state": "ACTIVE" }, { "dateCreated": 450962, "id": 12, "securityToken": "Utgm/3bt/Tf2mpevN/3RTxoaGLN2aaPbmtJ3egnu", "state": "ACTIVE" } ], "status": "ok", "type": "ManageSecurityTokens"
}

  7. Deactivate a security token.

    curl -X PUT <storage node>//rest/  --data-urlencode "request={type:ManageSecurityTokens,category:UserManagement,sessionId:'8a2f0b5656d299f9b5899c6e9a908769',params:{tenant:'Hedvig',userName:'HedvigAdmin', SecurityTokenOpType:"deactivate", securityTokenInfo:{id:7}}}" | python -m json.tool
{ "requestId": "7BB20F7E-EA8B-9712-6297-EA5906F96843", "status": "ok", "type": "ManageSecurityTokens"
}
curl -X PUT <storage node>//rest/  --data-urlencode "request={type:ManageSecurityTokens,category:UserManagement,sessionId:'8a2f0b5656d299f9b5899c6e9a908769',params:{tenant:'Hedvig',userName:'HedvigAdmin', SecurityTokenOpType:"get"}}" | python -m json.tool
{ "requestId": "43BA36F0-31C7-5389-079B-BEEF5BEA752E", "result": [ { "dateCreated": 450591, "id": 7, "securityToken": "fVxvOMk5al/N/lr/pNzAXdjqLaUG0vTnQpJkKErj", "state": "INACTIVE" }, { "dateCreated": 450952, "id": 11, "securityToken": "ZDhNOeOo6BYCtM7QLepV8LctvIm5PJXsF9bs7wg+", "state": "ACTIVE" } ], "status": "ok", "type": "ManageSecurityTokens"
}

  8. Delete a Security Token.

    curl -X PUT <storage node>//rest/  --data-urlencode "request={type:ManageSecurityTokens,category:UserManagement,sessionId:'8a2f0b5656d299f9b5899c6e9a908769',params:{tenant:'Hedvig',userName:'HedvigAdmin', SecurityTokenOpType:"delete", securityTokenInfo:{id:7}}}" | python -m json.tool
{ "requestId": "AFCB4776-1901-A845-FBAA-25B8FD7614B0", "status": "ok", "type": "ManageSecurityTokens"
}
curl -X PUT <storage node>/rest/  --data-urlencode "request={type:ManageSecurityTokens,category:UserManagement,sessionId:'8a2f0b5656d299f9b5899c6e9a908769',params:{tenant:'Hedvig',userName:'HedvigAdmin', SecurityTokenOpType:"get"}}" | python -m json.tool
{ "requestId": "C3498E1F-D6E7-91A3-D2C3-D5091A6CFAB7", "result": [ { "dateCreated": 450952, "id": 11, "securityToken": "ZDhNOeOo6BYCtM7QLepV8LctvIm5PJXsF9bs7wg+", "state": "ACTIVE" } ], "status": "ok", "type": "ManageSecurityTokens"
}

Loading...