Authentication

Disable elevated permissions

Disables elevated permissions for the user.

Request

DELETE /api/v1/users/auth/_elevate

Responses

200
(TokenResponse) The elevated permissions are disabled and the authorization token was generated
401
(BasicFailedReply) The authentication token is invalid or expired.
501
(BasicFailedReply) You need to configure the authentication cluster.
503
(BasicFailedReply) The authentication cluster failed to process the request. The response body contains details about the error
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XDELETE {{hostname}}/api/v1/users/auth/_elevate \
-u $CLOUD_USER:$CLOUD_KEY

Enable elevated permissions

Enables the elevated permissions for the current user. Elevated permissions allow the user to complete potentially destructive operations on clusters. Elevated permissions are available for a limited period of time and automatically expire if you do not renew them

Request

POST /api/v1/users/auth/_elevate

Request body

(ElevatePermissionsRequest) (required) The request for elevated permissions

Responses

200
(TokenResponse) Elevated permissions are enabled and the authorization token was generated.
400
(BasicFailedReply) Missed or invalid MFA token
401
(BasicFailedReply) The authentication token is invalid or expired.
501
(BasicFailedReply) You need to configure the authentication cluster.
503
(BasicFailedReply) The authentication cluster failed to process the request. The response body contains details about the error
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPOST {{hostname}}/api/v1/users/auth/_elevate \
-u $CLOUD_USER:$CLOUD_KEY \
-H 'Content-Type: application/json' \
-d '
{
   "token" : "string"
}
'

Login to ECE

Authenticates against available users.

Request

POST /api/v1/users/auth/_login

Request body

(LoginRequest) (required) The login request

Responses

200
(TokenResponse) Login successful, returns the token in the body (if 'login_state.path' not specified)
302
Redirects to '/sso/token#BEARER_TOKEN?state=LOGIN_STATE' with the fragment containing a bearer token (if 'login_state.path' is specified)
400
(BasicFailedReply) The authentication cluster returned an error
501
(BasicFailedReply) You need to configure the authentication cluster.
503
(BasicFailedReply) The authentication cluster failed to process the request. The response body contains details about the error
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPOST {{hostname}}/api/v1/users/auth/_login \
-u $CLOUD_USER:$CLOUD_KEY \
-H 'Content-Type: application/json' \
-d '
{
   "login_state" : {
      "path" : "string"
   },
   "password" : "string",
   "username" : "string"
}
'

Refresh authentication token

Issues a new authentication token

Request

POST /api/v1/users/auth/_refresh

Responses

200
(TokenResponse) The token refreshed successfully and was returned in the body of the response.
401
(BasicFailedReply) The authentication token is invalid or expired.
501
(BasicFailedReply) You need to configure the authentication cluster.
503
(BasicFailedReply) The authentication cluster failed to process the request. The response body contains details about the error
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPOST {{hostname}}/api/v1/users/auth/_refresh \
-u $CLOUD_USER:$CLOUD_KEY

Available authentication methods

Provides information about available authentication methods.

Request

GET /api/v1/users/auth/methods

Responses

200
(AvailableAuthenticationMethods) Available authentication methods response
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XGET {{hostname}}/api/v1/users/auth/methods \
-u $CLOUD_USER:$CLOUD_KEY

SAML callback

Accepts a callback request from an identity provider and authenticates the user

Request

POST /api/v1/users/auth/saml/_callback

Form Parameters

Name Type Required Description

RelayState

string

N

The optional relay state that the API (service provider) sent to the identity provider.

SAMLResponse

string

Y

A message issued by the identity provider to the service provider

Responses

302
Redirects to the UI endpoint with an authorization token in the fragment and the relay state, if it was specified during the initialization.
501
(BasicFailedReply) You need to configure the authentication cluster.
503
(BasicFailedReply) The authentication cluster failed to process the request. The response body contains details about the error
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPOST {{hostname}}/api/v1/users/auth/saml/_callback \
-u $CLOUD_USER:$CLOUD_KEY

Initiate SAML protocol

Calls the authentication cluster to initiate SAML Single Sign-on (Web Browser SSO profile) protocol and redirects the user to the identity provider for authentication. The authentication cluster must be configured prior to initiation.

Request

GET /api/v1/users/auth/saml/_init

Query parameters

Name Type Required Description

state

string

N

An optional relay state that is sent back to the client after the user is authenticated

Responses

302
Redirects the client to the identity provider with a SAML authentication request
501
(BasicFailedReply) You need to configure the authentication cluster.
503
(BasicFailedReply) The authentication cluster failed to process the request. The response body contains details about the error
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XGET {{hostname}}/api/v1/users/auth/saml/_init \
-u $CLOUD_USER:$CLOUD_KEY