Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > Guides > RightScale API 1.5 > Examples > OAuth

OAuth

icon_curl_v1.png   File:12-Guides/03-RightScale_API/OAuth/icon_powershell_v1.png

Table of Contents

Overview

OAuth-compatible authentication and authorization supports a password-less Dashboard user that can log into the API and make authenticated requests. This feature is currently in public beta. Please contact support with any issues.

With OAuth, you can make authenticated API 1.0 and 1.5 requests without needing a password and can be disabled at any time without changing your password.

Obtaining an OAuth Grant

Follow the steps below to enable OAuth:

  1. Make sure you're in the account you want to enable with OAuth.
  2. Go to SettingsAccount Settings > API Credentials.
  3. In Status, click enable.
  4. Obtain the API refresh token in order to make API requests without logging in. It's important that this token is protected.
     

Note: The hostname of the "Token Enpoint (API 1.5)" may vary between RightScale accounts depending on the geographical region in which each account is hosted. Make sure to use the correct endpoint for your account when making API request, both OAuth and otherwise. 

Curl

Obtaining an API Access Token

Note: The following examples use API 1.5.

Example Call
#Obtain these values from the 'Settings > Account > API Credentials' page 
my_token_endpoint="https://my.rightscale.com/api/oauth2"
my_refresh_token="0facab1a657fff56f3214ecf7eeeafbfe6084052"

curl --include \
  -H "X-API-Version:1.5" \
  --request POST "$my_token_endpoint" \
  -d "grant_type=refresh_token" \
  -d "refresh_token=$my_refresh_token"

 

Example Response

HTTP/1.1 200 OK 
Content-Type: application/json; charset=utf-8
Cache-Control: private, max-age=0, must-revalidate
Pragma: no-cache

{
  "access_token":"eNotkMuOg...8vf4A2GhbCA==",
  "expires_in":7200,
  "token_type":"bearer"
}
  • Make note of the access_token to use when requesting a resource. See below for an example of how this is done. 

 

Making an OAuth-Authorized API Request

Once you obtain your access token, incorporate it into your API requests.

Example Call

access_token="eNotkMuOg...8vf4A2GhbCA=="
 
curl --include \
     -H "X-API-Version:1.5" \
     -H "Authorization: Bearer $access_token" \
     --request GET "https://my.rightscale.com/api/deployments"

Example Response

HTTP/1.1 200 OK 
Content-Type: application/json; charset=utf-8


{...}

PowerShell

Obtaining an API Access Token

Note: The following examples use API 1.5.

Example Call

$oauthRefreshToken = "0facab1a657fff56f3214ecf7eeeafbfe6084052"

$oauthUrl = "https://my.rightscale.com/api/oauth2"

$postString = "grant_type=refresh_token;refresh_token=$oauthRefreshToken;"
$postBytes = [System.Text.Encoding]::UTF8.GetBytes($postString)

$httpRequest = [System.Net.WebRequest]::Create($oauthUrl)
$httpRequest.Method = "POST"
$httpRequest.headers.Add("X_API_VERSION", "1.5")
$httpRequest.ContentLength = $postbytes.Length
$requestStream = $httpRequest.GetRequestStream()
$requestStream.Write($postBytes, 0, $postBytes.length)

[System.Net.WebResponse] $httpResponse = $httpRequest.GetResponse()
$responseStream = $httpResponse.GetResponseStream()
[System.IO.StreamReader] $streamReader = New-Object System.IO.Streamreader -ArgumentList $responseStream
$httpResult = $streamReader.ReadToEnd()

write-host $httpResult


Example Response

write-host $httpResult
{
  "access_token":"eNotkMuOg...8vf4A2GhbCA==",
  "expires_in":7200,
  "token_type":"bearer"
}
  • Make note of the access_token to use when requesting a resource. See below for an example of how this is done. 

Making an OAuth-Authorized API Request

Once you obtain your access token, incorporate it into your API requests.

Example Call

accessToken="eNotkMuOg...8vf4A2GhbCA=="
 
$httpRequest = [System.Net.WebRequest]::Create("https://my.rightscale.com/api/deployments")
$httpRequest.Method = "GET"
$httpRequest.Headers.Add("X_API_VERSION","1.5")
$httpRequest.Headers.Add("Authorization","Bearer $accessToken")
[system.Net.WebResponse] $httpResponse = $httpRequest.GetResponse()
$responseStream = $httpResponse.GetResponseStream()
[System.IO.StreamReader] $streamReader = New-Object System.IO.Streamreader-ArgumentList $responseStream
$httpResult = $streamReader.ReadToEnd()

write-host $httpResult


Example Response

HTTP/1.1 200 OK 
Content-Type: application/json; charset=utf-8


{...}

Additional Notes

  • Anyone who possesses a valid token can log into the enabled account via the API and perform API requests on your behalf, with all of your permissions. Please protect this token appropriately.
  • The OAuth API feature allows users with Single Sign-On enabled to access the API without a username/password combination.
  • "Enable" enables OAuth for your account and generates a valid token. This token does not expire until it is "disabled" which will make the previous token invalid. The next time it is "enabled," a new token will be generated.

See also

You must to post a comment.
Last modified
12:19, 21 Oct 2014

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Announcements

None


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.