Authentication methods for REST API and WebDAV

Top / Developers / Authentication methods for REST API and WebDAV

This page is automatically translated.

About authentication

Basically, credentials are secured by single sign-on with OAUTH2, but for compatibility or ease of application support, some APIs can use BASIC authentication.

The relationship between certification required areas and resources

REST API
api.teracloud.jp
<node>.teracloud.jp
In addition to the credentials issued by OAUTH2, a different API-KEY is required for each application(see below)
api.teracloud.jp of /ba/user/In addition to BASIC authentication (*), API-KEY is required.
WebDAV AccessAuthorization for /dav/ and /backup/BASIC authentication (*)
Users who have registered by 16:25 on June 2, 2021 can access /dav/ using BASIC authentication unless they disable it in MyPage.
Newly registered users after 16:25 on June 2, 2021 will not be able to access /dav/ using BASIC authentication unless they activate it in MyPage.
WebDAV AccessAuthorization for /v2/dav/Credentials issued by OAUTH2

About the URL of the authentication required areas

In the WebDAV area, the following paths of each node server are subject to BASIC authentication.

REST API, with some exceptions, in principle, authentication is mandatory.

Authentication Method

Certification by OAUTH2

To be published separately.

BASIC authentication (*)

Protocol

All access must be SSL (TLS v1.2 or later) and therefore does not support Digest-type BASIC authentication.

BASIC authentication

Method using HTTP's Request Header, Authorization:, which can be in both preemptive and non-preemptive mode.

ID

The ID is the same as the one you use to login to TeraCLOUD.

Password

For users who have registered by June 2, 2021, 4:25 p.m., if external application connections are not reissued or disabled in MyPage, they will be the same as those used when logging in. For users newly registered on or after June 2, 2021, at around 4:25 p.m., BASIC authentication will be turned off by default, and external application connections must be enabled in MyPage. At that time, the password issued will be a random one issued by the system.

Credential required for REST API access

In order to access the REST API, we need two credentials. When these two are conforming and correct, the API becomes available for the first time.

User ID, password
What determines the user. It is used for BASIC certification etc. It is the same format as authentication with ordinary WebDAV.
API KEY
A unique key determined for each application. It is used for labeling.

Acquisition of API KEY

Applications are required for API KEY, and application developers can apply from the corresponding application registration request form.

Although some review is done, any developer, such as a corporation, individual, open source, etc., can be used.

Technically speaking, API KEY needs to be filled in the application side, so it can not be actually protected. If it is an open source etc., it is thought that it may be committed to github etc, so this API KEY can be regarded as a mechanism for gaining application as a gentlemanly agreement to the last.

In the future, based on the offer from the application developer, it is planned to invalidate the API KEY and implement the invalidation function of the API key specific to each user individually.

How to give API KEY

API KEY needs to be sent in one of the following ways.

Method to send with HTTP Request Header
 A method of sending by HTTP Request Header.
 Send the Request Header with X - TeraCLOUD - API - KEY:. It can be used with all REST API.

Method to send with MatrixParam
 How to send by Matrix Parameter on URL.
 Send it with api_key = to the necessary part of the URL. It can be used with all REST API.

Since the REST Interface of TeraCLOUD is communication only with HTTPS, it does not need a special REST Client stack. However, because the easy access method is considered to be different depending on the language to be used, the library stack, and the application programmer's development method, at the moment it is possible to choose access by the above two methods.

Other informations

Format of API KEY
Send 128 bits in hexadecimal, uppercase BINHEX.
Validity period
That request only.