Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • APIs
    Auth Flows Groups Search Timers Transfer Globus Connect Server Compute Helper Pages
  • Applications
    Globus Connect Personal Globus Connect Server Premium Storage Connectors Compute Command Line Interface Python SDK JavaScript SDK
  • Guides
  • Support
    FAQs Mailing Lists Contact Us Check Support Tickets
  1. Home
  2. Globus Connect Server
  3. v5.4
  4. Globus Connect Server Manager API
  5. User Credentials

User Credentials

User Credentials

The User Credential API allows users to manage credentials needed to access storage gateways. The credentials may take different forms, based on the connector being used.

User Credentials Overview

Method API Path Description

GET

/​api/​user_credentials

List user credentials

POST

/​api/​user_credentials

Create a user credential

GET

/​api/​user_credentials/​{user_credential_id}

Get a user credential

PATCH

/​api/​user_credentials/​{user_credential_id}

Update a user credential

PUT

/​api/​user_credentials/​{user_credential_id}

Update a user credential

DELETE

/​api/​user_credentials/​{user_credential_id}

Delete a user credential

Details

List user credentials

GET /api/user_credentials

The caller may only retrieve User Credentials which were created by an identity in the caller’s identity set unless they are an administrator. If the endpoint is not public, returns ForbiddenError if the user has no credentials

Authorization

  • RoleAuthorizer:

    • endpoint:owner

    • endpoint:administrator

  • StorageGatewayAuthorizer

    • {storage_gateway_id}

Query Parameters

Parameter Type Description

page_size

integer <int>

Maximum page size for a paginated response

marker

string

Pagination marker for a paginated response

include

array of string all

Credentials to include. If set to all, then - credentials owned by other users are returned if the storage gateway allows admin_managed_credentials and the caller has an endpoint:administrator or endpoint:owner role.

storage_gateway

string <uuid>

ID of the Storage Gateway

Responses

200 - List user credential response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "user_credential#1.0.0",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "home_directory": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "invalid": true,
      "policies": {
        "DATA_TYPE": "s3_user_credential_policies#1.0.0",
        "s3_key_id": "string",
        "s3_secret_key": "string"
      },
      "provisioned": true,
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

Create a user credential

POST /api/user_credentials

Create a user credential on a storage gateway. This is required for some connectors that require a local user name or other credential information to access the storage system. See the connector-specific documentation for details on what is needed.

The caller is authorized based on the StorageGateway identity policies, so users with no assigned roles on the endpoint may be permitted to access this operation.

Request body

Content-Type: application/json

Credential information for an identity on a particular storage gateway and its related collections.

Name

Type

Description

DATA_TYPE

string user_credential#1.0.0

Type of this document

connector_id

string <uuid>

Id of the connector type used by this credential

deleted

boolean

Flag indicating that this credential has been deleted

display_name

string

Display name of the credential

id

string <uuid>

Unique id for this user credential

identity_id

string <uuid>

Globus Auth identity id that this credential is associated with

invalid

boolean

Flag indicating that this credential is no longer valid

policies

S3UserCredentialPolicies_1_0_0 or S3UserCredentialPolicies_1_1_0 or S3UserCredentialPolicies_1_2_0 or AzureBlobUserCredentialPolicies_1_0_0 or BlackPearlUserCredentialPolicies_1_0_0 or BoxUserCredential_1_0_0 or BoxUserCredential_1_1_0 or CephUserCredentialPolicies_1_0_0 or DropboxUserCredentialPolicies_1_0_0 or GoogleCloudStorageUserCredentialPolicies_1_0_0 or GoogleDriveUserCredentialPolicies_1_0_0 or HPSSUserCredentialPolicies_1_0_0 or IrodsUserCredentialPolicies_1_0_0 or OneDriveUserCredentialPolicies_1_0_0 or PosixUserCredentialPolicies_1_0_0 or PosixStagingUserCredentialPolicies_1_0_0

Connector-specific user credential policies

provisioned

boolean

Flag indicating that this credential has been fully provisioned. If this is false and the invalid property is true, then the credential was created during login and patching it to add the missing data should be presented to the user as initializing the credential.

storage_gateway_id

string <uuid>

Storage Gateway this credential is associated with

username

string

Connector-specific username that this credential is associated with. If the connector supports identity mapping, this matches the result of the mapping applied to identity_id.

Example
{
  "DATA_TYPE": "user_credential#1.0.0",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "home_directory": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "invalid": true,
  "policies": {
    "DATA_TYPE": "s3_user_credential_policies#1.0.0",
    "s3_key_id": "string",
    "s3_secret_key": "string"
  },
  "provisioned": true,
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}

Responses

201 - Create user credential response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "user_credential#1.0.0",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "home_directory": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "invalid": true,
      "policies": {
        "DATA_TYPE": "s3_user_credential_policies#1.0.0",
        "s3_key_id": "string",
        "s3_secret_key": "string"
      },
      "provisioned": true,
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
415 - Unsupported media type
422 - Unprocessable entity

Details

Get a user credential

GET /api/user_credentials/{user_credential_id}

Get a user credential.

The caller must have the identity_id of the user credential in its identity set.

Authorization

  • UserCredentialOwnerAuthorizer

    • {user_credential_id}

Path parameters

▷ user_credential_id

Id of the user credential

Parameter Type Description

user_credential_id (required)

string <uuid>

Id of the user credential

Responses

200 - Get user credential response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "user_credential#1.0.0",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "home_directory": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "invalid": true,
      "policies": {
        "DATA_TYPE": "s3_user_credential_policies#1.0.0",
        "s3_key_id": "string",
        "s3_secret_key": "string"
      },
      "provisioned": true,
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found

Update a user credential

PATCH /api/user_credentials/{user_credential_id}

Update a user credential on a storage gateway. This is required for some connectors that require a local user name or other credential information to access the storage system. See the connector-specific documentation for details on what is needed.

The caller must have the identity_id of the user credential in its identity set.

Authorization

  • UserCredentialOwnerAuthorizer

    • {user_credential_id}

Path parameters

▷ user_credential_id

Id of the user credential

Parameter Type Description

user_credential_id (required)

string <uuid>

Id of the user credential

Request body

Content-Type: application/json

Credential information for an identity on a particular storage gateway and its related collections.

Name

Type

Description

DATA_TYPE

string user_credential#1.0.0

Type of this document

connector_id

string <uuid>

Id of the connector type used by this credential

deleted

boolean

Flag indicating that this credential has been deleted

display_name

string

Display name of the credential

id

string <uuid>

Unique id for this user credential

identity_id

string <uuid>

Globus Auth identity id that this credential is associated with

invalid

boolean

Flag indicating that this credential is no longer valid

policies

S3UserCredentialPolicies_1_0_0 or S3UserCredentialPolicies_1_1_0 or S3UserCredentialPolicies_1_2_0 or AzureBlobUserCredentialPolicies_1_0_0 or BlackPearlUserCredentialPolicies_1_0_0 or BoxUserCredential_1_0_0 or BoxUserCredential_1_1_0 or CephUserCredentialPolicies_1_0_0 or DropboxUserCredentialPolicies_1_0_0 or GoogleCloudStorageUserCredentialPolicies_1_0_0 or GoogleDriveUserCredentialPolicies_1_0_0 or HPSSUserCredentialPolicies_1_0_0 or IrodsUserCredentialPolicies_1_0_0 or OneDriveUserCredentialPolicies_1_0_0 or PosixUserCredentialPolicies_1_0_0 or PosixStagingUserCredentialPolicies_1_0_0

Connector-specific user credential policies

provisioned

boolean

Flag indicating that this credential has been fully provisioned. If this is false and the invalid property is true, then the credential was created during login and patching it to add the missing data should be presented to the user as initializing the credential.

storage_gateway_id

string <uuid>

Storage Gateway this credential is associated with

username

string

Connector-specific username that this credential is associated with. If the connector supports identity mapping, this matches the result of the mapping applied to identity_id.

Example
{
  "DATA_TYPE": "user_credential#1.0.0",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "home_directory": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "invalid": true,
  "policies": {
    "DATA_TYPE": "s3_user_credential_policies#1.0.0",
    "s3_key_id": "string",
    "s3_secret_key": "string"
  },
  "provisioned": true,
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}

Responses

200 - Update user credential response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "user_credential#1.0.0",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "home_directory": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "invalid": true,
      "policies": {
        "DATA_TYPE": "s3_user_credential_policies#1.0.0",
        "s3_key_id": "string",
        "s3_secret_key": "string"
      },
      "provisioned": true,
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Update a user credential

PUT /api/user_credentials/{user_credential_id}

Update a user credential on a storage gateway. This is required for some connectors that require a local user name or other credential information to access the storage system. See the connector-specific documentation for details on what is needed.

The caller must have the identity_id of the user credential in its identity set.

Authorization

  • UserCredentialOwnerAuthorizer

    • {user_credential_id}

Path parameters

▷ user_credential_id

Id of the user credential

Parameter Type Description

user_credential_id (required)

string <uuid>

Id of the user credential

Request body

Content-Type: application/json

Credential information for an identity on a particular storage gateway and its related collections.

Name

Type

Description

DATA_TYPE

string user_credential#1.0.0

Type of this document

connector_id

string <uuid>

Id of the connector type used by this credential

deleted

boolean

Flag indicating that this credential has been deleted

display_name

string

Display name of the credential

id

string <uuid>

Unique id for this user credential

identity_id

string <uuid>

Globus Auth identity id that this credential is associated with

invalid

boolean

Flag indicating that this credential is no longer valid

policies

S3UserCredentialPolicies_1_0_0 or S3UserCredentialPolicies_1_1_0 or S3UserCredentialPolicies_1_2_0 or AzureBlobUserCredentialPolicies_1_0_0 or BlackPearlUserCredentialPolicies_1_0_0 or BoxUserCredential_1_0_0 or BoxUserCredential_1_1_0 or CephUserCredentialPolicies_1_0_0 or DropboxUserCredentialPolicies_1_0_0 or GoogleCloudStorageUserCredentialPolicies_1_0_0 or GoogleDriveUserCredentialPolicies_1_0_0 or HPSSUserCredentialPolicies_1_0_0 or IrodsUserCredentialPolicies_1_0_0 or OneDriveUserCredentialPolicies_1_0_0 or PosixUserCredentialPolicies_1_0_0 or PosixStagingUserCredentialPolicies_1_0_0

Connector-specific user credential policies

provisioned

boolean

Flag indicating that this credential has been fully provisioned. If this is false and the invalid property is true, then the credential was created during login and patching it to add the missing data should be presented to the user as initializing the credential.

storage_gateway_id

string <uuid>

Storage Gateway this credential is associated with

username

string

Connector-specific username that this credential is associated with. If the connector supports identity mapping, this matches the result of the mapping applied to identity_id.

Example
{
  "DATA_TYPE": "user_credential#1.0.0",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "home_directory": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "invalid": true,
  "policies": {
    "DATA_TYPE": "s3_user_credential_policies#1.0.0",
    "s3_key_id": "string",
    "s3_secret_key": "string"
  },
  "provisioned": true,
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}

Responses

200 - Update user credential response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "user_credential#1.0.0",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "deleted": true,
      "display_name": "string",
      "home_directory": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "invalid": true,
      "policies": {
        "DATA_TYPE": "s3_user_credential_policies#1.0.0",
        "s3_key_id": "string",
        "s3_secret_key": "string"
      },
      "provisioned": true,
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
400 - Bad Request
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
415 - Unsupported media type
422 - Unprocessable entity

Delete a user credential

DELETE /api/user_credentials/{user_credential_id}

Delete a user credential.

The caller must have the identity_id of the user credential in its identity set.

Authorization

  • UserCredentialOwnerAuthorizer

    • {user_credential_id}

Path parameters

▷ user_credential_id

Id of the user credential

Parameter Type Description

user_credential_id (required)

string <uuid>

Id of the user credential

Responses

200 - Delete user credential response
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}
403 - Permission denied
Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Version 1.1.0 adds optional authorization_parameters to help process authorization or authentication errors

One of the following schemas:

  • Result_1_0_0

  • Result_1_1_0

​

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}
404 - Not found
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility