User Credentials
User Credentials
The User Credential API allows users to manage credentials needed to access storage gateways. The credentials may take different forms, based on the connector being used.
User Credentials Overview
| Method | API Path | Description |
|---|---|---|
|
List user credentials |
|
|
Create a user credential |
|
|
Get a user credential |
|
|
Update a user credential |
|
|
Update a user credential |
|
|
Delete a user credential |
Details
List user credentials
GET /api/user_credentials
The caller may only retrieve User Credentials which were created by an identity in the caller’s identity set unless they are an administrator. If the endpoint is not public, returns ForbiddenError if the user has no credentials
Authorization
-
RoleAuthorizer:
-
endpoint:owner
-
endpoint:administrator
-
-
StorageGatewayAuthorizer
-
{storage_gateway_id}
-
Query Parameters
| Parameter | Type | Description |
|---|---|---|
page_size |
integer <int> |
Maximum page size for a paginated response |
marker |
string |
Pagination marker for a paginated response |
include |
array of string |
Credentials to include. If set to all, then - credentials owned by other users are returned if the storage gateway allows admin_managed_credentials and the caller has an endpoint:administrator or endpoint:owner role. |
storage_gateway |
string <uuid> |
ID of the Storage Gateway |
Responses
200 - List user credential response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object UserCredential |
|
detail |
any type |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"data": [
{
"DATA_TYPE": "user_credential#1.0.0",
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"home_directory": "string",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
"invalid": true,
"policies": {
"DATA_TYPE": "s3_user_credential_policies#1.0.0",
"s3_key_id": "string",
"s3_secret_key": "string"
},
"provisioned": true,
"storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
"username": "string"
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}Create a user credential
POST /api/user_credentials
Create a user credential on a storage gateway. This is required for some connectors that require a local user name or other credential information to access the storage system. See the connector-specific documentation for details on what is needed.
The caller is authorized based on the StorageGateway identity policies, so users with no assigned roles on the endpoint may be permitted to access this operation.
Request body
Credential information for an identity on a particular storage gateway and its related collections.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
connector_id |
string <uuid> |
Id of the connector type used by this credential |
deleted |
boolean |
Flag indicating that this credential has been deleted |
display_name |
string |
Display name of the credential |
id |
string <uuid> |
Unique id for this user credential |
identity_id |
string <uuid> |
Globus Auth identity id that this credential is associated with |
invalid |
boolean |
Flag indicating that this credential is no longer valid |
policies |
S3UserCredentialPolicies_1_0_0 or S3UserCredentialPolicies_1_1_0 or AzureBlobUserCredentialPolicies_1_0_0 or BlackPearlUserCredentialPolicies_1_0_0 or BoxUserCredential_1_0_0 or BoxUserCredential_1_1_0 or CephUserCredentialPolicies_1_0_0 or DropboxUserCredentialPolicies_1_0_0 or GoogleCloudStorageUserCredentialPolicies_1_0_0 or GoogleDriveUserCredentialPolicies_1_0_0 or HPSSUserCredentialPolicies_1_0_0 or IrodsUserCredentialPolicies_1_0_0 or OneDriveUserCredentialPolicies_1_0_0 or PosixUserCredentialPolicies_1_0_0 or PosixStagingUserCredentialPolicies_1_0_0 |
Connector-specific user credential policies |
provisioned |
boolean |
Flag indicating that this credential has been fully provisioned. If this is false and the invalid property is true, then the credential was created during login and patching it to add the missing data should be presented to the user as initializing the credential. |
storage_gateway_id |
string <uuid> |
Storage Gateway this credential is associated with |
username |
string |
Connector-specific username that this credential is associated with. If the connector supports identity mapping, this matches the result of the mapping applied to identity_id. |
Example
{
"DATA_TYPE": "user_credential#1.0.0",
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"home_directory": "string",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
"invalid": true,
"policies": {
"DATA_TYPE": "s3_user_credential_policies#1.0.0",
"s3_key_id": "string",
"s3_secret_key": "string"
},
"provisioned": true,
"storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
"username": "string"
}Responses
201 - Create user credential response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object UserCredential |
|
detail |
any type |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"data": [
{
"DATA_TYPE": "user_credential#1.0.0",
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"home_directory": "string",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
"invalid": true,
"policies": {
"DATA_TYPE": "s3_user_credential_policies#1.0.0",
"s3_key_id": "string",
"s3_secret_key": "string"
},
"provisioned": true,
"storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
"username": "string"
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}Details
Get a user credential
GET /api/user_credentials/{user_credential_id}
Get a user credential.
The caller must have the identity_id of the user credential in its identity set.
Responses
200 - Get user credential response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object UserCredential |
|
detail |
any type |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"data": [
{
"DATA_TYPE": "user_credential#1.0.0",
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"home_directory": "string",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
"invalid": true,
"policies": {
"DATA_TYPE": "s3_user_credential_policies#1.0.0",
"s3_key_id": "string",
"s3_secret_key": "string"
},
"provisioned": true,
"storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
"username": "string"
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}403 - Permission denied
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object |
|
detail |
string or NotResourceOwner |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"http_response_code": 100,
"detail": null,
"DATA_TYPE": "result#1.0.0",
"data": [
{}
],
"has_next_page": false,
"marker": "string",
"message": "string"
}Update a user credential
PATCH /api/user_credentials/{user_credential_id}
Update a user credential on a storage gateway. This is required for some connectors that require a local user name or other credential information to access the storage system. See the connector-specific documentation for details on what is needed.
The caller must have the identity_id of the user credential in its identity set.
Request body
Credential information for an identity on a particular storage gateway and its related collections.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
connector_id |
string <uuid> |
Id of the connector type used by this credential |
deleted |
boolean |
Flag indicating that this credential has been deleted |
display_name |
string |
Display name of the credential |
id |
string <uuid> |
Unique id for this user credential |
identity_id |
string <uuid> |
Globus Auth identity id that this credential is associated with |
invalid |
boolean |
Flag indicating that this credential is no longer valid |
policies |
S3UserCredentialPolicies_1_0_0 or S3UserCredentialPolicies_1_1_0 or AzureBlobUserCredentialPolicies_1_0_0 or BlackPearlUserCredentialPolicies_1_0_0 or BoxUserCredential_1_0_0 or BoxUserCredential_1_1_0 or CephUserCredentialPolicies_1_0_0 or DropboxUserCredentialPolicies_1_0_0 or GoogleCloudStorageUserCredentialPolicies_1_0_0 or GoogleDriveUserCredentialPolicies_1_0_0 or HPSSUserCredentialPolicies_1_0_0 or IrodsUserCredentialPolicies_1_0_0 or OneDriveUserCredentialPolicies_1_0_0 or PosixUserCredentialPolicies_1_0_0 or PosixStagingUserCredentialPolicies_1_0_0 |
Connector-specific user credential policies |
provisioned |
boolean |
Flag indicating that this credential has been fully provisioned. If this is false and the invalid property is true, then the credential was created during login and patching it to add the missing data should be presented to the user as initializing the credential. |
storage_gateway_id |
string <uuid> |
Storage Gateway this credential is associated with |
username |
string |
Connector-specific username that this credential is associated with. If the connector supports identity mapping, this matches the result of the mapping applied to identity_id. |
Example
{
"DATA_TYPE": "user_credential#1.0.0",
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"home_directory": "string",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
"invalid": true,
"policies": {
"DATA_TYPE": "s3_user_credential_policies#1.0.0",
"s3_key_id": "string",
"s3_secret_key": "string"
},
"provisioned": true,
"storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
"username": "string"
}Responses
200 - Update user credential response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object UserCredential |
|
detail |
any type |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"data": [
{
"DATA_TYPE": "user_credential#1.0.0",
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"home_directory": "string",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
"invalid": true,
"policies": {
"DATA_TYPE": "s3_user_credential_policies#1.0.0",
"s3_key_id": "string",
"s3_secret_key": "string"
},
"provisioned": true,
"storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
"username": "string"
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}403 - Permission denied
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object |
|
detail |
string or NotResourceOwner |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"http_response_code": 100,
"detail": null,
"DATA_TYPE": "result#1.0.0",
"data": [
{}
],
"has_next_page": false,
"marker": "string",
"message": "string"
}Update a user credential
PUT /api/user_credentials/{user_credential_id}
Update a user credential on a storage gateway. This is required for some connectors that require a local user name or other credential information to access the storage system. See the connector-specific documentation for details on what is needed.
The caller must have the identity_id of the user credential in its identity set.
Request body
Credential information for an identity on a particular storage gateway and its related collections.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
connector_id |
string <uuid> |
Id of the connector type used by this credential |
deleted |
boolean |
Flag indicating that this credential has been deleted |
display_name |
string |
Display name of the credential |
id |
string <uuid> |
Unique id for this user credential |
identity_id |
string <uuid> |
Globus Auth identity id that this credential is associated with |
invalid |
boolean |
Flag indicating that this credential is no longer valid |
policies |
S3UserCredentialPolicies_1_0_0 or S3UserCredentialPolicies_1_1_0 or AzureBlobUserCredentialPolicies_1_0_0 or BlackPearlUserCredentialPolicies_1_0_0 or BoxUserCredential_1_0_0 or BoxUserCredential_1_1_0 or CephUserCredentialPolicies_1_0_0 or DropboxUserCredentialPolicies_1_0_0 or GoogleCloudStorageUserCredentialPolicies_1_0_0 or GoogleDriveUserCredentialPolicies_1_0_0 or HPSSUserCredentialPolicies_1_0_0 or IrodsUserCredentialPolicies_1_0_0 or OneDriveUserCredentialPolicies_1_0_0 or PosixUserCredentialPolicies_1_0_0 or PosixStagingUserCredentialPolicies_1_0_0 |
Connector-specific user credential policies |
provisioned |
boolean |
Flag indicating that this credential has been fully provisioned. If this is false and the invalid property is true, then the credential was created during login and patching it to add the missing data should be presented to the user as initializing the credential. |
storage_gateway_id |
string <uuid> |
Storage Gateway this credential is associated with |
username |
string |
Connector-specific username that this credential is associated with. If the connector supports identity mapping, this matches the result of the mapping applied to identity_id. |
Example
{
"DATA_TYPE": "user_credential#1.0.0",
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"home_directory": "string",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
"invalid": true,
"policies": {
"DATA_TYPE": "s3_user_credential_policies#1.0.0",
"s3_key_id": "string",
"s3_secret_key": "string"
},
"provisioned": true,
"storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
"username": "string"
}Responses
200 - Update user credential response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object UserCredential |
|
detail |
any type |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"data": [
{
"DATA_TYPE": "user_credential#1.0.0",
"connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
"deleted": true,
"display_name": "string",
"home_directory": "string",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
"invalid": true,
"policies": {
"DATA_TYPE": "s3_user_credential_policies#1.0.0",
"s3_key_id": "string",
"s3_secret_key": "string"
},
"provisioned": true,
"storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
"username": "string"
}
],
"DATA_TYPE": "result#1.0.0",
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}403 - Permission denied
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object |
|
detail |
string or NotResourceOwner |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"http_response_code": 100,
"detail": null,
"DATA_TYPE": "result#1.0.0",
"data": [
{}
],
"has_next_page": false,
"marker": "string",
"message": "string"
}Delete a user credential
DELETE /api/user_credentials/{user_credential_id}
Delete a user credential.
The caller must have the identity_id of the user credential in its identity set.
Responses
200 - Delete user credential response
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object |
|
detail |
any type |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"DATA_TYPE": "result#1.0.0",
"code": "string",
"data": [
{}
],
"detail": null,
"has_next_page": false,
"http_response_code": 100,
"marker": "string",
"message": "string"
}403 - Permission denied
This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
code |
string |
String response code |
data |
array of object |
|
detail |
string or NotResourceOwner |
|
has_next_page |
boolean |
Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation. |
http_response_code |
integer |
Numeric HTTP response code |
marker |
string |
Opaque marker that may be passed to this API call to fetch the next
page of results if the returned document has |
message |
string |
Message describing this result |
{
"code": "string",
"http_response_code": 100,
"detail": null,
"DATA_TYPE": "result#1.0.0",
"data": [
{}
],
"has_next_page": false,
"marker": "string",
"message": "string"
}