Generating an external login URL

  1. Authenticate to the cloud platform via the Python shell.

    The following variables should be available now:

    >>> base_url  # the base URL of the API
    >>> auth  # the 'Authorization' header value with the access token
    {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...'}
    >>> tenant_id  # the UUID of the tenant to which the token provides access
  2. Define a variable named ott_data, and then assign the one-time token data to this variable:

    >>> ott_data = {
    ...     "login": "",
    ...     "purpose": "user_login",
    ... }


    Value type





    Yes (if external_id and user_id are not specified)

    User account login in the cloud platform.




    Purpose of the login. The only available option is user_login.



    Yes (if login and user_id are not specified)

    External user account UUID (if the user was registered using available identity provider).


    UUID string

    Yes (if login and external_id are not specified)

    User account UUID in the cloud platform.

  3. Convert the ott_data object to a JSON text:

    >>> ott_data = json.dumps(ott_data, indent=4)
    >>> print(ott_data)
        "login": "",
        "purpose": "user_login"
  4. Send a POST request with the JSON text to the /idp/ott endpoint:

    >>> response =
    ...     f'{base_url}/idp/ott',
    ...     headers={'Content-Type': 'application/json', **auth},
    ...     data=ott_data,
    ... )
  5. Check the status code of the response:

    >>> response.status_code

    Status code 200 means that the token has been successfully issued.

    A different status code means that an error has occurred. For the details, refer to “Status and error codes”.

    Also, the response body contains the one-time token formatted as a JSON text. When converted to an object, it will look as follows:

    >>> pprint.pprint(response.json())


    A one-time token can be used only once and it is valid for 30 seconds after it was generated.

  6. Store the one-time token in a variable:

    >>> ott = response.json()['ott']
  7. URL encode the one-time token:

    >>> from urllib.parse import quote
    >>> ott = quote(ott)
  8. Define a variable and store a URL to which the user will be redirected. As an example, the backup console URL will be used:

    >>> target_uri = ''
  9. The external login URL must lead to the /idp/external-login endpoint and contain ott and targetURI as query string parameters. Form the link using the variables above and open it to log in to the service:

    >>> sso_link = f'{base_url}/idp/external-login#ott={ott}&targetURI={target_uri}'
    >>> sso_link