Logging in using a one-time token

  1. Authenticate to the cloud platform via the Python shell.

    The following variables should be available now:

    >>> base_url  # the base URL of the API
    '<the data center URL>/api/2'
    >>> auth  # the 'Authorization' header value with the access token
    {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...'}
    >>> tenant_id  # the UUID of the tenant to which the token provides access
    'ede9f834-70b3-476c-83d9-736f9f8c7dae'
    
  2. Define a variable named ott_data, and then assign the one-time token data to this variable:

    >>> ott_data = {
    ...     "login": "johncustomer@mysite.com",
    ...     "purpose": "user_login",
    ... }
    

    Name

    Value type

    Required

    Description

    login

    string

    Yes (if external_id and user_id are not specified)

    User account login in the cloud platform.

    purpose

    string

    Yes

    Purpose of the login. The only available option is user_login.

    external_id

    string

    Yes (if login and user_id are not specified)

    External user account UUID (if the user was registered using available identity provider).

    user_id

    UUID string

    Yes (if login and external_id are not specified)

    User account UUID in the cloud platform.

  3. Convert the ott_data object to a JSON text:

    >>> ott_data = json.dumps(ott_data, indent=4)
    >>> print(ott_data)
    {
        "login": "johncustomer@mysite.com",
        "purpose": "user_login"
    }
    
  4. Send a POST request with the JSON text to the /idp/ott endpoint:

    >>> response = requests.post(
    ...     f'{base_url}/idp/ott',
    ...     headers={'Content-Type': 'application/json', **auth},
    ...     data=ott_data,
    ... )
    
  5. Check the status code of the response:

    >>> response.status_code
    200
    

    Status code 200 means that the token has been successfully issued.

    Note

    A different status code means that an error has occurred. For details of the error, see HTTP status response codes and API error codes.

    Also, the response body contains the one-time token, formatted as a JSON text. When converted to an object, it will look like this:

    >>> pprint.pprint(response.json())
    {'ott': 'T1RUAQAAAG8-AAAAAAAATxLwKLZ0RMaVZ3GEk4JUMw=='}
    

    Important

    A one-time token can be used only once and it is valid for 30 seconds after it was generated.

  6. Store the one-time token in a variable:

    >>> ott = response.json()['ott']
    
  7. Define a variable named login_data, and then assign the ott JSON parameter to this variable:

    >>> login_data = {
    ...     'ott': ott
    ... }
    
  8. >>> response = requests.post(
    ...     f'{base_url}/idp/ott/login',
    ...     headers={'Content-Type': 'application/json'},
    ...     data=login_data,
    ... )
    
  9. Check the status code of the response:

    >>> response.status_code
    200
    

    Status code 200 means that you have been authorized on behalf of the user account under the johncustomer@mysite.com login.

    Note

    A different status code means that an error has occurred. For details of the error, see HTTP status response codes and API error codes.

    Also, the response body contains the user account information, formatted as a JSON text. When converted to an object, it will look like this:

    >>> pprint.pprint(response.json())
    {'activated': False,
     'business_types': [],
     'contact': {'address1': '',
                 'address2': '',
                 'city': '',
                 'country': '',
                 'email': 'johncustomer@mysite.com',
                 'firstname': 'John',
                 'lastname': 'Customer',
                 'phone': '',
                 'state': '',
                 'zipcode': ''},
     'created_at': '2019-08-10T08:00:00.807354+00:00',
     'enabled': True,
     'id': '2955b448-7df8-43uc-9c63-a21511dbe06d',
     'idp_id': '11111111-1111-1111-1111-111111111111',
     'language': 'en',
     'login': 'johncustomer@mysite.com',
     'mfa_status': 'disabled',
     'notifications': ['quota', 'reports', 'backup_daily_report'],
     'personal_tenant_id': None,
     'tenant_id': '2de246a4-1t3e-937c-9e76-5a21bd6492b',
     'terms_accepted': True,
     'version': 1}