Skip to main content

Authentification de l'API de l'OIDC

Equinix APIs use OAuth 2.0 protocol to authenticate the requests of your OIDC user to API endpoints. In order to interact with Equinix APIs, you need a bearer access token.

Conditions préalables

  1. An OIDC provider.

  2. Un jeton d'identification OIDC de votre fournisseur OIDC enregistré.

  3. Permissions spécifiques au produit ou au service pour spécifier la portée du jeton d'accès à l'API. Vous devez disposer de l'une ou l'autre des autorisations suivantes

    • ern:<access-policy-ern> where <access-policy-ern> is a single access policy that has been granted to the principal.
    • roleassignments:<org-id> where <org-id> is the organization ID where the OIDC principal has assigned roles.
    • projectpolicies:<project-id> where <project-id> is a project ID where the OIDC principal has been granted an access policy or access policies.
    • orgpolicies:<org-id> where <org-id> is an organization ID where the principal has been granted an access policy or access policies.
    • orgpolicies:<org-id> roleassignments:<org-id> where <org-id> is an organization ID where the principal has been granted both roles and access policies.

    For more information, see Access Control Scopes.

Demander un jeton d'accès

To request a bearer access token, send a POST request to the /v1/token endpoint.

Dans le corps de la demande, indiquez :

  • grant_type - Use urn:ietf:params:oauth:grant-type:token-exchange to receive an access token.
  • scope (required) - Provide the scope. The permissions granted by the token are checked against whether the principal has been granted the appropriate roles or access policies. For more information, see Access Control Scopes.
  • subject_token - The OIDC ID token.
  • subject_token_type - Use urn:ietf:params:oauth:token-type:id_token which identifies your subject_token as an OIDC ID token.

Exemple de requête cURL :

curl -X POST 'https://sts.eqix.equinix.com/v1/token' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'subject_token_type=urn:ietf:params:oauth:token-type:id_token' \
--data-urlencode 'scope=<role_or_access_policy>' \
--data-urlencode 'subject_token=<oidc_id_token>'

Utilisation de jetons d'accès

To interact with Equinix API, send your access token in the Authorization header of the HTTP request with Authorization: Bearer <token>.

Cette page vous a-t-elle été utile ?