Articles on: API

API Authentication


Overview

Gozunga Cloud uses token-based authentication for API access. Before making API calls, you need to obtain an authentication token.


There are several ways to authenticate with our API:

  1. Application Credentials (Recommended)
  2. EC2-style Credentials (for S3/Swift compatibility)


Application Credentials

Creating Application Credentials

  1. Log in to the Cloud Management Portal
  2. Navigate to Access → Application Credentials
  3. Click "Create an Application Credential"

  1. Enter the Name, and Description (optional)
  2. Click "Create an Application Credential"

Important : Save the credential ID and secret. The secret will only be shown once.

Using Application Credentials


# Using curl
curl -X POST \
  https://cloud.fsd1.gozunga.com:5000/v3/auth/tokens \
  -H 'Content-Type: application/json' \
  -d '{
    "auth": {
      "identity": {
        "methods": ["application_credential"],
        "application_credential": {
          "id": "YOUR_CREDENTIAL_ID",
          "secret": "YOUR_CREDENTIAL_SECRET"
        }
      }
    }
  }'

Installing Python OpenStack SDK

To use the Python OpenStack SDK, install it using pip:

# Create a virtual environment
python3 -m venv .venv
  
# Activate the virtual environment
source .venv/bin/activate
  
# Install the Python OpenStack SDK
pip install python-openstackclient

Using Python OpenStack SDK

# Using Python OpenStack SDK
from openstack import connection
  
conn = connection.Connection(
    auth_url='https://cloud.fsd1.gozunga.com:5000/v3',
    auth_type='v3applicationcredential',
    application_credential_id='YOUR_CREDENTIAL_ID',
    application_credential_secret='YOUR_CREDENTIAL_SECRET'
)

S3/EC2 Credentials

For S3/EC2 API access:

  1. In our Cloud Management Portal:
  • Navigate to Access → EC2/S3 Credentials
  • Click "Create S3/EC2 Credential"
  1. Save both the Access Key and Secret Key

# Example using AWS CLI
aws configure set aws_access_key_id YOUR_ACCESS_KEY
aws configure set aws_secret_access_key YOUR_SECRET_KEY
aws configure set region SiouxFalls
aws configure set endpoint_url https://cloud.fsd1.gozunga.com:6780
  
# Test access
aws --endpoint-url https://cloud.fsd1.gozunga.com:6780 s3 ls
aws --endpoint-url https://cloud.fsd1.gozunga.com:6780 s3 ls s3://bucketname/folder
aws --endpoint-url https://cloud.fsd1.gozunga.com:6780 s3 cp s3://bucketname/folder/file.zip .

Token Management

Token Expiration

  • Application Credential tokens: Valid for 24 hours by default
  • Password-based tokens: Valid for 4 hours
  • EC2 credentials: Do not expire unless revoked

Revoking Tokens

  1. Through the Cloud Management Portal:
  • Navigate to Identity → Application Credentials
  • Select the credential
  • Click "Delete Credential"

  1. Using the API:
curl -X DELETE \
  https://cloud.fsd1.gozunga.com:5000/v3/auth/tokens \
  -H 'X-Auth-Token: YOUR_TOKEN' \
  -H 'X-Subject-Token: TOKEN_TO_REVOKE'

Best Practices

  1. Use Application Credentials
  • More secure than password authentication
  • Can be easily revoked without affecting other credentials
  • Supports fine-grained access control

  1. Secure Storage
  • Never commit credentials to source control
  • Use environment variables or secure vaults
  • Rotate credentials regularly

  1. Scope Limitation
  • Create different credentials for different applications
  • Limit permissions to only what's needed
  • Set expiration dates when possible

  1. Monitoring
  • Regularly audit active credentials
  • Monitor for unusual API activity
  • Remove unused credentials

Troubleshooting

Common Issues

  1. Authentication Failed
  • Verify credential ID and secret
  • Check if credential has expired
  • Ensure correct endpoint URLs

  1. Token Expired
  • Request a new token
  • Implement token refresh in your application

  1. Permission Denied
  • Verify credential roles
  • Check project quotas
  • Ensure correct project scope

Updated on: 20/01/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!