Getting a Keystone Authentication Token

To get a Keystone Authentication Token, enter the following command in your Keystone client:

curl -X POST http://keystone.example.com:5000/v2.0/tokens \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{"auth": {"tenantName": "tenant-name", "passwordCredentials": {"username": "tenant-username", "password": "password"}}}'

In this particular example the credentials are requested in json format. The Keystone response looks like this:

{
  "access": {
    "serviceCatalog": [
    {
      "endpoints": [
      {
        "adminURL": "https://admin.hcp1.example.com:8000/",
        "id": "76ce30ce374a43d2812f6a78796fe6fa",
        "internalURL": "http://api.hcp1.example.com/swift/v1/AUTH_50c989a5206a46748d0985163f25b14b",
        "publicURL": "http://api.hcp1.example.com/swift/v1/AUTH_50c989a5206a46748d0985163f25b14b",
        "region": "New York"
      },
      {
        "adminURL": "HTTP://swift.example.com:8080",
        "id": "230f1ea7676d48079bea0a9edabcd88f",
        "internalURL": "HTTP://swift.example.com:8080/v1/AUTH_50c989a5206a46748d0985163f25b14b",
        "publicURL": "HTTP://swift.example.com:8080/v1/AUTH_50c989a5206a46748d0985163f25b14b",
        "region": "Los Angeles"
      }
    ],
    "name": "hswift",
    "type": "object-store"
   },
   {
   "endpoints": [
  {
    "adminURL": "https://keystone.example.com:35357/v2.0",
    "id": "48aa3755d8a549f6bda22b00fa9cde94",
    "internalURL": "https:// keystone.example.com:5000/v2.0",
    "publicURL": "https:// keystone.example.com:5000/v2.0",
    "region": "New York"
  }
  ],
  "name": "keystone",
  "type": "identity"
  }
  ],
  "token": {
    "expires": "2014-11-19T22:26:57Z",
    "id": "05c20875e3f2430ea10f45623c78cadd",
    "tenant": {
    "id": "50c989a5206a46748d0985163f25b14b",
    "name": "tenant-name"
  }
  },
  "user": {
  "id": "0d47cc2ba7744c4d97220983ae31f3b9",
  "name": "tenant-user",
  "roles": [
  {
    "name": "admin"
  }
  ],
  "username": " tenant-user"
  }
 }
}

The JSON response contains named elements and named lists. The keystone token, that is passed to HCP in the X-Auth-Token header, can be found in the id element inside the token element inside the access element.

The authentication response from keystone also contains a ServiceCatalog list which lists the endpoints for all services integrated with Keystone.