Authentication

How to authenticate with Oxide rack

There are two ways to authenticate with the Oxide API.

Device token

To create a device token, you will need the Oxide CLI and a web browser. Follow the CLI installation instructions to get the CLI, then follow these step-by-step instructions to create a device token. A device token can be passed as a bearer token using the Authorization header. Unlike sessions, each user may generate multiple tokens for individual devices.

Session cookie

The SAML or password-based login endpoints return a session ID in the Set-Cookie header that can be passed to subsequent requests in the Cookie header. This is the authentication method used by the web console. The session timeout is currently set to eight hours, but the policy may change in the future releases. A session is invalidated whenever the user issues a /v1/logout request.

How to specify your request credentials

Session cookies are often used and stored within browser clients.

Device tokens are stored in the configuration file $HOME/.config/oxide/credentials.toml on your workstation. All Oxide-supported clients and SDK automatically look for this file to obtain the credentials.

In lieu of the configuration file, you may specify the HTTP request target and token in the OXIDE_HOST and OXIDE_TOKEN environment variables respectively. If both the config file and environment variables are present, the latter will take precedence.

Last updated