Bearer Tokens
A bearer token is created from an access key ID, access key secret, and an SSL private-public key pair. Bearer token authentication is required for transfers to and from IBM Aspera on Cloud, but can be used for transfers with all other Aspera servers, too.
To create a bearer token with asnodeadmin, run the following command as a user with admin/root permissions. If you do not specify an SSL key file or directory, you are asked if you want to create one and the filename for the private key. The bearer token is returned in standard out.
# /opt/aspera/bin/asnodeadmin -u node_username -p node_user_password \
--bearer-create \
--access-key access_key_id \
--user-id user_id \
--expires-at UTC_date \
--group-ids id1,id2,… \
--scope-role {user|admin} \
--token-key-length length| Option | Required | Type | Description |
|---|---|---|---|
| -u, --user | Required | String | The Node API username. |
| -p, --pwd, --password | Required | String | The Node API user's password. |
| --bearer-create | Required | ||
| --access-key | Required | String | The ID of the access key that is used to create the bearer token |
| --user-id | Required | String | The ID of the user who is granted permissions to content in the storage by /permissions. |
| --group-ids | Optional | String | The ID of the group that is granted permissions to content in the storage by /permissions. |
| --expires-at | Optional | UTC time | The expiration date of the bearer token in UTC format. For example, 2016-06-23T13:21:58.453Z. Default expiration is 1 hour after token creation time. |
| --scope-role | Optional | String | The access level of the bearer token. Value can be admin (default) or user. admin can change the access key configuration, user cannot. |
| --token-key-length | Optional | Double | The length of the RSA key. Must be a power of 2 between 1024 bits (128 bytes) and 16384 bits (2048 bytes). Default key length is 4096 bits. |