Get sudo_token with temporary administrator privileges
POST/auth/v1/user/sudo
API Description
Get a sudo_token with temporary administrator privileges for executing sensitive operations such as modifying user passwords and deleting users. The sudo_token provides temporary administrator privileges with a validity period of 15 minutes.
Features
- Provides temporary administrator privileges for sensitive operations
- sudo_token valid for 900 seconds (15 minutes)
- Supports both password verification and verification code verification
- Enhances security and prevents accidental operations
Input Requirements
Required Parameters
Authorization: Current logged-in user's access_token (required, Bearer format)client_id: Client ID corresponding to the application (optional, defaults to environment ID)x-device-id: Device ID (optional, current logged-in device ID)
Request Body Parameters
password: User password (optional, choose one with verification_token)verification_token: Verification code token (optional, choose one with password)
Prerequisites
- User must be logged in and hold valid access_token
- User must know password or be able to obtain verification code
- Sensitive operations require secondary verification to enhance security
Output Description
Successful Response
sudo_token: Temporary administrator privileges tokenexpires_in: Expiration time, default 900 seconds
Request Examples
Password Verification Method Request Example
POST /auth/v1/user/sudo
Authorization: Bearer your_access_token
Content-Type: application/json
{
"password": "user_password_123"
}
Verification Code Verification Method Request Example
POST /auth/v1/user/sudo
Authorization: Bearer your_access_token
Content-Type: application/json
{
"verification_token": "your_verification_token"
}
Response Examples
Get sudo_token Success Response
{
"sudo_token": "your_sudo_token",
"expires_in": 900
}
Verification Failure Response
{
"error": "invalid_password",
"error_code": 4001,
"error_description": "Password error, please re-enter"
}
Usage Flow
1. User Login
- User obtains access_token through normal login process
2. Request sudo_token
- Call this API for secondary verification (password or verification code)
- Obtain sudo_token
3. Execute Sensitive Operations
- Use sudo_token to call sensitive operation APIs
- Such as modifying password, deleting user, etc.
4. Operation Complete
- sudo_token automatically expires after expiration
- Need to re-verify to execute sensitive operations again
Key Characteristics
Security
- Secondary verification ensures operation security
- Short sudo_token validity period prevents abuse
- Supports both password and verification code verification methods
Permission Control
- sudo_token provides temporary administrator privileges
- Can only execute specific sensitive operations
- Limited permission scope reduces risk
Related APIs
- Modify Password - Use sudo_token to modify password
- Delete User - Use sudo_token to delete user
- Verification Code Verification - Get verification code token
- Get User Information - Get current user information
Request
Query Parameters
Client ID corresponding to the application, can be obtained from Cloud Development Platform -> Identity Authentication -> Development Settings. Defaults to environment ID, can be omitted
Header Parameters
Device ID, the ID of the current logged-in device. The client should generate it randomly and cache it on the client. This parameter is related to the number of logged-in accounts.
The access_token of the current logged-in user, format is Bearer xxx
- application/json
Body
User password
Verification token obtained via SMS or email; call /auth/v1/verification/verify to validate
Responses
- 200
- 500
A successful response.
Response Headers
- application/json
- Schema
- Example (from schema)
Schema
{
"sudo_token": "string"
}
An unexpected error response.
Response Headers
- application/json
- Schema
- Example (from schema)
Schema
{
"error": "string",
"error_code": 0,
"error_description": "string"
}