Get sudo_token with temporary administrator privileges

POST 
/auth/v1/user/sudo

API Description

Get a sudo_token with temporary administrator privileges for executing sensitive operations such as modifying user passwords and deleting users. The sudo_token provides temporary administrator privileges with a validity period of 15 minutes.

Features

• Provides temporary administrator privileges for sensitive operations
• sudo_token valid for 900 seconds (15 minutes)
• Supports both password verification and verification code verification
• Enhances security and prevents accidental operations

Input Requirements

Required Parameters

• Authorization: Current logged-in user's access_token (required, Bearer format)
• client_id: Client ID corresponding to the application (optional, defaults to environment ID)
• x-device-id: Device ID (optional, current logged-in device ID)

Request Body Parameters

• password: User password (optional, choose one with verification_token)
• verification_token: Verification code token (optional, choose one with password)

Prerequisites

• User must be logged in and hold valid access_token
• User must know password or be able to obtain verification code
• Sensitive operations require secondary verification to enhance security

Output Description

Successful Response

• sudo_token: Temporary administrator privileges token
• expires_in: Expiration time, default 900 seconds

Request Examples

Password Verification Method Request Example

POST /auth/v1/user/sudo
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ
Content-Type: application/json

{
  "password": "user_password_123"
}

Verification Code Verification Method Request Example

POST /auth/v1/user/sudo
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ
Content-Type: application/json

{
  "verification_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InVzZXJAZXhhbXBsZS5jb20iLCJleHAiOjE3MzQ2ODIzNTcsInByb2plY3QiOiJsb3djb2RlIiwidHlwZSI6InZlcmlmaWNhdGlvbiJ9"
}

Response Examples

Get sudo_token Success Response

{
  "sudo_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxODQ5NzU1MTE5ODQwNDk3NjY0IiwiZXhwIjoxNzM0Njg5NTU3LCJpYXQiOjE3MzQ2ODIzNTcsInNjb3BlIjoic3VkbyJ9",
  "expires_in": 900
}

Verification Failure Response

{
  "error": "invalid_password",
  "error_code": 4001,
  "error_description": "Password error, please re-enter"
}

Usage Flow

1. User Login

• User obtains access_token through normal login process

2. Request sudo_token

• Call this API for secondary verification (password or verification code)
• Obtain sudo_token

3. Execute Sensitive Operations

• Use sudo_token to call sensitive operation APIs
• Such as modifying password, deleting user, etc.

4. Operation Complete

• sudo_token automatically expires after expiration
• Need to re-verify to execute sensitive operations again

Key Characteristics

Security

• Secondary verification ensures operation security
• Short sudo_token validity period prevents abuse
• Supports both password and verification code verification methods

Permission Control

• sudo_token provides temporary administrator privileges
• Can only execute specific sensitive operations
• Limited permission scope reduces risk

Related APIs

• Modify Password - Use sudo_token to modify password
• Delete User - Use sudo_token to delete user
• Verification Code Verification - Get verification code token
• Get User Information - Get current user information

Request

Query Parameters

client_id string

Client ID corresponding to the application, can be obtained from Cloud Development Platform -> Identity Authentication -> Development Settings. Defaults to environment ID, can be omitted

Header Parameters

x-device-id string

Device ID, the ID of the current logged-in device. The client should generate it randomly and cache it on the client. This parameter is related to the number of logged-in accounts.

Authorization stringrequired
The access_token of the current logged-in user, format is Bearer xxx
Example: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ

application/json

Body

password string

User password

verification_token string

Verification token obtained via SMS or email; call /auth/v1/verification/verify to validate

Responses

200

A successful response.

Response Headers

application/json

Schema

Schema

sudo_token string

Example (from schema)

{
  "sudo_token": "string"
}

500

An unexpected error response.

Response Headers

application/json

Schema

Schema

error Error message (string)
error_code int32
error_description Error description (string)

Example (from schema)

{
  "error": "string",
  "error_code": 0,
  "error_description": "string"
}

Loading...