Normally a user of a Swift cluster would authenticate with an external auth server, obtain a token, and use that token with their Swift requests. But, with a fully public container, no auth token is required; the user just needs to know the URL to the container/object.
Here's an example using curl:
User 1 creates a public container and object:
Create public container:
curl -X PUT -H 'X-Auth-Token: AUTH_tk3439b9c56c5447c3990e4fe3cf2ad416' -H 'X-Container-Read: .r:*' http://127.0.0.1:8080/v1/AUTH_8980f74b1cda41e483cbe0a925f448a9/public_container (http://127.0.0.1:8080/v1/AUTH_8980f74...)
Upload object to the container:
curl -X PUT -H 'X-Auth-Token: AUTH_tk3439b9c56c5447c3990e4fe3cf2ad416' http://127.0.0.1:8080/v1/AUTH_8980f74b1cda41e483cbe0a925f448a9/public_container/public_object (http://127.0.0.1:8080/v1/AUTH_8980f74...) --data-binary 'test'
User 1 gives User 2 the URL to the object: http://127.0.0.1:8080/v1/AUTH_8980f74b1cda41e483cbe0a925f448a9/public_container/public_object (http://127.0.0.1:8080/v1/AUTH_8980f74...) and so User 2 can just download that:
Download object with no auth token:
curl http://127.0.0.1:8080/v1/AUTH_8980f74b1cda41e483cbe0a925f448a9/public_container/public_object (http://127.0.0.1:8080/v1/AUTH_8980f74...)
Here's another user grabbing the same URL, but using their auth token though they don't have to:
curl -H 'X-Auth-Token: AUTH_tkc93093898d4742778f48bcfb3ee9ad99' http://127.0.0.1:8080/v1/AUTH_8980f74b1cda41e483cbe0a925f448a9/public_container/public_object (http://127.0.0.1:8080/v1/AUTH_8980f74...)