VMware Cloud Foundation API Reference Guide

VMware Cloud Foundation API Reference Guide

1. Overview

VMware Cloud Foundation API Reference Guide

1.1. Contact information

Contact : http://www.vmware.com/

1.2. License information

License : VMware Cloud Foundation
Terms of service : http://www.vmware.com/

1.3. URI scheme

Host : sddc-manager.sfo01.rainpole.local
BasePath : /
Schemes : HTTPS

1.4. Tags

  • BackupRestore : APIs for managing Backups and Restore

  • Bundles : APIs for managing Bundles

  • CEIP : APIs for managing CEIP status

  • Certificates : APIs for managing Certificates

  • Clusters : APIs for managing Clusters

  • Credentials : APIs for managing Credentials

  • DepotSettings : APIs for managing Depot Settings

  • Domains : APIs for managing Domains

  • Federation : APIs for managing federation

  • HorizonManager : Horizon V 1 Controller

  • Hosts : APIs for managing Hosts

  • License Keys : APIs for managing License Keys

  • Members : APIs for managing members of the federation

  • Membership Token : APIs for managing Membership Token

  • NSX-T Clusters : APIs for managing NSX-T Clusters

  • Network Pools : APIs for managing Network Pools

  • NsxManagers : APIs for NsxManagers

  • PKS : APIs for managing PKS

  • PSCs : APIs for managing PSCs

  • Progress : APIs for getting progress of Federation tasks

  • SDDC : APIs for managing SDDC

  • SddcManagers : APIs for managing Sddc Managers

  • SystemPrechecks : APIs for managing System Prechecks

  • Tasks : APIs for managing Tasks

  • Upgradables : APIs for managing Upgradables

  • Upgrades : APIs for managing Upgrades

  • VcfServices : APIs for managing VCF Services

  • VersionAliasesForBundleComponentType : APIs for managing version alias configuration

  • solution-network-manager-api-controller : The Solutions Networking API

  • vCenters : APIs for vCenters

  • vRLI : APIs for managing vRealize Log Insight

  • vROPs : APIs for managing vRealize Operations

  • vRSLCM : APIs for managing vRealize Suite Lifecycle Manager

1.5. API Versioning

  • API versioning is at the granularity of each resource.

  • API versioning is similar to URI versioning so that it is explicit i.e all APIs have the "/<version>/" prefix.

  • API version is independent of the product version and will evolve independently.

Tip
 Reference APIs using the full path i.e "/v1/hosts" so that any future changes can be localized to a small scope in the automation code. This ensures that when the API version is incremented, you only need to update the references to the old APIs (which are now marked as deprecated) with the new APIs
Note

  • An illustration of API versioning is shown in the table below.

  • The illustration assumes that the product version is incremented from N to N+1, N+2 and so on.

  • The API version is only incremented when there are backward incompatible changes.

  • The older version of the APIs are deprecated when the version is incremented.
Product Version APIs

Product Version N

  • /v1/hosts

  • /v1/domains

  • /v1/clusters

Product Version N+1

  • /v1/hosts

  • /v1/domains (Deprecated)

  • /v2/domains

  • /v1/clusters

Product Version N+2

  • /v1/hosts (Deprecated)

  • /v2/hosts

  • /v1/domains (Deprecated)

  • /v2/domains

  • /v1/clusters

Product Version N+3

  • /v1/hosts (Deprecated)

  • /v2/hosts (Deprecated)

  • /v3/hosts

  • /v1/domains (Deprecated)

  • /v2/domains

  • /v1/clusters

1.6. Security

1.6.1. Overview

  • All APIs are secured and need a username and password for invocation

  • The username and password are sent using Basic Authentication scheme

  • To invoke the APIs, SDDC Manager "admin" and its password is required.

Tip
 For security reasons, you should periodically update the password for this account.

  • To use more secured APIs like Get the Credentials, Update or rotate passwords for a list of resources, Retry a failed credentials task for a given ID, dual authentication is required. A privileged user has to be created in management domain vCenter and associated to group "Sddc_Secured_Access". Along with "admin" account, Privileged user credentials has to be passed in request headers("privileged-username" and "privileged-password") of secured APIs in plain text. Please refer VMware Cloud Foundation Operations and Administration Guide for setting up privileged user.

  • Please note, using [email protected] user as privileged user is not allowed.

  • If you write a script that invokes the APIs, the script should either prompt the user to enter the password for the "admin" account or should accept the password as a command line option. TAs a best practice, you should not encode the password for the account in the script code itself.

  • Script should also accept privileged user credentials if the script is invoking any secured APIs defined above.

1.6.2. Changing the "admin" account password

You can follow the below steps to change the password for the "admin" account

  • SSH in to the SDDC Manager VM, login as "vcf" user.

  • Enter su to switch to the "root" user.

  • Enter the following command:

/opt/vmware/vcf/commonsvcs/scripts/auth/set-basicauth-password.sh admin <password>

  • For <password>, enter the new password to associate with the admin account.

Password requirements:

  • Length: 8-12 characters

  • Must include: mix of upper-case and lower-case letters a number a special character such as @ ! # $ % ^ or ?

  • Cannot include: * { } [ ] ( ) / \ ' " ` ~ , ; : . < >