Users APIs

Users APIs

APIs for managing Users

Table of Contents

1. Add users

  • This API is used to add users.

1.1. Prerequisites

The following data is required

  • Name of the SSO or AD domain

  • Username

  • Type of the user. For types supported, refer to User

  • Role ID

1.2. Steps

  • Fetch the role ID for the role.

Tip : Refer to Get the Roles

  • Invoke the API to add a user.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '[ {
  "name" : "[email protected]",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "42a95230-a317-40d9-84a2-01fbcac58dd5"
  }
}, {
  "name" : "[email protected]",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "42a95230-a317-40d9-84a2-01fbcac58dd5"
  }
}, {
  "name" : "SERVICE_USER_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "42a95230-a317-40d9-84a2-01fbcac58dd5"
  }
} ]'

HTTP Request

POST /v1/users HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 437
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

[ {
  "name" : "[email protected]",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "42a95230-a317-40d9-84a2-01fbcac58dd5"
  }
}, {
  "name" : "[email protected]",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "42a95230-a317-40d9-84a2-01fbcac58dd5"
  }
}, {
  "name" : "SERVICE_USER_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "42a95230-a317-40d9-84a2-01fbcac58dd5"
  }
} ]

HTTP Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 884

{
  "elements" : [ {
    "id" : "52270300-da50-44ad-b062-00ca74eb6260",
    "name" : "[email protected]",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "42a95230-a317-40d9-84a2-01fbcac58dd5"
    },
    "creationTimestamp" : "2023-08-08T21:58:39.821Z"
  }, {
    "id" : "55a093c4-5f61-456e-b18b-e86d25e57c97",
    "name" : "[email protected]",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "42a95230-a317-40d9-84a2-01fbcac58dd5"
    },
    "creationTimestamp" : "2023-08-08T21:58:39.821Z"
  }, {
    "id" : "f98b1f34-1a34-4930-912d-2cd54c20f6e9",
    "name" : "SERVICE_USER_1",
    "domain" : "Nil",
    "type" : "SERVICE",
    "apiKey" : "LfurbLS1yhj4LiEMXNQPihgSPNgcheDn",
    "role" : {
      "id" : "42a95230-a317-40d9-84a2-01fbcac58dd5"
    },
    "creationTimestamp" : "2023-08-08T21:58:39.821Z"
  } ]
}

2. Add service users

  • This API is used to add service users.

2.1. Prerequisites

The following data is required

  • Username

  • Type of the user. The type would be SERVICE for service users. For types supported, refer to User.

  • Role ID

2.2. Steps

  • Fetch the role ID for the role.

Tip : Refer to Get the Roles

  • Invoke the API to create a service user.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '[ {
  "name" : "service_account_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "4101fad7-b5ee-4032-9e4d-5a4d36d63aae"
  }
} ]'

HTTP Request

POST /v1/users HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 128
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

[ {
  "name" : "service_account_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "4101fad7-b5ee-4032-9e4d-5a4d36d63aae"
  }
} ]

HTTP Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 337

{
  "elements" : [ {
    "id" : "7ed14082-f77d-412a-9e59-4e10972382a4",
    "name" : "service_account_1",
    "domain" : "Nil",
    "type" : "SERVICE",
    "apiKey" : "w75tifJPB8vYT41yQqJ09qRNqoMCIhpH",
    "role" : {
      "id" : "4101fad7-b5ee-4032-9e4d-5a4d36d63aae"
    },
    "creationTimestamp" : "2023-08-08T21:58:39.126Z"
  } ]
}
  • The response of the API contains the apiKey . With the apiKey, the service user can login and obtain access token.

Obtain access token for a service user

2.3. Prerequisites

The following data is required

  • API key

2.4. Steps

  • Invoke the API with the API key to generate an access token and refresh token.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -d '{
  "username" : "automationapp",
  "apiKey" : "6598S0SIQC04sGjEr0nIeDlZx18GYRoT"
}'

HTTP Request

POST /v1/tokens HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 83
Host: sfo-vcf01.rainpole.io

{
  "username" : "automationapp",
  "apiKey" : "6598S0SIQC04sGjEr0nIeDlZx18GYRoT"
}

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 683

{
  "accessToken" : "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxNTFlZWI5Yy1mNWNmLTQ3N2UtYTJhYS0yMzg4ZmFmYzMwNDAiLCJpYXQiOjE1ODIxMzgzMzQsInN1YiI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsImlzcyI6InZjZi1hdXRoIiwiYXVkIjoic2RkYy1zZXJ2aWNlcyIsIm5iZiI6MTU4MjEzODMzNCwiZXhwIjoxNTgyMTQxOTM0LCJ1c2VyIjoiYWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2FsIiwibmFtZSI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIkJBQ0tVUF9DT05GSUdfUkVBRCIsIkNSRURFTlRJQUxfUkVBRCIsIlVTRVJfV1JJVEUiLCJPVEhFUl9XUklURSIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJPVEhFUl9SRUFEIiwiVVNFUl9SRUFEIiwiQ1JFREVOVElBTF9XUklURSJdfQ.ylzrCyo4ymTKtSv1flmUrW-b8mxjRl7T2uV3a8sWWMA",
  "refreshToken" : {
    "id" : "3c6b3c30-3bf2-480b-9539-8483699ab911"
  }
}

3. Get the Users

  • This API is used to get all the users listed in the system.

  • This also gives other details associated with the user like domain, type of user and the role id.

3.1. Steps

  • Invoke the API to fetch all users.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/users HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 884

{
  "elements" : [ {
    "id" : "52270300-da50-44ad-b062-00ca74eb6260",
    "name" : "[email protected]",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "42a95230-a317-40d9-84a2-01fbcac58dd5"
    },
    "creationTimestamp" : "2023-08-08T21:58:39.821Z"
  }, {
    "id" : "55a093c4-5f61-456e-b18b-e86d25e57c97",
    "name" : "[email protected]",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "42a95230-a317-40d9-84a2-01fbcac58dd5"
    },
    "creationTimestamp" : "2023-08-08T21:58:39.821Z"
  }, {
    "id" : "f98b1f34-1a34-4930-912d-2cd54c20f6e9",
    "name" : "SERVICE_USER_1",
    "domain" : "Nil",
    "type" : "SERVICE",
    "apiKey" : "LfurbLS1yhj4LiEMXNQPihgSPNgcheDn",
    "role" : {
      "id" : "42a95230-a317-40d9-84a2-01fbcac58dd5"
    },
    "creationTimestamp" : "2023-08-08T21:58:39.821Z"
  } ]
}

4. Delete a User

  • This API is used to delete a user.

4.1. Prerequisites

The following data is required

  • User ID

4.2. Steps

  • Invoke the API with the "user ID" to be deleted.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users/52270300-da50-44ad-b062-00ca74eb6260' -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

DELETE /v1/users/52270300-da50-44ad-b062-00ca74eb6260 HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 204 No Content

5. Get the Roles

  • This API is used to fetch all the roles supported by VCF.

  • Currently there are three roles that are supported - ADMIN, OPERATOR and VIEWER.

5.1. Prerequisites

None

5.2. Steps

  • Invoke the API to fetch the roles and role IDs

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/roles' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/roles HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 361

{
  "elements" : [ {
    "id" : "fae55eb3-06b0-46d1-bb06-c75c40dbe5c0",
    "name" : "ADMIN",
    "description" : "Administrator"
  }, {
    "id" : "1a8b2ec8-8474-4c56-ad5e-3f38fec11860",
    "name" : "OPERATOR",
    "description" : "Operator"
  }, {
    "id" : "683d4d3c-0368-4dcb-98a4-9034474cb887",
    "name" : "VIEWER",
    "description" : "Viewer"
  } ]
}

6. Get SSO Domain

  • This API is used to fetch the SSO domains known to the system.

6.1. Prerequisites

None

6.2. Steps

  • Invoke the API by specifying the "SSO domain name".

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/sso-domains' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/sso-domains HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 38

{
  "elements" : [ "vsphere.local" ]
}

7. Get SSO Domain entities

  • This API is used to fetch all domain entities in a particular domain known to the system.

  • This includes users and subdomains.

7.1. Prerequisites

The following data is required

  • SSO Domain name

7.2. Steps

  • Invoke the API by specifying the "SSO domain name".

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/sso-domains/vsphere.local/entities' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/sso-domains/vsphere.local/entities HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 786

{
  "elements" : [ {
    "id" : "[email protected]",
    "name" : "USER_1",
    "type" : "USER"
  }, {
    "id" : "[email protected]",
    "name" : "USER_2",
    "type" : "USER"
  }, {
    "id" : "[email protected]",
    "name" : "USER_3",
    "type" : "USER"
  }, {
    "id" : "[email protected]",
    "name" : "USER_4",
    "type" : "USER"
  }, {
    "id" : "ä[email protected]",
    "name" : "äUSER_5",
    "type" : "USER"
  }, {
    "id" : "vsphere.local\\\\group_1",
    "name" : "",
    "type" : "GROUP"
  }, {
    "id" : "vsphere.local\\\\group_2",
    "name" : "",
    "type" : "GROUP"
  }, {
    "id" : "vsphere.local\\\\group_3",
    "name" : "",
    "type" : "GROUP"
  }, {
    "id" : "vsphere.local\\\\group_4",
    "name" : "",
    "type" : "GROUP"
  } ]
}

8. Get local account details

  • This API is used to check whether or not the local account is configured.

8.1. Prerequisites

None

8.2. Steps

  • Invoke the API to check whether or not the local account is configured.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users/local/admin' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/users/local/admin HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 141

{
  "isConfigured" : false,
  "name" : "admin@local",
  "type" : "USER",
  "role" : {
    "id" : "f1895fd1-eb5a-4285-b7dd-b1b01a10cbfc"
  }
}

9. Update password for local account

  • This API is used to update the local account password or to configure local account if it wasn't configured during the bringup

9.1. Prerequisites

  • The following data is required

    • Old Password

    • New Password

Note : Provide only "newPassword" if you are configuring the local account for the first time.

  • New password must be in compliance with these password policies.

    Password requirements:

    • Length: 12-127 characters

    • Allowed special characters: ! % @ $ ^ # ? *

    • At least 1 small letter, capital letter, number and special character should be present

    • At least 2 alphabetic characters should be present

    • A character cannot be repeated more than 3 times consecutively

9.2. Steps

  • Invoke the API to update the local account password or to configure local account.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users/local/admin' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "oldPassword" : "XXXXXXX",
  "newPassword" : "YYYYYYY"
}'

HTTP Request

PATCH /v1/users/local/admin HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 60
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "oldPassword" : "XXXXXXX",
  "newPassword" : "YYYYYYY"
}

HTTP Response

HTTP/1.1 204 No Content

Last updated 2023-09-23 19:05:04 -0700

Operations
POST
Add Users
Assign access to users in SDDC Manager
GET
Get Local Account
Get local account details
GET
Get Roles
Retrieve a list of roles from SDDC Manager
GET
Get SSO Domain Entities
Retrieve a list of users and groups from a domain in vCenter Single Sign-On
GET
Get SSO Domains
Retrieive a list of domains from vCenter Single Sign-On
GET
Get Ui Users
Retrieve a list of users assigned access via SDDC Manager
GET
Get Users
Retrieve a list of users from SDDC Manager
DELETE
Remove User
Remove access for a user in SDDC Manager
PATCH
Update Local User Password
Update password for local account