Tokens APIs
APIs for managing Access and Refresh Token
1. Create a token pair
SDDC Manager APIs are secured using token-based authentication.
As a first step before invocation of any API, an access token has to be obtained.
Invoking the Token API returns a token pair - access token and refresh token.
To invoke an API, the access token has to be passed in the Authorization header as a Bearer token.
1.1. Prerequisites
The following data is required :-
VCF Credentials
User created in SSO or AD domain and associated as an ADMIN or OPERATOR or VIEWER role in VCF
Username
Password
Note : For the sake of brevity, the Bearer tokens have been abbreviated in the code snippets throughout this document.
Note : To create a token pair with "apiKey ", refer Obtain access token for a service user section.
1.2. Steps
- Invoke the API with the right credentials.
cURL Request
$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens' -i -X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"username" : "administrator@vsphere.local",
"password" : "XXXXXXX"
}'
HTTP Request
POST /v1/tokens HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 74
Host: sfo-vcf01.rainpole.io
{
"username" : "administrator@vsphere.local",
"password" : "XXXXXXX"
}
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 683
{
"accessToken" : "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxNTFlZWI5Yy1mNWNmLTQ3N2UtYTJhYS0yMzg4ZmFmYzMwNDAiLCJpYXQiOjE1ODIxMzgzMzQsInN1YiI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsImlzcyI6InZjZi1hdXRoIiwiYXVkIjoic2RkYy1zZXJ2aWNlcyIsIm5iZiI6MTU4MjEzODMzNCwiZXhwIjoxNTgyMTQxOTM0LCJ1c2VyIjoiYWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2FsIiwibmFtZSI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIkJBQ0tVUF9DT05GSUdfUkVBRCIsIkNSRURFTlRJQUxfUkVBRCIsIlVTRVJfV1JJVEUiLCJPVEhFUl9XUklURSIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJPVEhFUl9SRUFEIiwiVVNFUl9SRUFEIiwiQ1JFREVOVElBTF9XUklURSJdfQ.ylzrCyo4ymTKtSv1flmUrW-b8mxjRl7T2uV3a8sWWMA",
"refreshToken" : {
"id" : "3c6b3c30-3bf2-480b-9539-8483699ab911"
}
}
2. Refresh an access token
Refresh token is a special type of token used to renew an access token when the access token expires.
A refresh token can be used any number of times to obtain an access token until it has not expired or been revoked.
2.1. Prerequisites
The following data is required
- Refresh token is obtained when token pair is generated
2.2. Steps
- Invoke the API by passing the refresh token.
cURL Request
$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens/access-token/refresh' -i -X PATCH \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '"eb8d1a03-6644-4a76-b018-2c7b02c2a526"'
HTTP Request
PATCH /v1/tokens/access-token/refresh HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 38
Host: sfo-vcf01.rainpole.io
"eb8d1a03-6644-4a76-b018-2c7b02c2a526"
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 583
eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxNTFlZWI5Yy1mNWNmLTQ3N2UtYTJhYS0yMzg4ZmFmYzMwNDAiLCJpYXQiOjE1ODIxMzgzMzQsInN1YiI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsImlzcyI6InZjZi1hdXRoIiwiYXVkIjoic2RkYy1zZXJ2aWNlcyIsIm5iZiI6MTU4MjEzODMzNCwiZXhwIjoxNTgyMTQxOTM0LCJ1c2VyIjoiYWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2FsIiwibmFtZSI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIkJBQ0tVUF9DT05GSUdfUkVBRCIsIkNSRURFTlRJQUxfUkVBRCIsIlVTRVJfV1JJVEUiLCJPVEhFUl9XUklURSIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJPVEhFUl9SRUFEIiwiVVNFUl9SRUFEIiwiQ1JFREVOVElBTF9XUklURSJdfQ.ylzrCyo4ymTKtSv1flmUrW-b8mxjRl7T2uV3a8sWWMA
3. Revoke a refresh token
As refresh tokens are generally issued with validity for longer durations, there is a possibility that they maybe compromised.
Revoking a refresh token means that an already issued refresh token cannot be used again to refresh an access token.
3.1. Prerequisites
The following data is required
- Refresh token
3.2. Steps
- Invoke the API by passing the refresh token which is to be revoked.
cURL Request
$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens/refresh-token' -i -X DELETE \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '"eb8d1a03-6644-4a76-b018-2c7b02c2a526"'
HTTP Request
DELETE /v1/tokens/refresh-token HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 38
Host: sfo-vcf01.rainpole.io
"eb8d1a03-6644-4a76-b018-2c7b02c2a526"
HTTP Response
HTTP/1.1 204 No Content
Last updated 2022-01-24 06:18:36 PST