Users APIs

APIs for managing Users

1. Add users

• This API is used to add users.

1.1. Prerequisites

The following data is required

• Name of the SSO or AD domain

• Username

• Type of the user. For types supported, refer to User

• Role ID

1.2. Steps

• Fetch the role ID for the role.

Tip : Refer to Get the Roles

• Invoke the API to add a user.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '[ {
  "name" : "[email protected]",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
  }
}, {
  "name" : "[email protected]",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
  }
}, {
  "name" : "SERVICE_USER_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
  }
} ]'

HTTP Request

POST /v1/users HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 437
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

[ {
  "name" : "[email protected]",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
  }
}, {
  "name" : "[email protected]",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
  }
}, {
  "name" : "SERVICE_USER_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
  }
} ]

HTTP Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 884

{
  "elements" : [ {
    "id" : "fc361730-c4da-469a-a90c-ec8c6abb2656",
    "name" : "[email protected]",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
    },
    "creationTimestamp" : "2022-01-24T12:34:52.287Z"
  }, {
    "id" : "e548d5a6-d5c4-4875-a135-c61ce60ad63c",
    "name" : "[email protected]",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
    },
    "creationTimestamp" : "2022-01-24T12:34:52.287Z"
  }, {
    "id" : "5eea66dc-46a5-4469-b1fa-39db95bb3396",
    "name" : "SERVICE_USER_1",
    "domain" : "Nil",
    "type" : "SERVICE",
    "apiKey" : "NkqMAdgyHzqHflQL2ktMwDis9p37MBpj",
    "role" : {
      "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
    },
    "creationTimestamp" : "2022-01-24T12:34:52.287Z"
  } ]
}

2. Add service users

• This API is used to add service users.

2.1. Prerequisites

The following data is required

• Username

• Type of the user. The type would be SERVICE for service users. For types supported, refer to User.

• Role ID

2.2. Steps

• Fetch the role ID for the role.

Tip : Refer to Get the Roles

• Invoke the API to create a service user.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '[ {
  "name" : "service_account_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "a013b5af-25b7-4180-8976-427381a0c542"
  }
} ]'

HTTP Request

POST /v1/users HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 128
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

[ {
  "name" : "service_account_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "a013b5af-25b7-4180-8976-427381a0c542"
  }
} ]

HTTP Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 337

{
  "elements" : [ {
    "id" : "774f23b6-5a68-4520-88e5-746c4e7956b5",
    "name" : "service_account_1",
    "domain" : "Nil",
    "type" : "SERVICE",
    "apiKey" : "VMPHIO8ABt3qD2k94SLdH8cXbM3Bc9kw",
    "role" : {
      "id" : "a013b5af-25b7-4180-8976-427381a0c542"
    },
    "creationTimestamp" : "2022-01-24T12:34:51.620Z"
  } ]
}

• The response of the API contains the apiKey . With the apiKey, the service user can login and obtain access token.

Obtain access token for a service user

2.3. Prerequisites

The following data is required

• API key

2.4. Steps

• Invoke the API with the API key to generate an access token and refresh token.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -d '{
  "username" : "automationapp",
  "apiKey" : "6598S0SIQC04sGjEr0nIeDlZx18GYRoT"
}'

HTTP Request

POST /v1/tokens HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 83
Host: sfo-vcf01.rainpole.io

{
  "username" : "automationapp",
  "apiKey" : "6598S0SIQC04sGjEr0nIeDlZx18GYRoT"
}

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 683

{
  "accessToken" : "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxNTFlZWI5Yy1mNWNmLTQ3N2UtYTJhYS0yMzg4ZmFmYzMwNDAiLCJpYXQiOjE1ODIxMzgzMzQsInN1YiI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsImlzcyI6InZjZi1hdXRoIiwiYXVkIjoic2RkYy1zZXJ2aWNlcyIsIm5iZiI6MTU4MjEzODMzNCwiZXhwIjoxNTgyMTQxOTM0LCJ1c2VyIjoiYWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2FsIiwibmFtZSI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIkJBQ0tVUF9DT05GSUdfUkVBRCIsIkNSRURFTlRJQUxfUkVBRCIsIlVTRVJfV1JJVEUiLCJPVEhFUl9XUklURSIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJPVEhFUl9SRUFEIiwiVVNFUl9SRUFEIiwiQ1JFREVOVElBTF9XUklURSJdfQ.ylzrCyo4ymTKtSv1flmUrW-b8mxjRl7T2uV3a8sWWMA",
  "refreshToken" : {
    "id" : "3c6b3c30-3bf2-480b-9539-8483699ab911"
  }
}

3. Get the Users

• This API is used to get all the users listed in the system.

• This also gives other details associated with the user like domain, type of user and the role id.

3.1. Steps

• Invoke the API to fetch all users.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/users HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 884

{
  "elements" : [ {
    "id" : "fc361730-c4da-469a-a90c-ec8c6abb2656",
    "name" : "[email protected]",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
    },
    "creationTimestamp" : "2022-01-24T12:34:52.287Z"
  }, {
    "id" : "e548d5a6-d5c4-4875-a135-c61ce60ad63c",
    "name" : "[email protected]",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
    },
    "creationTimestamp" : "2022-01-24T12:34:52.287Z"
  }, {
    "id" : "5eea66dc-46a5-4469-b1fa-39db95bb3396",
    "name" : "SERVICE_USER_1",
    "domain" : "Nil",
    "type" : "SERVICE",
    "apiKey" : "NkqMAdgyHzqHflQL2ktMwDis9p37MBpj",
    "role" : {
      "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
    },
    "creationTimestamp" : "2022-01-24T12:34:52.287Z"
  } ]
}

4. Delete a User

• This API is used to delete a user.

4.1. Prerequisites

The following data is required

• User ID

4.2. Steps

• Invoke the API with the "user ID" to be deleted.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users/fc361730-c4da-469a-a90c-ec8c6abb2656' -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

DELETE /v1/users/fc361730-c4da-469a-a90c-ec8c6abb2656 HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 204 No Content

5. Get the Roles

• This API is used to fetch all the roles supported by VCF.

• Currently there are three roles that are supported - ADMIN, OPERATOR and VIEWER.

5.1. Prerequisites

None

5.2. Steps

• Invoke the API to fetch the roles and role IDs

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/roles' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/roles HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 361

{
  "elements" : [ {
    "id" : "802d6fa4-5a1d-419b-84cd-dcf16628802b",
    "name" : "ADMIN",
    "description" : "Administrator"
  }, {
    "id" : "b184058c-3141-4531-a2da-194b2f237c55",
    "name" : "OPERATOR",
    "description" : "Operator"
  }, {
    "id" : "98c1fd6f-1e48-45ef-9d3f-43604673128c",
    "name" : "VIEWER",
    "description" : "Viewer"
  } ]
}

6. Get SSO Domain

• This API is used to fetch the SSO domains known to the system.

6.1. Prerequisites

None

6.2. Steps

• Invoke the API by specifying the "SSO domain name".

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/sso-domains' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/sso-domains HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 38

{
  "elements" : [ "vsphere.local" ]
}

7. Get SSO Domain entities

• This API is used to fetch all domain entities in a particular domain known to the system.

• This includes users and subdomains.

7.1. Prerequisites

The following data is required

• SSO Domain name

7.2. Steps

• Invoke the API by specifying the "SSO domain name".

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/sso-domains/vsphere.local/entities' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/sso-domains/vsphere.local/entities HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 786

{
  "elements" : [ {
    "id" : "[email protected]",
    "name" : "USER_1",
    "type" : "USER"
  }, {
    "id" : "[email protected]",
    "name" : "USER_2",
    "type" : "USER"
  }, {
    "id" : "[email protected]",
    "name" : "USER_3",
    "type" : "USER"
  }, {
    "id" : "[email protected]",
    "name" : "USER_4",
    "type" : "USER"
  }, {
    "id" : "ä[email protected]",
    "name" : "äUSER_5",
    "type" : "USER"
  }, {
    "id" : "vsphere.local\\\\group_1",
    "name" : "",
    "type" : "GROUP"
  }, {
    "id" : "vsphere.local\\\\group_2",
    "name" : "",
    "type" : "GROUP"
  }, {
    "id" : "vsphere.local\\\\group_3",
    "name" : "",
    "type" : "GROUP"
  }, {
    "id" : "vsphere.local\\\\group_4",
    "name" : "",
    "type" : "GROUP"
  } ]
}

8. Get local account details

• This API is used to check whether or not the local account is configured.

8.1. Prerequisites

None

8.2. Steps

• Invoke the API to check whether or not the local account is configured.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users/local/admin' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/users/local/admin HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 141

{
  "isConfigured" : false,
  "name" : "admin@local",
  "type" : "USER",
  "role" : {
    "id" : "9e81d1c2-f688-4c34-890c-5bdff737358d"
  }
}

9. Update password for local account

• This API is used to update the local account password or to configure local account if it wasn't configured during the bringup

9.1. Prerequisites

• The following data is required

  • Old Password

  • New Password

Note : Provide only "newPassword" if you are configuring the local account for the first time.

• New password must be in compliance with these password policies.

  Password requirements:

  • Length: 12-127 characters

  • Allowed special characters: ! % @ $ ^ # ? *

  • At least 1 small letter, capital letter, number and special character should be present

  • At least 2 alphabetic characters should be present

  • A character cannot be repeated more than 3 times consecutively

9.2. Steps

• Invoke the API to update the local account password or to configure local account.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users/local/admin' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "oldPassword" : "XXXXXXX",
  "newPassword" : "YYYYYYY"
}'

HTTP Request

PATCH /v1/users/local/admin HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 60
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "oldPassword" : "XXXXXXX",
  "newPassword" : "YYYYYYY"
}

HTTP Response

HTTP/1.1 204 No Content

Last updated 2022-01-24 06:18:36 PST

Operations

POST

Add Users

Add users

DELETE

Delete User

Delete a user

GET

Get All Ui Users Using GET

getAllUiUsers

GET

Get Local Account

Get local account details

GET

Get Roles

Get all roles

GET

Get SSO Domain Entities

Get all entities of SSO domain

GET

Get SSO Domains

Get all SSO domains

GET

Get Users

Get all Users

PATCH

Update Local User Password

Update password for local account