Tokens APIs

APIs for managing Access and Refresh Token

Table of Contents

• Create a token pair

• Refresh an access token

• Revoke a refresh token

1. Create a token pair

• SDDC Manager APIs are secured using token-based authentication.

• As a first step before invocation of any API, an access token has to be obtained.

• Invoking the Token API returns a token pair - access token and refresh token.

• To invoke an API, the access token has to be passed in the Authorization header as a Bearer token.

1.1. Prerequisites

The following data is required :-

• VCF Credentials

  • User created in SSO or AD domain and associated as an ADMIN or OPERATOR or VIEWER role in VCF

  • Username

  • Password

Note : For the sake of brevity, the Bearer tokens have been abbreviated in the code snippets throughout this document.

Note : To create a token pair with "apiKey ", refer Obtain access token for a service user section.

1.2. Steps

• Invoke the API with the right credentials.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -d '{
  "username" : "[email protected]",
  "password" : "XXXXXXX"
}'

HTTP Request

POST /v1/tokens HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 74
Host: sfo-vcf01.rainpole.io

{
  "username" : "[email protected]",
  "password" : "XXXXXXX"
}

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 683

{
  "accessToken" : "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxNTFlZWI5Yy1mNWNmLTQ3N2UtYTJhYS0yMzg4ZmFmYzMwNDAiLCJpYXQiOjE1ODIxMzgzMzQsInN1YiI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsImlzcyI6InZjZi1hdXRoIiwiYXVkIjoic2RkYy1zZXJ2aWNlcyIsIm5iZiI6MTU4MjEzODMzNCwiZXhwIjoxNTgyMTQxOTM0LCJ1c2VyIjoiYWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2FsIiwibmFtZSI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIkJBQ0tVUF9DT05GSUdfUkVBRCIsIkNSRURFTlRJQUxfUkVBRCIsIlVTRVJfV1JJVEUiLCJPVEhFUl9XUklURSIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJPVEhFUl9SRUFEIiwiVVNFUl9SRUFEIiwiQ1JFREVOVElBTF9XUklURSJdfQ.ylzrCyo4ymTKtSv1flmUrW-b8mxjRl7T2uV3a8sWWMA",
  "refreshToken" : {
    "id" : "3c6b3c30-3bf2-480b-9539-8483699ab911"
  }
}

2. Refresh an access token

• Refresh token is a special type of token used to renew an access token when the access token expires.

• A refresh token can be used any number of times to obtain an access token until it has not expired or been revoked.

2.1. Prerequisites

The following data is required

• Refresh token is obtained when token pair is generated

2.2. Steps

• Invoke the API by passing the refresh token.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens/access-token/refresh' -i -X PATCH \
    -H 'Content-Type: text/plain' \
    -H 'Accept: application/json' \
    -d '"eb8d1a03-6644-4a76-b018-2c7b02c2a526"'

HTTP Request

PATCH /v1/tokens/access-token/refresh HTTP/1.1
Content-Type: text/plain
Accept: application/json
Content-Length: 38
Host: sfo-vcf01.rainpole.io

"eb8d1a03-6644-4a76-b018-2c7b02c2a526"

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 583

eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxNTFlZWI5Yy1mNWNmLTQ3N2UtYTJhYS0yMzg4ZmFmYzMwNDAiLCJpYXQiOjE1ODIxMzgzMzQsInN1YiI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsImlzcyI6InZjZi1hdXRoIiwiYXVkIjoic2RkYy1zZXJ2aWNlcyIsIm5iZiI6MTU4MjEzODMzNCwiZXhwIjoxNTgyMTQxOTM0LCJ1c2VyIjoiYWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2FsIiwibmFtZSI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIkJBQ0tVUF9DT05GSUdfUkVBRCIsIkNSRURFTlRJQUxfUkVBRCIsIlVTRVJfV1JJVEUiLCJPVEhFUl9XUklURSIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJPVEhFUl9SRUFEIiwiVVNFUl9SRUFEIiwiQ1JFREVOVElBTF9XUklURSJdfQ.ylzrCyo4ymTKtSv1flmUrW-b8mxjRl7T2uV3a8sWWMA

3. Revoke a refresh token

• As refresh tokens are generally issued with validity for longer durations, there is a possibility that they maybe compromised.

• Revoking a refresh token means that an already issued refresh token cannot be used again to refresh an access token.

3.1. Prerequisites

The following data is required

• Refresh token

3.2. Steps

• Invoke the API by passing the refresh token which is to be revoked.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens/refresh-token' -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -d '"eb8d1a03-6644-4a76-b018-2c7b02c2a526"'

HTTP Request

DELETE /v1/tokens/refresh-token HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 38
Host: sfo-vcf01.rainpole.io

"eb8d1a03-6644-4a76-b018-2c7b02c2a526"

HTTP Response

HTTP/1.1 204 No Content

Last updated 2023-05-21 23:30:49 PDT

Operations

POST

Create Token

Create Token Pair

DELETE

Invalidate Refresh Token

Invalidate Refresh Token

PATCH

Refresh Access Token

Refresh Access Token