VMware Tanzu Platform Console

VMware Tanzu Platform Console Authorization using API Token

VMware Tanzu Platform Console (TCSP) Provides a rich set of APIs for identity and access management.

Prerequisite

To complete this task, you need to have access to the TCSP console. In order to generate the TCSP authorization token, you need to first obtain the refresh token for your organization from the TCSP console. If you already have an API token, skip to Step 2

Step 1 - Generate an API Token

  1. Login to the CSP console at https://console.tanzu.broadcom.com/
  2. On the VMware Tanzu Platform Console toolbar, click your user name and select My Account > API Tokens.
  3. Click 'Generate a new API Token'
  4. In the 'Generate a New API Token' that opens, enter the following:
  • Token Name: A user-defined name for the new API Token.
  • Token TTL: The token validity duration (Time to Live), after which the token expires.
  • Define Scope: Define scopes for the token. Scopes provide a way to implement control over what areas in an organization your token can access - specifically which role in an organization, and what services and the level of permissions.
    If required, you can select All Roles and give your token access to all the organization and service roles.
  1. Click 'GENERATE'.
    The newly generated TCSP Refresh token displays in a pop-window.
  2. Save the token credentials to a safe place so you can retrieve them to use later on. You will use it later to generate an access token.
     

Note: For security reasons, after you generate the token, we only display the name of the token on the API Tokens page and not the token credentials.
This means that you will no longer be able to reuse the token by copying the credentials from this page - it is only displayed once.
If you don't copy the token credentials when they are displayed on the screen, you will have to Regenerate the Refresh Token.

Step 2 - Exchange your API Token for an Access Token

Use the following API to exchange the API Token you generated in Step 1 with an access token:

Get Access Token By API Refresh Token

For example, the access token can be obtained by issuing a POST like this:

curl -X POST "https://console.tanzu.broadcom.com/csp/gateway/am/api/auth/api-tokens/authorize" \
     -H "accept: application/json" \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "refresh_token={refresh-token}"

Step 3 - Fetch your Organization ID Using the access token

Get Organization Details

Some information about your Organization can be obtained by issuing a GET like this:

curl -s -X GET \
    -H "Content-Type: application/json" \
    -H "csp-auth-token: {csp-auth-token}" \
    https://console.tanzu.broadcom.com/csp/gateway/am/api/orgs/{orgId}

How to Automate Processes Interacting with TCSP APIs

You can use either API tokens or OAuth apps to automate processes that interact with the VMware Tanzu Platform Console (TCSP) APIs.

API tokens are used to authenticate when users make authorized API connections. API tokens are issued by users in an organization and are associated with the user’s account and the organization from which they generated the API token. An API token authorizes access per organization and incorporates the user account in the access token.

OAuth apps, on the other hand, perform authorization without a user account. Some TCSP APIs require a user account to be the authenticated entity while others do not.

When choosing between API tokens and OAuth apps to make an API call, the specific requirements of the module engaged in the interaction must be taken into account.