Manualshelf

API Guide

ManualsBrandsDell ManualsAnalyticsOpenManage Integration for VMware vCenter Version 5.2
12345678910
Security
The authentication and authorization flows are prerequisites to any API invocation. The request is forwarded to the CXF server
defined for the REST API after the invocation.
If there is authorization and authentication failure, an appropriate error code with message is sent to the API client.
On success, the request is forwarded to the appropriate REST service endpoint (API) defined on the CXF servlet.
Topics:
OMIVV authentication
Bearer Token
Rate limit
vCenter authorization
OMIVV authentication
OMIVV web server handles incoming web requests and routes them to the REST endpoints.
Authentication server performs the following:
Accepts login requests and provide the bearer token. This token is generated using the JWT scheme that includes a
header, body, and footer.
Accepts log out requests which closes the session
API server: Service all defined REST endpoints except endpoints that are related to authentication.
API clients establish a session with the API server using the endpoint: /Services/AuthenticationService/login.
OMIVV user credentials are required to authenticate a client of the RESTful API. Only the admin user is allowed to successfully
log in as an API user. Other users (fo example, the read-only user) are not allowed to use the API.
Bearer Token
Each session that is created using an authentication service contains a bearer token that is generated using the JWT scheme.
Expiration period for bearer token is 60 minutes. If you are using the token after 60 minutes, an appropriate error code with
message is sent to the API client.
The account lockout duration is one minute. If an account lockout happens after creating the Bearer token, bearer token can not
be used during lockout duration (one minute). After an account lockout duration, same Bearer token can be used until it expires.
Rate limit
At a given time, only three unique client IPs can be active and can create total ten sessions. From an active session, you can
send only 100 API requests in one minute (which excludes logoff API call).
If there are more than ten sessions, an appropriate error code with message is sent to the API Client.
The total number of failure login attempts that is allowed is six (count includes failed login attempts in administration console or
REST API or use of invalid token for REST API access). After six failed login attempts, the account gets locked.
The account lockout duration is one minute.
You cannot start a new session when the account is locked. But, current active session remains active.
During the lockout period, any REST API call will not work except logoff API. An appropriate error message is displayed.
2
Security 7