5.5.1
Table Of Contents
- Developing a Web Services Client for VMware vCenter Orchestrator
- Contents
- Developing Web Services Client for VMware vCenter Orchestrator
- Developing a Web Services Client
- Using the vCenter Orchestrator REST API
- Authenticating Against Orchestrator and Third-Party Systems
- Accessing the Reference Documentation for the Orchestrator REST API
- Using the Java REST SDK
- Operations with Workflows
- Working with Tasks
- Finding Objects in the Orchestrator Inventory
- Importing and Exporting Orchestrator Objects
- Deleting Orchestrator Objects
- Setting Permissions on Orchestrator Objects
- REST API Permissions
- Retrieve the Permissions of a Workflow
- Delete the Permissions of a Workflow
- Set the Permissions for a Workflow
- Retrieve the Permissions of an Action
- Delete the Permissions of an Action
- Set the Permissions for an Action
- Retrieve the Permissions of a Package
- Delete the Permissions of a Package
- Set the Permissions for a Package
- Retrieve the Permissions of a Resource
- Delete the Permissions of a Resource
- Set the Permissions for a Resource
- Retrieve the Permissions of a Configuration Element
- Delete the Permissions of a Configuration Element
- Set the Permissions for a Configuration Element
- Performing Operations with Plug-Ins
- Performing Server Configuration Operations
- Performing Tagging Operations
- Writing a Client Application for the Orchestrator SOAP Service
- Process for Creating an Orchestrator Web Service Client Application
- Web Service Endpoint
- Generating the Orchestrator Web Service Stubs
- Accessing the Server from Web Service Clients
- Create a Web Service Client
- Connect to the Orchestrator Web Service
- Find Objects in the Orchestrator Server
- Find Objects by Using the find Operation
- Find Objects by Using the findForId Operation
- Find Objects by Using the findRelation Operation
- Find Workflows in the Orchestrator Server
- Find Workflows by Using the getAllWorkflows Operation
- Retrieve the ID of a Workflow
- Find Workflows by Using the getWorkflowsWithName Operation
- Find Workflows by Using the getWorkflowForID Operation
- Run Workflows from a Web Service Client
- Interact with a Workflow While it Runs
- Obtain Workflow Results
- Time Zones and Running Workflows Through Web Services
- Web Service Application Examples
- Web Service API Object Reference
- Web Service API Operation Reference
- answerWorkflowInput Operation
- cancelWorkflow Operation
- echo Operation
- echoWorkflow Operation
- executeWorkflow Operation
- find Operation
- findForId Operation
- findRelation Operation
- getAllPlugins Operation
- getAllWorkflows Operation
- getWorkflowForId Operation
- getWorkflowInputForId Operation
- getWorkflowInputForWorkflowTokenId Operation
- getWorkflowsWithName Operation
- getWorkflowTokenBusinessState Operation
- getWorkflowTokenForId Operation
- getWorkflowTokenResult Operation
- getWorkflowTokenStatus Operation
- hasChildrenInRelation Operation
- hasRights Operation
- sendCustomEvent Operation
- simpleExecuteWorkflow Operation
- Index
Authenticating Against Orchestrator and Third-Party Systems
You must authenticate against Orchestrator in the HTTP requests that you make through the Orchestrator
REST API. If you use the Orchestrator REST API to access resources on a third-party system, such as
vCenter Server, you must authenticate against that system as well.
For example, to access all workflows in the Orchestrator inventory, you must authenticate against
Orchestrator. However, to run a workflow in vCenter Server, you must authenticate against Orchestrator
and vCenter Server.
Depending on whether you configure Orchestrator with LDAP or with vCenter Single Sign-On, the
authentication scheme for the Orchestrator REST API is different. If Orchestrator uses LDAP, you must
authenticate by using valid credentials. If Orchestrator uses vCenter Single Sign-On, you must authenticate
by using a holder-of-key token issued by the vCenter Single Sign-On Server.
If you make HTTP requests at the top-level URL of the Orchestrator REST API, you do not need to
authenticate against Orchestrator. The top level URL of the Orchestrator REST API is
https://vcoHost:port/vco/api/.
NOTE The default port number is 8281.
A GET request at the top level URL of the REST API returns URLs to all resources that are accessible through
the API. To make HTTP requests at these URLs, you must authenticate against Orchestrator or the third-
party system where the resources are located.
Using vCenter Single Sign-On Authentication with the Orchestrator REST API
If Orchestrator is configured with the vCenter Single Sign-On Server, you need a principal holder-of-key
token to access system objects in Orchestrator through the vCO REST API. To access vCenter Server or
third-party systems that use the vCenter Single Sign-On Server through the Orchestrator server, you need a
delegate holder-of-key token for Orchestrator and your principal token.
Accessing System Objects in Orchestrator
You can access system objects in Orchestrator at the URLs of the Inventory and the Catalog services of the
REST API.
n
https://vcoHost:port/vco/api/inventory/System/
n
https://vcoHost:port/vco/api/catalog/System/
When you access system objects in Orchestrator, you pass your principal holder-of-key token in the
Authorization header of HTTP requests that you make to the Inventory or the Catalog service.
For example, to retrieve all system objects of type Workflow, you make a GET request at
https://vcoHost:port/vco/api/catalog/System/Workflow/. To authenticate against Orchestrator, you need to
pass your principal holder-of-key token in the Authorization header of the request.
Accessing Objects in Third-Party Systems
To perform operations in third-party systems that are registered with the vCenter Single Sign-On Server
through the Orchestrator REST API, you must authenticate against Orchestrator and the third-party system.
You include two headers in the HTTP calls that you make through the Orchestrator REST API.
n
Authorization. You must pass your principal holder-of-key token in this header.
n
VCOAuthorization. You must pass a delegate holder-of-key token for Orchestrator in this header. You
must acquire the delegate token for Orchestrator from the vCenter Single Sign-On Server. Orchestrator
uses the delegate token to authenticate against the third-party system on your behalf.
Developing a Web Services Client for VMware vCenter Orchestrator
12 VMware, Inc.