7.2
Table Of Contents
- Programming Guide
- Contents
- vRealize Automation Programming Guide
- Overview of the vRealize Automation REST API
- REST API Authentication
- REST API Use Cases
- Create a Tenant
- Syntax for Displaying Your Current Tenants
- Syntax for Requesting a New Tenant
- Syntax for Listing All Tenant Identity Stores
- Syntax for Linking an Identity Store to the Tenant
- Syntax for Searching LDAP or Active Directory for a User
- Syntax for Assigning a User to a Role
- Syntax for Displaying all Roles Assigned to a User
- Request a Machine
- Approve a Machine Request
- List Provisioned Resources
- Manage Provisioned Deployments
- Working with Reservations
- Create a Reservation
- Display a List of Supported Reservation Types
- Displaying a Schema Definition for a Reservation
- Get the Business Group ID for a Reservation
- Get a Compute Resource for the Reservation
- Getting a Resources Schema by Reservation Type
- Creating a Reservation By Type
- Verify a Reservation and Get Reservation Details
- Display a List of Reservations
- Update a Reservation
- Delete a Reservation
- Create a Reservation
- Working with Reservation Policies
- Working with Key Pairs
- Working with Network Profiles
- Get a List of Available IP Ranges for an IPAM Provider
- Import and Export Content
- Syntax for Listing Supported Content Types
- Syntax for Listing Available Content
- Syntax for Filtering Content by Content Type
- Syntax for Creating a Package for Export
- Syntax for Listing Packages in the Content Service
- Syntax for Exporting a Package
- Syntax for Validating a Content Bundle Before Importing
- Syntax for Importing a Package
- Understanding Blueprint Schema
- Manage XaaS Content with Import and Export
- Create a Tenant
- Related Tools and Documentation
- Filtering and Formatting REST API Information
- Index
REST API Authentication 2
In the REST API, vRealize Automation requires HTTP bearer tokens in request headers for authentication of
consumer requests. A consumer request applies to tasks that you can perform in the vRealize Automation
console, such as requesting a machine.
To acquire an HTTP bearer token, you authenticate with an identity service that manages the
communication with the SSO server. The identity service returns an HTTP bearer token that you include in
all request headers until the token expires, or you delete it. An HTTP bearer token expires in 24 hours by
default, but you can congure the token with a dierent duration.
Using HTTP Bearer Tokens
You use HTTP bearer tokens for tasks that you can also perform in the vRealize Automation console. You
create a request header with the curl command or with some other utility.
You use HTTP bearer tokens for tasks that you can also perform in the vRealize Automation console. You
create a request header with the curl command or with some other utility.
You use POST, HEAD, and DELETE methods to manage HTTP bearer tokens.
Method URL Description
POST /tokens Authenticate the user with the identity service /tokens and
generate a new token.
HEAD /tokens/tokenID Validate the token tokenID.
DELETE /tokens/tokenID Delete the token tokenID.
Use the following root URL for HTTP bearer calls:
https://$vra_server/identity/api/tokens
Configure the Duration of an HTTP Bearer Token
You set the duration of HTTP bearer tokens in the /etc/vcac/security.properties le on the
vRealize Automation appliance.
The eective duration or lifetime of an HTTP bearer token depends on the duration of its corresponding
SAML token, which the SSO server creates at request time. An HTTP bearer token expires when it reaches
the end of its congured duration, or at the end of the congured duration of the SAML token, whichever
comes rst. For example, if the congured duration is three days for the HTTP bearer token and two days
for the SAML token, the HTTP bearer token expires in two days. A conguration seing on the SSO server
determines the duration of SAML tokens.
VMware, Inc.
9