7.1
Table Of Contents
- Developing a Web Services Client for VMware vRealize Orchestrator
- Contents
- Developing a Web Services Client for VMware vRealize Orchestrator
- Updated Information
- Developing a Web Services Client
- Using the vRealize Orchestrator REST API
- Authenticating Against Orchestrator and Third-Party Systems
- Accessing the Reference Documentation for the Orchestrator REST API
- Using the Java REST SDK
- Operations with Workflows
- Working with Tasks
- Finding Objects in the Orchestrator Inventory
- Importing and Exporting Orchestrator Objects
- Deleting Orchestrator Objects
- Setting Permissions on Orchestrator Objects
- REST API Permissions
- Retrieve the Permissions of a Workflow
- Delete the Permissions of a Workflow
- Set the Permissions for a Workflow
- Retrieve the Permissions of an Action
- Delete the Permissions of an Action
- Set the Permissions for an Action
- Retrieve the Permissions of a Package
- Delete the Permissions of a Package
- Set the Permissions for a Package
- Retrieve the Permissions of a Resource
- Delete the Permissions of a Resource
- Set the Permissions for a Resource
- Retrieve the Permissions of a Configuration Element
- Delete the Permissions of a Configuration Element
- Set the Permissions for a Configuration Element
- Performing Operations with Plug-Ins
- Performing Server Configuration Operations
- Performing Tagging Operations
- Index
Authenticating Against Orchestrator and Third-Party Systems
You must authenticate against Orchestrator in the HTTP requests that you make through the Orchestrator
REST API. If you use the Orchestrator REST API to access resources on a third-party system, such as
vCenter Server, you must authenticate against that system as well.
For example, to access all workows in the Orchestrator inventory, you must authenticate against
Orchestrator. However, to run a workow against vCenter Server, you must authenticate against
Orchestrator and vCenter Server.
Depending on whether you congure Orchestrator with LDAP or with vCenter Single Sign-On, the
authentication scheme for the Orchestrator REST API is dierent. If Orchestrator uses LDAP, you must
authenticate by using valid credentials. If Orchestrator uses vCenter Single Sign-On, depending on your
conguration, you can authenticate by using basic authentication or by using a holder-of-key token issued
by the vCenter Single Sign-On server.
Note LDAP authentication is deprecated and will not be supported in future versions.
If you make HTTP requests at the top-level URL of the Orchestrator REST API, you do not need to
authenticate against Orchestrator. The top level URL of the Orchestrator REST API is
hps://orchestrator_host:port/vco/api/.
Note The default port number is 8281.
A GET request at the top level URL of the REST API returns URLs to all resources that are accessible through
the API. To make HTTP requests at these URLs, you must authenticate against Orchestrator.
Using vCenter Single Sign-On Authentication with the Orchestrator REST API
If Orchestrator is congured with the vCenter Single Sign-On Server and basic authentication is disabled,
you need a principal holder-of-key token to access system objects in Orchestrator through the Orchestrator
REST API. To access vCenter Server or third-party systems that use the vCenter Single Sign-On Server
through the Orchestrator server, you need a delegate holder-of-key token for Orchestrator and your
principal token.
If Orchestrator is congured with the vCenter Single Sign-On Server and basic authentication is enabled,
you must authenticate by using valid credentials and Orchestrator manages the holder-of-key token.
Accessing System Objects in Orchestrator
You can access system objects in Orchestrator at the URLs of the Inventory and the Catalog services of the
REST API.
n
hps://orchestrator_host:port/vco/api/inventory/System/
n
hps://orchestrator_host:port/vco/api/catalog/System/
When you access system objects in Orchestrator, you pass your principal holder-of-key token in the
Authorization header of HTTP requests that you make to the Inventory or the Catalog service.
For example, to retrieve all system objects of type Workflow, you make a GET request at
hps://orchestrator_host:port/vco/api/catalog/System/Workow/. To authenticate against Orchestrator, you
need to pass your principal holder-of-key token in the Authorization header of the request.
Developing a Web Services Client for VMware vRealize Orchestrator
12 VMware, Inc.