lunedì 5 giugno 2023

vRA 8.5.1 REST Api calls - API Authentication

Issue


I need a quick guide (step-by-step) on how to authenticate to vRA 8.5.1 via REST API calls.

Solution


To do that, I found a VMware well documented guide "vRealize Automation 8.5 API Programming Guide"

First of all, we need to know that the process to obtain the access token is different depending upon the vRealize Automation version.
In our case, we need to get the token used to authenticate our session, we use the Identity Service API to get an API token. Then we use the API token as input to the IaaS API to get an access token.

Let's see below the steps on how to do it, using Postman and Curl:
  1. Open Postman.

  2. Execute the following REST API call: 

    URL: https://<vRA-FQDN>/csp/gateway/am/api/login?access_token
Method: POST
Headers: 'Content-Type: application/json'
Body: {
	"username": "username",
	"password": "password"
}
    NOTE: If you don't need to authenticate locally (as in our case) replace the above username with your own username in the form username@domain.
  3. Take note of the refresh_token.
  4. Execute the following REST API call: 

    URL: https://<vRA-FQDN>/iaas/api/login
Method: POST
Headers: 'Content-Type: application/json'
Body: {
	"refreshToken": "api_token"
}
    ... and as output you will receive the token to be used for subsequent vRA queries.


Let's see the same procedure, this time using Curl:
  1. Open a session Terminal with both command, curl and jq already installed.

  2. Assign values to the variables for the hostname of our vRealize Automation appliance, our user name, and password. 
    url='https://<vRA-FQDN>'
username='username'
password='password'
  3. Execute the following curl command to retrive the API token: 
    api_token=`curl -k -X POST \
  "$url/csp/gateway/am/api/login?access_token" \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -d '{
  "username": "'$username'",
  "password": "'$password'"
}' | jq -r .refresh_token`
  4. With the API token assigned, execute the following curl command to retrieve the Access token: 
    access_token=`curl -k -X POST \
  "$url/iaas/api/login" \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -d '{
  "refreshToken": "'$api_token'"
}' | jq -r .token`
    Note: After 25 minutes of inactivity, the access token times out and we must request it again.

  5. We can now try to obtain more information such as the Organization ID, using the Access Token, by executing the command ... 
    curl -k -X GET "$url/csp/gateway/am/api/loggedin/user/orgs" -H "csp-auth-token: $access_token"

That's it.

Posted by at
Labels: , , ,

Nessun commento:

Posta un commento

Iscriviti a: Commenti sul post (Atom)