Tokens APIs

Tokens APIs

APIs for managing Access and Refresh Token

Table of Contents

1. Create a token pair

  • SDDC Manager APIs are secured using token-based authentication.

  • As a first step before invocation of any API, an access token has to be obtained.

  • Invoking the Token API returns a token pair - access token and refresh token.

  • To invoke an API, the access token has to be passed in the Authorization header as a Bearer token.

1.1. Prerequisites API

The following data is required :-

  • VCF Credentials

    • User created in SSO or AD domain and associated as an ADMIN or OPERATOR or VIEWER role in VCF

    • Username

    • Password

Note : For the sake of brevity, the Bearer tokens have been abbreviated in the code snippets throughout this document.

Note : To create a token pair with "apiKey ", refer Obtain access token for a service user section.

1.2. Steps API

  • Invoke the API with the right credentials.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -d '{
  "username" : "administrator@vsphere.local",
  "password" : "XXXXXXX"
}'

HTTP Request

POST /v1/tokens HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 74
Host: sfo-vcf01.rainpole.io

{
  "username" : "administrator@vsphere.local",
  "password" : "XXXXXXX"
}

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 683

{
  "accessToken" : "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxNTFlZWI5Yy1mNWNmLTQ3N2UtYTJhYS0yMzg4ZmFmYzMwNDAiLCJpYXQiOjE1ODIxMzgzMzQsInN1YiI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsImlzcyI6InZjZi1hdXRoIiwiYXVkIjoic2RkYy1zZXJ2aWNlcyIsIm5iZiI6MTU4MjEzODMzNCwiZXhwIjoxNTgyMTQxOTM0LCJ1c2VyIjoiYWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2FsIiwibmFtZSI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIkJBQ0tVUF9DT05GSUdfUkVBRCIsIkNSRURFTlRJQUxfUkVBRCIsIlVTRVJfV1JJVEUiLCJPVEhFUl9XUklURSIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJPVEhFUl9SRUFEIiwiVVNFUl9SRUFEIiwiQ1JFREVOVElBTF9XUklURSJdfQ.ylzrCyo4ymTKtSv1flmUrW-b8mxjRl7T2uV3a8sWWMA",
  "refreshToken" : {
    "id" : "3c6b3c30-3bf2-480b-9539-8483699ab911"
  }
}

[_createtoken] API [_refreshaccesstoken] API [_invalidaterefreshtoken] API

2. Refresh an access token

  • Refresh token is a special type of token used to renew an access token when the access token expires.

  • A refresh token can be used any number of times to obtain an access token until it has not expired or been revoked.

2.1. Prerequisites API

The following data is required

  • Refresh token is obtained when token pair is generated

2.2. Steps API

  • Invoke the API by passing the refresh token.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens/access-token/refresh' -i -X PATCH \
    -H 'Content-Type: text/plain' \
    -H 'Accept: application/json' \
    -d '"eb8d1a03-6644-4a76-b018-2c7b02c2a526"'

HTTP Request

PATCH /v1/tokens/access-token/refresh HTTP/1.1
Content-Type: text/plain
Accept: application/json
Content-Length: 38
Host: sfo-vcf01.rainpole.io

"eb8d1a03-6644-4a76-b018-2c7b02c2a526"

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 583

eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxNTFlZWI5Yy1mNWNmLTQ3N2UtYTJhYS0yMzg4ZmFmYzMwNDAiLCJpYXQiOjE1ODIxMzgzMzQsInN1YiI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsImlzcyI6InZjZi1hdXRoIiwiYXVkIjoic2RkYy1zZXJ2aWNlcyIsIm5iZiI6MTU4MjEzODMzNCwiZXhwIjoxNTgyMTQxOTM0LCJ1c2VyIjoiYWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2FsIiwibmFtZSI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIkJBQ0tVUF9DT05GSUdfUkVBRCIsIkNSRURFTlRJQUxfUkVBRCIsIlVTRVJfV1JJVEUiLCJPVEhFUl9XUklURSIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJPVEhFUl9SRUFEIiwiVVNFUl9SRUFEIiwiQ1JFREVOVElBTF9XUklURSJdfQ.ylzrCyo4ymTKtSv1flmUrW-b8mxjRl7T2uV3a8sWWMA

[_createtoken] API [_refreshaccesstoken] API [_invalidaterefreshtoken] API

3. Revoke a refresh token

  • As refresh tokens are generally issued with validity for longer durations, there is a possibility that they maybe compromised.

  • Revoking a refresh token means that an already issued refresh token cannot be used again to refresh an access token.

3.1. Prerequisites API

The following data is required

  • Refresh token

3.2. Steps API

  • Invoke the API by passing the refresh token which is to be revoked.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens/refresh-token' -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -d '"eb8d1a03-6644-4a76-b018-2c7b02c2a526"'

HTTP Request

DELETE /v1/tokens/refresh-token HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 38
Host: sfo-vcf01.rainpole.io

"eb8d1a03-6644-4a76-b018-2c7b02c2a526"

HTTP Response

HTTP/1.1 204 No Content

[_createtoken] API [_refreshaccesstoken] API [_invalidaterefreshtoken] API
Last updated 2024-08-27 16:13:54 -0700

Operations
POST
Create Token
Create Token Pair
PATCH
Refresh Access Token
Refresh Access Token
DELETE
Invalidate Refresh Token
Invalidate Refresh Token