Get Your Access Token for the vRealize Automation API

To get the token used to authenticate your session, you use the Identity Service API to get an API token. Then you use the API token as input to the IaaS API to get an access token.

The access token is valid for eight hours. If the token times out, request it again.
Note: The process to obtain the access token is different depending upon the vRealize Automation version.
  • For vRealize Automation version 8.0, you can use the Identity Service API alone, or you can use both the Identity Service API and IaaS API to obtain the access token. See Get Your Access Token.
  • For vRealize Automation versions 8.0.1, 8.1 or later, you must use both the Identity Service API and IaaS API to obtain the access token. Using the token generated by the Identity Service API alone will not work due to a missing internal state.

Prerequisites

  • Secure a channel between the web browser and the vRealize Automation server. Open a browser and enter the URL such as: https://appliance.domain.com.

Procedure

  1. Assign values to the variables for the hostname of your vRealize Automation appliance, your user name, and your password. 
    identity_service_url='https://<vRA-HOSTNAME>'
username='<your_username>'
password='<your_password>'
  2. Use the Identity Service API to obtain the API token.
    The API token is also known as the refresh token. It is valid for 90 days and can be used to generate a new access token when the access token expires.
    Note: You cannot revoke the refresh token. 
    api_token=`curl -X POST \
  "$identity_service_url/csp/gateway/am/api/login?access_token" \
  -H 'Content-Type: application/json' \
  -d '{
  "username": "'"$username"'",
  "password": "'"$password"'"
}' | jq -r .refresh_token`
  3. Verify the API token variable is assigned. 
    echo $api_token
    The token is a compact string of characters.
  4. With the API token assigned, use the IaaS API to request the access token. 
    access_token=`curl -X POST \
  "$identity_service_url/iaas/api/login" \
  -H 'Content-Type: application/json' \
  -s \
  -d '{
  "refreshToken": "'"$api_token"'"
}' | jq -r .token`
  5. Verify the access token variable is assigned. 
    echo $access_token
    The access token is a JSON Web Token. After 25 minutes of inactivity, the access token times out and you must request it again. You can revoke an access token at any time.

Results

You have obtained the access token required to authenticate your API calls. This access token is valid for users of both the cloud and on-premises versions of vRealize Automation and is necessary when using tools that are integrated with vRealize Automation.

What to do next

Use the access token to verify user roles. See Verify User Roles.