Authenticating Against vRealize Orchestrator

You must authenticate against vRealize Orchestrator in the HTTP requests that you make through the vRealize Orchestrator REST API.

Depending on whether you configure vRealize Orchestrator with vRealize Automation or vSphere as an authentication provider, the authentication scheme for the vRealize Orchestrator REST API is different. If vRealize Orchestrator uses vCenter Single Sign-On, depending on your configuration, you can authenticate by using a holder-of-key token issued by the vCenter Single Sign-On server. If vRealize Orchestrator is configured with vRealize Automation, you can authenticate through an OAuth bearer access token.

If you make HTTP requests at the top-level URL of the vRealize Orchestrator REST API, you do not need to authenticate against vRealize Orchestrator. The top level URL of the vRealize Orchestrator REST API is https://{orchestrator_fqdn}/vco/api/.

Note: The vRealize Orchestrator port is always 443 or, in the case of clustered vRealize Orchestrator environments, the port of the assigned load balancer.

A GET request at the top-level URL of the REST API returns URLs to all resources that are accessible through the API. To make HTTP requests at these URLs, you must authenticate against vRealize Orchestrator.