vRealize Operations Manager API Programming Guide With basic authentication, you must pass valid user credentials with every API request. To prevent user credentials from being passed as clear text, the vRealize Operations Manager API server supports Https communication only The following example presents a basic authentication scenario using curl 1 You obtain valid user credentials for your vRealize Operations Manager instance, such as user name example_user, password simple_pass 2 If you want to obtain information about a resource with ID 00000000-0000-0000-2222-000000000002 you run the curl command curl-userexample_user:simple_passhttps://restendPoinT.examplecom/suite- api/api/ resources/0e000060600-0600-2222-6600000002 3Theapiserverextractscredentialsfromthehttpheaderauthorizationandcheckstheuser credentials. If the credentials are valid, it performs a read operation and returns the requested information about the resource With token-based authentication, you PoST a login request to the vRealize Operations Manager API server, supplying valid user credentials to obtain an authentication token. The following example presents token-based authentication scenario You obtain valid user credentials for your vRealize Operations Manager instance 2 POST a request to the REST endpoint for authentication Posthttps://restenDpoiNt.examplecom/api/token/acquire The request body includes the user name, password, and authentication source 3 In the response body, the endpoint returns the token, expiry date and time 4 For further communication, you include the token object in the Authorization header with the format Authorization: vRealizeOpsToken <vROps_token> Alternatively, if you acquired the token from an SSo source, the Authorization header is of the format Authorization SSo2Token <SS0 SAML TOKEN> 5 You can invalidate the token before the expiration date and time by sending a POST request to the out Posthttps://resteNdpoiNt.examplecom/api/token/release Request Headers The following Http headers are typically included in Api requestsWith basic authentication, you must pass valid user credentials with every API request. To prevent user credentials from being passed as clear text, the vRealize Operations Manager API server supports HTTPS communication only . The following example presents a basic authentication scenario using curl. 1 You obtain valid user credentials for your vRealize Operations Manager instance, such as user name example_user, password simple_pass. 2 If you want to obtain information about a resource with ID 00000000-0000-0000-2222-000000000002, you run the curl command: curl --user example_user:simple_pass https://RESTendpoint.example.com/suite￾api/api/resources/00000000-0000-0000-2222-000000000002 3 The API server extracts credentials from the HTTP header authorization and checks the user credentials. If the credentials are valid, it performs a read operation and returns the requested information about the resource. With token-based authentication, you POST a login request to the vRealize Operations Manager API server, supplying valid user credentials to obtain an authentication token. The following example presents a token-based authentication scenario. 1 You obtain valid user credentials for your vRealize Operations Manager instance. 2 POST a request to the REST endpoint for authentication. POST https://RESTendpoint.example.com/api/token/acquire The request body includes the user name, password, and authentication source. 3 In the response body, the endpoint returns the token, expiry date and time. 4 For further communication, you include the token object in the Authorization header with the format : Authorization: vRealizeOpsToken <vROps_token> Alternatively, if you acquired the token from an SSO source, the Authorization header is of the format: Authorization: SSO2Token <SSO_SAML_TOKEN> 5 You can invalidate the token before the expiration date and time by sending a POST request to the logout endpoint. POST https://RESTendpoint.example.com/api/token/release Request Headers The following HTTP headers are typically included in API requests: vRealize Operations Manager API Programming Guide VMware, Inc. 8