[VCDR] API Token Expiring or is Invalid
search cancel

[VCDR] API Token Expiring or is Invalid

book

Article ID: 323644

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Provide the steps to generate a new API Token ID and update it in the VCDR Console for existing deployments, and check to ensure all prerequisites are met when generating an API Token and using in a new deployment of VCDR.

Symptoms:
New Deployments:

When deploying VCDR and adding the VCDR created API Token, the following error may be seen - "Error: API token is invalid or has expired."

Existing Deployments:

An automated email may be received with the following description, "The API token will expire in 24 days. Create a new API token in VMware Cloud on AWS and add it to VMware Cloud DR. - alert - VMware Cloud DR."

Cause

New Deployments:

A user that created the API Token for VCDR may not have their IP restrictions setup correctly within the Cloud Portal. 

Existing Deployments:

The maximum time to live for an API Token is 60 months. When an API Token is coming up on its end of life, it is required to generate a new token ID and update it within the VCDR product.

Resolution

New Deployments:

Confirm the Cloud Portal does not have any IP restrictions setup for the user creating the API Token. Reference the following documentation: https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-59732501-8407-4459-8F50-D30658AF59B3.html

Existing Deployments:

There are two options available:
  1. Regenerate the current API Token used for VCDR.
    1. Note: When regenerating the current API Token, this will keep everything the same - Organization Roles, Service Roles and Time to Live. When clicking on regenerate, it will generate an updated Token ID.
  2. Create a new API Token
Note: Please make sure to copy the API Token ID when prompted, as it will not be recoverable once you exit the Token ID window.

Once the API Token ID has been generated, the following process will need to be followed to update the API Token in the VCDR Console - Change API Token ID

Note: Please make sure the user creating the API Token is an Organization Owner and has all of the correct Service Roles defined in the document in Step 2 above.

Additional Information

Add the API Token

Impact/Risks:
New Deployments:

The API Token is unable to be attached to VCDR when deploying the environment. 

Existing Deployments:

VCDR replications/backups will begin to fail if the API Token is not updated.