How to : Use API Access Token for API
search cancel

How to : Use API Access Token for API

book

Article ID: 329439

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

Access tokens carry the necessary information to access a resource directly. In other words, when a client passes an access token to a server managing a resource, that server can use the information contained in the token to decide whether the client is authorized or not. Access tokens usually have an expiration date and are short-lived.

Refresh tokens carry the information necessary to get a new access token. In other words, whenever an access token is required to access a specific resource, a client may use a refresh token to get a new access token issued by the authentication server. Common use cases include getting new access tokens after old ones have expired, or getting access to a new resource for the first time. Refresh tokens can also expire but are rather long-lived.

 
The idea of refresh tokens is that if an access token is compromised, because it is short-lived, the attacker has a limited window in which to abuse it.


Environment

VMware Cloud on AWS

Resolution

 

You may replace the below refresh token with your token and use the rest as is :
Json querier required in step 3 : https://stedolan.github.io/jq/download/

 
Windows (Native with build 17063 and later) :

$REFRESH_TOKEN="YOUR-TOKEN-HERE"

$RESULTS=$(curl.exe -s -X POST "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize?refresh_token=$REFRESH_TOKEN")

$AUTH_TOKEN=$(echo $RESULTS | jq-win64.exe -r .access_token)
curl.exe -H "csp-auth-token: $AUTH_TOKEN" <URL>



 
OR

Download Git for windows: https://git-scm.com/downloads

 
Linux :

REFRESH_TOKEN="YOUR-TOKEN-HERE"

RESULTS=$(curl -s -X POST "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize?refresh_token=$REFRESH_TOKEN")

AUTH_TOKEN=$(echo $RESULTS | jq -r .access_token)
curl -H "csp-auth-token: $AUTH_TOKEN" <URL>





EXAMPLE :

1)    Generating a Refresh Token :



 

Sample usage :