Multiple API requests to VCD fail with 401 Unauthorized errors when using a Java-based API utility. Swagger and Postman requests succeed, confirming VCD is functioning normally.

The issue occurs because the utility reuses the same bearer token, which becomes invalid after the session idle timeout.

Since 401 events are logged as debug (not errors), no failure trace appears in VCD logs.

The issue is intermittent, depending on token validity and session timeout.

VMware Cloud Director : 10.6.x

The Java-based utility is reusing the same bearer token for multiple API calls without refreshing it. When the VCD session times out due to inactivity, the token becomes invalid, leading to 401 Unauthorized errors.

• Restart the affected VCD cell to clear stale sessions.
• Increase the VCD idle session timeout to at least 60 minutes and update the Java utility to refresh bearer tokens regularly (or per request).
• Ensure the API script generates a new token before each request to prevent 401 errors.