Using API Access Token Authentication with the Connect-CIServer PowerCLI cmdlet
search cancel

Using API Access Token Authentication with the Connect-CIServer PowerCLI cmdlet

book

Article ID: 429004

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • Using the Connect-CIServer VCF PowerCLI cmdlet to connect to a VMware Cloud Director (VCD) instance.
  • An API Access Token has been created by a VCD User under User Preferences > API Tokens > New.
  • The Connect-CIServer cmdlet has no option to provide an API Access Token as the authentication credential.
  • The Connect-CIServer cmdlet does have an option to provide a SessionID in the form of "Bearer ####..." as the authentication credential.

Environment

  • VMware Cloud Director 10.6.1.x
  • VCF PowerCLI

Resolution

To use an API Access Token with the Connect-CIServer cmdlet, first log into the VCD token API endpoint using the PowerShell Invoke-RestMethod cmdlet, and then use the token in the form of "Bearer ###..." as the SessionID in the Connect-CIServer PowerCLI cmdlet.
Example steps would be as follows:

  1. Generate an API Token as either a System level user in the VCD Provider portal, or as an Organization level user in the VCD Tenant portal, under User Preferences > API Tokens > New after logging in as that user.
    For more information see the respective documentation:

    Generate an API Access Token Using Your VMware Cloud Director Service Provider Admin Portal

    Generate an API Access Token Using Your VMware Cloud Director Tenant Portal

  2. Retain this generated API Token, for example:

    ############################1234
        

  3. In PowerShell use the standard Invoke-RestMethod cmdlet to log into VCD via the VCD token API and save the response in a variable.
    Use the API Token from steps 1. and 2. above as the refresh_token in the log in request to the the VCD token API, for example:

    For a System level Provider user:
    $token = Invoke-RestMethod -Method POST -Uri "https://vcd.example.com/oauth/provider/token?grant_type=refresh_token&refresh_token=############################1234"

    For an Organization level Tenant user:
    $token = Invoke-RestMethod -Method POST -Uri "https://vcd.example.com/oauth/tenant/<organization_name>/token?grant_type=refresh_token&refresh_token=############################1234"
        

  4. This $token variable now includes the Bearer Token for our login in the $token.access_token value, for example:

    ####...

  5. Use the SessionID option in the PowerCLI Connect-CIServer cmdlet to connect to VCD with this Bearer Token instead of a username and password, for example:

    Connect-CIServer -Server vcd.example.com -SessionID "Bearer $($token.access_token)"

  6. After the Connect-CIServer completes, further PowerCLI cmdlets to interact with VCD can be run.
    For example to list to the vApps accessible to the logged in user, the Get-CIVApp cmdlet could be run:

    Get-CIVApp
        

  7. To disconnect from VCD the PowerCLI Disconnect-CIServer cmdlet can be run, for example:

    Disconnect-CIServer -Server vcd.example.com

Additional Information

VCF PowerCLI, Connect-CIServer

Generate an API Access Token Using Your VMware Cloud Director Service Provider Admin Portal

Generate an API Access Token Using Your VMware Cloud Director Tenant Portal

Powered by Wolken Software