• API being used as per the guide NSX API Authentication Using a Session Cookie
• External LDAP user or local user is being used in the API call.
• The user can log into the NSX UI fine.
• The password contains special characters such as '+' symbol.
• Other API calls also work with the same username and password.
• Only the API used to get the session cookie is failing:
• Sample API call:

curl -i -k -c session.txt -X POST -d 'j_username=<username>&j_password=<password>' https://<NSX-Manager>/api/session/create 2>&1 > response.txt

• Checking the file response.txt for the response we see:

HTTP/1.1 403 Forbidden

• A successful response would be: 

HTTP/1.1 200 OK

Note: Replace <NSX-Manager>, <username> and <password> with the correct details.

VMware NSX

When a special character is being used in the password, for example in this case it was a '+' symbol, the password is not being correctly encoded, for example the '+' inserts a space.

To avoid the encoding issues with the special characters in the password:

Option 1:

Encode the username and password separately, using --data-urlencode.

For example:

curl -i -k -c cookies.txt -X POST --data-urlencode 'j_username=<username>' --data-urlencode 'j_password=<password>' https://<NSX-Manager>/api/session/create

Note: Replace <NSX-Manager>, <username> and <password> with the correct details.

Option 2:

Manually URL encode the special character and use in the documented cookie session create API call:

For example, convert '+' to URL character '%2B' and use in the password:

curl -i -k -c cookies.txt -X POST -d 'j_username=<username>&j_password='#######%2B#######' https://<NSX-Manager>/api/session/create

Note: Replace <NSX-Manager>, <username> with the correct details, ####### represents the part of the password which is not a special character, whereas %2B is the '+' converted to URL encode.

Note: The documentation will be updated to include the above option NSX API Authentication Using a Session Cookie