Authenticating a JSON Client with the Session Manager

Most method calls must carry a session ID to authenticate with the server at the time of the call. The session ID is a temporary substitute for username and password, thereby limiting risk to the principal's credentials.

To acquire a session ID, you have these options:

Invoke the

SessionManager.

method with username and password, exchanging the principal's credentials for a session ID token.

Request a SAML token from the vCenter Single-Sign-On server, and use the token to invoke the

SessionManager.

LoginByToken

method, receiving a session ID token in exchange.

After a successful authentication operation with vCenter Server, you extract the session ID token from the HTTP header of the response message. Include the same header in subsequent API request messages.

For example, the response headers might contain lines similar to the following:

content-type: application/json
date: Tue, 14 Aug 2007 13:30:00 GMT
vmware-api-session-id: 0123498765fabdec5263748596071829304100ab
x-envoy-upstream-service-time: 45

The value

0123498765fabdec5263748596071829304100ab

is the session ID token. Use it in the headers of your API requests, like this:

content-type: application/json
vmware-api-session-id: 0123498765fabdec5263748596071829304100ab

Client Applications Using the JSON Protocol

Basic Authentication for the JSON Protocol

SAML Token Authentication for a JSON Client

Content feedback and comments

VMware vSphere SDKs and Tools 8.0

Authenticating a JSON Client with the Session Manager