Authenticating a JSON Client with the Session ManagerLast Updated December 16, 2024
Most method calls must carry a session ID to authenticate with the server at the time
of the call. The session ID is a temporary substitute for username and password, thereby
limiting risk to the principal's credentials.
To acquire a session ID, you have these options:
- Invoke theSessionManager.Loginmethod with username and password, exchanging the principal's credentials for a session ID token.
- Request a SAML token from the vCenter Single-Sign-On server, and use the token to invoke theSessionManager.LoginByTokenmethod, receiving a session ID token in exchange.
For example, the response headers might
contain lines similar to the following:
The
value 0123498765fabdec5263748596071829304100ab
is the session ID
token. Use it in the headers of your API requests, like
this: