Authenticating a JSON Client with the Session Manager
Most method calls must carry a session ID to authenticate with the server at the time
of the call. The session ID is a temporary substitute for username and password, thereby
limiting risk to the principal's credentials.
To acquire a session ID, you have these options:
- Invoke theSessionManager.Loginmethod with username and password, exchanging the principal's credentials for a session ID token.
- Request a SAML token from the vCenter Single-Sign-On server, and use the token to invoke theSessionManager.LoginByTokenmethod, receiving a session ID token in exchange.
For example, the response headers might
contain lines similar to the following:
The valuecontent-type: application/json date: Tue, 14 Aug 2007 13:30:00 GMT vmware-api-session-id: 0123498765fabdec5263748596071829304100ab x-envoy-upstream-service-time: 45
0123498765fabdec5263748596071829304100ab
is the session ID
token. Use it in the headers of your API requests, like
this:content-type: application/json vmware-api-session-id: 0123498765fabdec5263748596071829304100ab