VMware Developer Documentation
API Reference PowerCLI Reference
[{"label":"Latest (v1.0)","version":"latest"}]
csp
CSP API Identity and Access Management - Cloud Services Platform Principal User

Generate User API Token

Description

Programmatically Generate User Api Token. The following restrictions are in place: .

  1. ‘All Roles’ or high privilege organization roles are not allowed as a scope for the new API token (few exceptions apply)
  2. Organization ID in Access token (in headers) and ID token (in request body) should be the same.
  3. Maximum number of 50 API tokens is allowed.
  4. In non-production environments it is possible to choose for which of your organizations to generate token.

Access Policy

Role User Accounts Service Accounts (Client Credentials Applications)
All Roles ✔️

Request

Request

URL

URL

post
https://{api_host}/csp/gateway/am/api/loggedin/user/api-tokens
Copy
Request Body

Request Body

GenerateApiTokenRequestV2 of mimetype application/json Required 
{
	"allowedScopes": {},
	"idToken": "string",
	"refreshTokenTTL": 0
}
AllowedScopesDto
allowedScopes Required

The allowed general, organization and service scopes of access.
string as ^[\p{Alnum}\-._ ]+$
idToken Required

ID Token is signed JWT token returned from the authorization server and contains the user’s profile information, includingthe domain of the identity provider. This domain is used to obtain the identity provider URL. This token is used for optimization so the application can know the identity of the user, without having to make any additional network requests. This token can be generated via the Authorization Code flow only.
integer as int32
refreshTokenTTL Required

API Token Time To Live (TTL)
integer as int32
notifyBeforeExpiry Optional

Number of days to notify before token expiration
string
orgId Optional

Id of the organization for which to generate token (if different from the logged in user organization). This functionality is allowed only for non-production environments.
string
tokenName Optional

The name of the API token. The value must be alphanumerical and can contain the following symbols -_.`’:@&, and space. International characters are allowed.
Authentication

Authentication

This operation uses the following authentication methods.

Bearer

Response

Response

Response Body

Response Body

200 OK

Returns ApiTokenResponse of type application/json 
{
	"apiToken": "string"
}
string
apiToken Optional

The value of the API token.
Errors

Errors

CspErrorResponse
400

Max number of 50 user API Tokens reached | Invalid or expired idToken | Provided idToken does not belong to loggedin user | Authenticated Organization id and idToken organization id mismatch | High privilege organization scopes and ‘All roles’ scope not allowed
CspErrorResponse
401

The user is not authorized to use the API
CspErrorResponse
403

IP auth policy violation
CspErrorResponse
404

The requested resource could not be found
CspErrorResponse
409

The request could not be processed due to a conflict
CspErrorResponse
429

The user has sent too many requests
CspErrorResponse
500

An unexpected error has occurred while processing the request
Code Samples

Code Samples

cURL Command

curl -X POST -H "Content-Type: application/json" -d '{"allowedScopes":{"generalScopes":["string"],"organizationScopes":{"allPermissions":false,"allRoles":false,"keptInToken":["ROLES"],"permissions":[{"permissionId":"string","resources":["string"]}],"roles":[{"name":"string","resource":"string"}]},"servicesScopes":[{"allPermissions":false,"allRoles":false,"keptInToken":["ROLES"],"permissions":[{"permissionId":"string","resources":["string"]}],"roles":[{"name":"string","resource":"string"}],"serviceDefinitionId":"string"}]},"idToken":"string","notifyBeforeExpiry":0,"orgId":"string","refreshTokenTTL":0,"tokenName":"string"}' https://{api_host}/csp/gateway/am/api/loggedin/user/api-tokens
 Vendor Extensions

Vendor Extensions

This operation contains the following vendor extensions defined in the spec:
x-required-roles: any
x-slo-tier: TIER2


Generated on: 04 May 23 11:51 UTC
[{"label":"Latest (v1.0)","version":"latest"}]
csp
On This Page
Principal User Operations
post
Generate User API Token
get
Get Logged In User Groups On Organization By Organization ID
get
Get Logged In User Info
get
Get Logged In User Roles On Organization By Organization ID
get
Get Logged In User Service Roles On Organization By Organization ID
get
Get Loggedin User
get
Get Loggedin User Organizations
get
Get Loggedin User Organizations V2
put
Set Default Organization
Feedback

Was this page helpful?

© 2023 VMware Inc. Terms of Use Privacy Your California Privacy Rights Accessibility Trademarks Glossary Help Contact Us