[{"label":"Latest (4.4.0)","version":"latest"},{"version":"4.3.1"},{"link":"https://developer.vmware.com/apis/1126/vmware-cloud-foundation","version":"4.3"},{"link":"https://developer.vmware.com/apis/1077/vmware-cloud-foundation","version":"4.2"},{"link":"https://developer.vmware.com/apis/1032/vmware-cloud-foundation","version":"4.1"},{"link":"https://developer.vmware.com/apis/1002/vmware-cloud-foundation","version":"4.0.1"},{"link":"https://developer.vmware.com/apis/921/vmware-cloud-foundation","version":"4.0"},{"link":"https://developer.vmware.com/apis/925/vmware-cloud-foundation","version":"3.10"},{"link":"https://developer.vmware.com/apis/891/vmware-cloud-foundation","version":"3.9.1"},{"link":"https://developer.vmware.com/apis/723/vmware-cloud-foundation","version":"3.9.0"},{"link":"https://developer.vmware.com/apis/711/vmware-cloud-foundation","version":"3.8.1"},{"link":"https://developer.vmware.com/apis/685/vmware-cloud-foundation","version":"3.8"}]
vcf
VMware Cloud Foundation API Reference Guide

Users

APIs for managing Users

1. Add users

  • This API is used to add users.

1.1. Prerequisites

The following data is required

  • Name of the SSO or AD domain

  • Username

  • Type of the user. For types supported, refer to User

  • Role ID

1.2. Steps

  • Fetch the role ID for the role.

Tip : Refer to Get the Roles

  • Invoke the API to add a user.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '[ {
  "name" : "USER_1@vsphere.local",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
  }
}, {
  "name" : "USER_2@vsphere.local",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
  }
}, {
  "name" : "SERVICE_USER_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
  }
} ]'

HTTP Request

POST /v1/users HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 437
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

[ {
  "name" : "USER_1@vsphere.local",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
  }
}, {
  "name" : "USER_2@vsphere.local",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
  }
}, {
  "name" : "SERVICE_USER_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
  }
} ]

HTTP Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 884

{
  "elements" : [ {
    "id" : "fc361730-c4da-469a-a90c-ec8c6abb2656",
    "name" : "USER_1@vsphere.local",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
    },
    "creationTimestamp" : "2022-01-24T12:34:52.287Z"
  }, {
    "id" : "e548d5a6-d5c4-4875-a135-c61ce60ad63c",
    "name" : "USER_2@vsphere.local",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
    },
    "creationTimestamp" : "2022-01-24T12:34:52.287Z"
  }, {
    "id" : "5eea66dc-46a5-4469-b1fa-39db95bb3396",
    "name" : "SERVICE_USER_1",
    "domain" : "Nil",
    "type" : "SERVICE",
    "apiKey" : "NkqMAdgyHzqHflQL2ktMwDis9p37MBpj",
    "role" : {
      "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
    },
    "creationTimestamp" : "2022-01-24T12:34:52.287Z"
  } ]
}

2. Add service users

  • This API is used to add service users.

2.1. Prerequisites

The following data is required

  • Username

  • Type of the user. The type would be SERVICE for service users. For types supported, refer to User.

  • Role ID

2.2. Steps

  • Fetch the role ID for the role.

Tip : Refer to Get the Roles

  • Invoke the API to create a service user.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '[ {
  "name" : "service_account_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "a013b5af-25b7-4180-8976-427381a0c542"
  }
} ]'

HTTP Request

POST /v1/users HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 128
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

[ {
  "name" : "service_account_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "a013b5af-25b7-4180-8976-427381a0c542"
  }
} ]

HTTP Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 337

{
  "elements" : [ {
    "id" : "774f23b6-5a68-4520-88e5-746c4e7956b5",
    "name" : "service_account_1",
    "domain" : "Nil",
    "type" : "SERVICE",
    "apiKey" : "VMPHIO8ABt3qD2k94SLdH8cXbM3Bc9kw",
    "role" : {
      "id" : "a013b5af-25b7-4180-8976-427381a0c542"
    },
    "creationTimestamp" : "2022-01-24T12:34:51.620Z"
  } ]
}
  • The response of the API contains the apiKey . With the apiKey, the service user can login and obtain access token.

Obtain access token for a service user

2.3. Prerequisites

The following data is required

  • API key

2.4. Steps

  • Invoke the API with the API key to generate an access token and refresh token.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -d '{
  "username" : "automationapp",
  "apiKey" : "6598S0SIQC04sGjEr0nIeDlZx18GYRoT"
}'

HTTP Request

POST /v1/tokens HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 83
Host: sfo-vcf01.rainpole.io

{
  "username" : "automationapp",
  "apiKey" : "6598S0SIQC04sGjEr0nIeDlZx18GYRoT"
}

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 683

{
  "accessToken" : "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxNTFlZWI5Yy1mNWNmLTQ3N2UtYTJhYS0yMzg4ZmFmYzMwNDAiLCJpYXQiOjE1ODIxMzgzMzQsInN1YiI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsImlzcyI6InZjZi1hdXRoIiwiYXVkIjoic2RkYy1zZXJ2aWNlcyIsIm5iZiI6MTU4MjEzODMzNCwiZXhwIjoxNTgyMTQxOTM0LCJ1c2VyIjoiYWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2FsIiwibmFtZSI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIkJBQ0tVUF9DT05GSUdfUkVBRCIsIkNSRURFTlRJQUxfUkVBRCIsIlVTRVJfV1JJVEUiLCJPVEhFUl9XUklURSIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJPVEhFUl9SRUFEIiwiVVNFUl9SRUFEIiwiQ1JFREVOVElBTF9XUklURSJdfQ.ylzrCyo4ymTKtSv1flmUrW-b8mxjRl7T2uV3a8sWWMA",
  "refreshToken" : {
    "id" : "3c6b3c30-3bf2-480b-9539-8483699ab911"
  }
}

3. Get the Users

  • This API is used to get all the users listed in the system.

  • This also gives other details associated with the user like domain, type of user and the role id.

3.1. Steps

  • Invoke the API to fetch all users.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/users HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 884

{
  "elements" : [ {
    "id" : "fc361730-c4da-469a-a90c-ec8c6abb2656",
    "name" : "USER_1@vsphere.local",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
    },
    "creationTimestamp" : "2022-01-24T12:34:52.287Z"
  }, {
    "id" : "e548d5a6-d5c4-4875-a135-c61ce60ad63c",
    "name" : "USER_2@vsphere.local",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
    },
    "creationTimestamp" : "2022-01-24T12:34:52.287Z"
  }, {
    "id" : "5eea66dc-46a5-4469-b1fa-39db95bb3396",
    "name" : "SERVICE_USER_1",
    "domain" : "Nil",
    "type" : "SERVICE",
    "apiKey" : "NkqMAdgyHzqHflQL2ktMwDis9p37MBpj",
    "role" : {
      "id" : "2ca002cf-b7eb-4697-a7e7-69190d944e00"
    },
    "creationTimestamp" : "2022-01-24T12:34:52.287Z"
  } ]
}

4. Delete a User

  • This API is used to delete a user.

4.1. Prerequisites

The following data is required

  • User ID

4.2. Steps

  • Invoke the API with the “user ID” to be deleted.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users/fc361730-c4da-469a-a90c-ec8c6abb2656' -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

DELETE /v1/users/fc361730-c4da-469a-a90c-ec8c6abb2656 HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 204 No Content

5. Get the Roles

  • This API is used to fetch all the roles supported by VCF.

  • Currently there are three roles that are supported - ADMIN, OPERATOR and VIEWER.

5.1. Prerequisites

None

5.2. Steps

  • Invoke the API to fetch the roles and role IDs

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/roles' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/roles HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 361

{
  "elements" : [ {
    "id" : "802d6fa4-5a1d-419b-84cd-dcf16628802b",
    "name" : "ADMIN",
    "description" : "Administrator"
  }, {
    "id" : "b184058c-3141-4531-a2da-194b2f237c55",
    "name" : "OPERATOR",
    "description" : "Operator"
  }, {
    "id" : "98c1fd6f-1e48-45ef-9d3f-43604673128c",
    "name" : "VIEWER",
    "description" : "Viewer"
  } ]
}

6. Get SSO Domain

  • This API is used to fetch the SSO domains known to the system.

6.1. Prerequisites

None

6.2. Steps

  • Invoke the API by specifying the “SSO domain name”.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/sso-domains' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/sso-domains HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 38

{
  "elements" : [ "vsphere.local" ]
}

7. Get SSO Domain entities

  • This API is used to fetch all domain entities in a particular domain known to the system.

  • This includes users and subdomains.

7.1. Prerequisites

The following data is required

  • SSO Domain name

7.2. Steps

  • Invoke the API by specifying the “SSO domain name”.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/sso-domains/vsphere.local/entities' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/sso-domains/vsphere.local/entities HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 786

{
  "elements" : [ {
    "id" : "USER_1@vsphere.local",
    "name" : "USER_1",
    "type" : "USER"
  }, {
    "id" : "USER_2@vsphere.local",
    "name" : "USER_2",
    "type" : "USER"
  }, {
    "id" : "USER_3@vsphere.local",
    "name" : "USER_3",
    "type" : "USER"
  }, {
    "id" : "USER_4@vsphere.local",
    "name" : "USER_4",
    "type" : "USER"
  }, {
    "id" : "äUSER_5@vsphere.local",
    "name" : "äUSER_5",
    "type" : "USER"
  }, {
    "id" : "vsphere.local\\\\group_1",
    "name" : "",
    "type" : "GROUP"
  }, {
    "id" : "vsphere.local\\\\group_2",
    "name" : "",
    "type" : "GROUP"
  }, {
    "id" : "vsphere.local\\\\group_3",
    "name" : "",
    "type" : "GROUP"
  }, {
    "id" : "vsphere.local\\\\group_4",
    "name" : "",
    "type" : "GROUP"
  } ]
}

8. Get local account details

  • This API is used to check whether or not the local account is configured.

8.1. Prerequisites

None

8.2. Steps

  • Invoke the API to check whether or not the local account is configured.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users/local/admin' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/users/local/admin HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 141

{
  "isConfigured" : false,
  "name" : "admin@local",
  "type" : "USER",
  "role" : {
    "id" : "9e81d1c2-f688-4c34-890c-5bdff737358d"
  }
}

9. Update password for local account

  • This API is used to update the local account password or to configure local account if it wasn’t configured during the bringup

9.1. Prerequisites

  • The following data is required

    • Old Password

    • New Password

Note : Provide only “newPassword” if you are configuring the local account for the first time.

  • New password must be in compliance with these password policies.

    Password requirements:

    • Length: 12-127 characters

    • Allowed special characters: ! % @ $ ^ # ? *

    • At least 1 small letter, capital letter, number and special character should be present

    • At least 2 alphabetic characters should be present

    • A character cannot be repeated more than 3 times consecutively

9.2. Steps

  • Invoke the API to update the local account password or to configure local account.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users/local/admin' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "oldPassword" : "XXXXXXX",
  "newPassword" : "YYYYYYY"
}'

HTTP Request

PATCH /v1/users/local/admin HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 60
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "oldPassword" : "XXXXXXX",
  "newPassword" : "YYYYYYY"
}

HTTP Response

HTTP/1.1 204 No Content

Last updated 2022-01-24 06:18:36 PST

Operations



[{"label":"Latest (4.4.0)","version":"latest"},{"version":"4.3.1"},{"link":"https://developer.vmware.com/apis/1126/vmware-cloud-foundation","version":"4.3"},{"link":"https://developer.vmware.com/apis/1077/vmware-cloud-foundation","version":"4.2"},{"link":"https://developer.vmware.com/apis/1032/vmware-cloud-foundation","version":"4.1"},{"link":"https://developer.vmware.com/apis/1002/vmware-cloud-foundation","version":"4.0.1"},{"link":"https://developer.vmware.com/apis/921/vmware-cloud-foundation","version":"4.0"},{"link":"https://developer.vmware.com/apis/925/vmware-cloud-foundation","version":"3.10"},{"link":"https://developer.vmware.com/apis/891/vmware-cloud-foundation","version":"3.9.1"},{"link":"https://developer.vmware.com/apis/723/vmware-cloud-foundation","version":"3.9.0"},{"link":"https://developer.vmware.com/apis/711/vmware-cloud-foundation","version":"3.8.1"},{"link":"https://developer.vmware.com/apis/685/vmware-cloud-foundation","version":"3.8"}]
vcf
Feedback

Was this page helpful?