VMware Developer Documentation
API Reference PowerCLI Reference
[{"label":"Latest (5.0.0)","version":"latest"},{"version":"4.5.1"},{"version":"4.5.0"},{"version":"4.4.0"},{"version":"4.3.1"},{"link":"https://developer.vmware.com/apis/1126/vmware-cloud-foundation","version":"4.3"},{"link":"https://developer.vmware.com/apis/1077/vmware-cloud-foundation","version":"4.2"},{"link":"https://developer.vmware.com/apis/1032/vmware-cloud-foundation","version":"4.1"},{"link":"https://developer.vmware.com/apis/1002/vmware-cloud-foundation","version":"4.0.1"},{"link":"https://developer.vmware.com/apis/921/vmware-cloud-foundation","version":"4.0"},{"link":"https://developer.vmware.com/apis/925/vmware-cloud-foundation","version":"3.10"},{"link":"https://developer.vmware.com/apis/891/vmware-cloud-foundation","version":"3.9.1"},{"link":"https://developer.vmware.com/apis/723/vmware-cloud-foundation","version":"3.9.0"},{"link":"https://developer.vmware.com/apis/711/vmware-cloud-foundation","version":"3.8.1"},{"link":"https://developer.vmware.com/apis/685/vmware-cloud-foundation","version":"3.8"}]
vcf
VMware Cloud Foundation API Reference Guide

Users

APIs for managing Users

Table of Contents

1. Add users

  • This API is used to add users.

1.1. Prerequisites

The following data is required

  • Name of the SSO or AD domain

  • Username

  • Type of the user. For types supported, refer to User

  • Role ID

1.2. Steps

  • Fetch the role ID for the role.

Tip : Refer to Get the Roles

  • Invoke the API to add a user.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '[ {
  "name" : "USER_1@vsphere.local",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "0cb8a912-65cf-4157-a78a-4db1b2e2be05"
  }
}, {
  "name" : "USER_2@vsphere.local",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "0cb8a912-65cf-4157-a78a-4db1b2e2be05"
  }
}, {
  "name" : "SERVICE_USER_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "0cb8a912-65cf-4157-a78a-4db1b2e2be05"
  }
} ]'

HTTP Request

POST /v1/users HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 437
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

[ {
  "name" : "USER_1@vsphere.local",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "0cb8a912-65cf-4157-a78a-4db1b2e2be05"
  }
}, {
  "name" : "USER_2@vsphere.local",
  "domain" : "vsphere.local",
  "type" : "USER",
  "role" : {
    "id" : "0cb8a912-65cf-4157-a78a-4db1b2e2be05"
  }
}, {
  "name" : "SERVICE_USER_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "0cb8a912-65cf-4157-a78a-4db1b2e2be05"
  }
} ]

HTTP Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 884

{
  "elements" : [ {
    "id" : "c93eba6f-02c8-4553-a9cd-2e4550e096b4",
    "name" : "USER_1@vsphere.local",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "0cb8a912-65cf-4157-a78a-4db1b2e2be05"
    },
    "creationTimestamp" : "2023-05-16T02:32:58.012Z"
  }, {
    "id" : "57984c7d-e137-44e1-b710-73b53b9e3fbe",
    "name" : "USER_2@vsphere.local",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "0cb8a912-65cf-4157-a78a-4db1b2e2be05"
    },
    "creationTimestamp" : "2023-05-16T02:32:58.012Z"
  }, {
    "id" : "bb02d072-ed75-4b9e-8ebf-1d515497965a",
    "name" : "SERVICE_USER_1",
    "domain" : "Nil",
    "type" : "SERVICE",
    "apiKey" : "FfOyjY2cC02T7kYEPJCBXMmqnCwKBQfQ",
    "role" : {
      "id" : "0cb8a912-65cf-4157-a78a-4db1b2e2be05"
    },
    "creationTimestamp" : "2023-05-16T02:32:58.012Z"
  } ]
}

2. Add service users

  • This API is used to add service users.

2.1. Prerequisites

The following data is required

  • Username

  • Type of the user. The type would be SERVICE for service users. For types supported, refer to User.

  • Role ID

2.2. Steps

  • Fetch the role ID for the role.

Tip : Refer to Get the Roles

  • Invoke the API to create a service user.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '[ {
  "name" : "service_account_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "87068946-9259-4572-9f52-65d4a4b8b487"
  }
} ]'

HTTP Request

POST /v1/users HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 128
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

[ {
  "name" : "service_account_1",
  "type" : "SERVICE",
  "role" : {
    "id" : "87068946-9259-4572-9f52-65d4a4b8b487"
  }
} ]

HTTP Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 337

{
  "elements" : [ {
    "id" : "5c629018-17a3-444c-90fa-5bc60d55cc03",
    "name" : "service_account_1",
    "domain" : "Nil",
    "type" : "SERVICE",
    "apiKey" : "WpEYmRrE8EyQHvLwbuWBToakOgvXx1gQ",
    "role" : {
      "id" : "87068946-9259-4572-9f52-65d4a4b8b487"
    },
    "creationTimestamp" : "2023-05-16T02:32:57.451Z"
  } ]
}
  • The response of the API contains the apiKey . With the apiKey, the service user can login and obtain access token.

Obtain access token for a service user

2.3. Prerequisites

The following data is required

  • API key

2.4. Steps

  • Invoke the API with the API key to generate an access token and refresh token.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/tokens' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -d '{
  "username" : "automationapp",
  "apiKey" : "6598S0SIQC04sGjEr0nIeDlZx18GYRoT"
}'

HTTP Request

POST /v1/tokens HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 83
Host: sfo-vcf01.rainpole.io

{
  "username" : "automationapp",
  "apiKey" : "6598S0SIQC04sGjEr0nIeDlZx18GYRoT"
}

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 683

{
  "accessToken" : "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxNTFlZWI5Yy1mNWNmLTQ3N2UtYTJhYS0yMzg4ZmFmYzMwNDAiLCJpYXQiOjE1ODIxMzgzMzQsInN1YiI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsImlzcyI6InZjZi1hdXRoIiwiYXVkIjoic2RkYy1zZXJ2aWNlcyIsIm5iZiI6MTU4MjEzODMzNCwiZXhwIjoxNTgyMTQxOTM0LCJ1c2VyIjoiYWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2FsIiwibmFtZSI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjpbIkJBQ0tVUF9DT05GSUdfUkVBRCIsIkNSRURFTlRJQUxfUkVBRCIsIlVTRVJfV1JJVEUiLCJPVEhFUl9XUklURSIsIkJBQ0tVUF9DT05GSUdfV1JJVEUiLCJPVEhFUl9SRUFEIiwiVVNFUl9SRUFEIiwiQ1JFREVOVElBTF9XUklURSJdfQ.ylzrCyo4ymTKtSv1flmUrW-b8mxjRl7T2uV3a8sWWMA",
  "refreshToken" : {
    "id" : "3c6b3c30-3bf2-480b-9539-8483699ab911"
  }
}

3. Get the Users

  • This API is used to get all the users listed in the system.

  • This also gives other details associated with the user like domain, type of user and the role id.

3.1. Steps

  • Invoke the API to fetch all users.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/users HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 884

{
  "elements" : [ {
    "id" : "c93eba6f-02c8-4553-a9cd-2e4550e096b4",
    "name" : "USER_1@vsphere.local",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "0cb8a912-65cf-4157-a78a-4db1b2e2be05"
    },
    "creationTimestamp" : "2023-05-16T02:32:58.012Z"
  }, {
    "id" : "57984c7d-e137-44e1-b710-73b53b9e3fbe",
    "name" : "USER_2@vsphere.local",
    "domain" : "vsphere.local",
    "type" : "USER",
    "role" : {
      "id" : "0cb8a912-65cf-4157-a78a-4db1b2e2be05"
    },
    "creationTimestamp" : "2023-05-16T02:32:58.012Z"
  }, {
    "id" : "bb02d072-ed75-4b9e-8ebf-1d515497965a",
    "name" : "SERVICE_USER_1",
    "domain" : "Nil",
    "type" : "SERVICE",
    "apiKey" : "FfOyjY2cC02T7kYEPJCBXMmqnCwKBQfQ",
    "role" : {
      "id" : "0cb8a912-65cf-4157-a78a-4db1b2e2be05"
    },
    "creationTimestamp" : "2023-05-16T02:32:58.012Z"
  } ]
}

4. Delete a User

  • This API is used to delete a user.

4.1. Prerequisites

The following data is required

  • User ID

4.2. Steps

  • Invoke the API with the “user ID” to be deleted.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users/c93eba6f-02c8-4553-a9cd-2e4550e096b4' -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

DELETE /v1/users/c93eba6f-02c8-4553-a9cd-2e4550e096b4 HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 204 No Content

5. Get the Roles

  • This API is used to fetch all the roles supported by VCF.

  • Currently there are three roles that are supported - ADMIN, OPERATOR and VIEWER.

5.1. Prerequisites

None

5.2. Steps

  • Invoke the API to fetch the roles and role IDs

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/roles' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/roles HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 361

{
  "elements" : [ {
    "id" : "ada09e3e-ec07-4522-8777-6252332714a9",
    "name" : "ADMIN",
    "description" : "Administrator"
  }, {
    "id" : "dc48a02f-28fb-47bf-ad45-3bd003e7fa20",
    "name" : "OPERATOR",
    "description" : "Operator"
  }, {
    "id" : "ba26134d-f071-4f80-a6d6-677b7c6ae05d",
    "name" : "VIEWER",
    "description" : "Viewer"
  } ]
}

6. Get SSO Domain

  • This API is used to fetch the SSO domains known to the system.

6.1. Prerequisites

None

6.2. Steps

  • Invoke the API by specifying the “SSO domain name”.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/sso-domains' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/sso-domains HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 38

{
  "elements" : [ "vsphere.local" ]
}

7. Get SSO Domain entities

  • This API is used to fetch all domain entities in a particular domain known to the system.

  • This includes users and subdomains.

7.1. Prerequisites

The following data is required

  • SSO Domain name

7.2. Steps

  • Invoke the API by specifying the “SSO domain name”.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/sso-domains/vsphere.local/entities' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/sso-domains/vsphere.local/entities HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 786

{
  "elements" : [ {
    "id" : "USER_1@vsphere.local",
    "name" : "USER_1",
    "type" : "USER"
  }, {
    "id" : "USER_2@vsphere.local",
    "name" : "USER_2",
    "type" : "USER"
  }, {
    "id" : "USER_3@vsphere.local",
    "name" : "USER_3",
    "type" : "USER"
  }, {
    "id" : "USER_4@vsphere.local",
    "name" : "USER_4",
    "type" : "USER"
  }, {
    "id" : "äUSER_5@vsphere.local",
    "name" : "äUSER_5",
    "type" : "USER"
  }, {
    "id" : "vsphere.local\\\\group_1",
    "name" : "",
    "type" : "GROUP"
  }, {
    "id" : "vsphere.local\\\\group_2",
    "name" : "",
    "type" : "GROUP"
  }, {
    "id" : "vsphere.local\\\\group_3",
    "name" : "",
    "type" : "GROUP"
  }, {
    "id" : "vsphere.local\\\\group_4",
    "name" : "",
    "type" : "GROUP"
  } ]
}

8. Get local account details

  • This API is used to check whether or not the local account is configured.

8.1. Prerequisites

None

8.2. Steps

  • Invoke the API to check whether or not the local account is configured.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users/local/admin' -i -X GET \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/users/local/admin HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 141

{
  "isConfigured" : false,
  "name" : "admin@local",
  "type" : "USER",
  "role" : {
    "id" : "688e67a1-4d4d-47ed-b05d-62ff7aed79ac"
  }
}

9. Update password for local account

  • This API is used to update the local account password or to configure local account if it wasn’t configured during the bringup

9.1. Prerequisites

  • The following data is required

    • Old Password

    • New Password

Note : Provide only “newPassword” if you are configuring the local account for the first time.

  • New password must be in compliance with these password policies.

    Password requirements:

    • Length: 12-127 characters

    • Allowed special characters: ! % @ $ ^ # ? *

    • At least 1 small letter, capital letter, number and special character should be present

    • At least 2 alphabetic characters should be present

    • A character cannot be repeated more than 3 times consecutively

9.2. Steps

  • Invoke the API to update the local account password or to configure local account.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/users/local/admin' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "oldPassword" : "XXXXXXX",
  "newPassword" : "YYYYYYY"
}'

HTTP Request

PATCH /v1/users/local/admin HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 60
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "oldPassword" : "XXXXXXX",
  "newPassword" : "YYYYYYY"
}

HTTP Response

HTTP/1.1 204 No Content

Last updated 2023-05-21 23:30:49 PDT

Operations


post
Add Users
Add users
delete
Delete User
Delete a user
get
Get All UI Users
getAllUiUsers
get
Get Local Account
Get local account details
get
Get Roles
Get all roles
get
Get SSO Domain Entities
Get all entities of SSO domain
get
Get SSO Domains
Get all SSO domains
get
Get Users
Get all Users
patch
Update Local User Password
Update password for local account

Generated on: 25 May 23 10:38 UTC
[{"label":"Latest (5.0.0)","version":"latest"},{"version":"4.5.1"},{"version":"4.5.0"},{"version":"4.4.0"},{"version":"4.3.1"},{"link":"https://developer.vmware.com/apis/1126/vmware-cloud-foundation","version":"4.3"},{"link":"https://developer.vmware.com/apis/1077/vmware-cloud-foundation","version":"4.2"},{"link":"https://developer.vmware.com/apis/1032/vmware-cloud-foundation","version":"4.1"},{"link":"https://developer.vmware.com/apis/1002/vmware-cloud-foundation","version":"4.0.1"},{"link":"https://developer.vmware.com/apis/921/vmware-cloud-foundation","version":"4.0"},{"link":"https://developer.vmware.com/apis/925/vmware-cloud-foundation","version":"3.10"},{"link":"https://developer.vmware.com/apis/891/vmware-cloud-foundation","version":"3.9.1"},{"link":"https://developer.vmware.com/apis/723/vmware-cloud-foundation","version":"3.9.0"},{"link":"https://developer.vmware.com/apis/711/vmware-cloud-foundation","version":"3.8.1"},{"link":"https://developer.vmware.com/apis/685/vmware-cloud-foundation","version":"3.8"}]
vcf
Feedback

Was this page helpful?

© 2023 VMware Inc. Terms of Use Privacy Your California Privacy Rights Accessibility Trademarks Glossary Help Contact Us