Exchange Token Exchange
If vSphere APIs begin with /rest, maps are consumed and emitted as lists of objects containing a key:value pair.
Exchanges incoming token based on the spec and current client authorization data.
Request
URLURL
https://{api_host}/rest/vcenter/tokenservice/token-exchange
Header Parameters
Header Parameters
| Required | Parameter Name | Type | Description |
|---|---|---|---|
| required |
|
string | Required session ID, obtained by first calling Create Session API |
Request Body
Request Body
Contains TokenserviceTokenExchangeExchangeRequestBody
of type application/json
(required)
{
"spec": {
"grant_type": "string",
"subject_token": "string",
"subject_token_type": "string"
}
}| Required | Property Name | Type | Description |
|---|---|---|---|
| required | spec | TokenserviceTokenExchangeExchangeSpec |
TokenExchange.ExchangeSpec structure contains arguments that define exchange process. |
Response
Response
Response BodyResponse Body
200 OK returns
TokenserviceTokenExchangeExchangeResponseBody
of type application/json
TokenExchange.Info structure that contains new token.
{
"value": {
"access_token": "string",
"expires_in": 0,
"issued_token_type": "string",
"refresh_token": "string",
"scope": "string",
"token_type": "string"
}
}| Property Name | Type | Description |
|---|---|---|
| value | TokenserviceTokenExchangeInfo |
TokenExchange.Info structure that contains new token. |
cURL Command
curl -X POST -H "vmware-api-session-id: b00db39f948d13ea1e59b4d6fce56389" -H "Content-Type: application/json" -d '{"spec":{"actor_token":"string","actor_token_type":"string","audience":"string","grant_type":"string","requested_token_type":"string","resource":"string","scope":"string","subject_token":"string","subject_token_type":"string"}}' https://{api_host}/rest/vcenter/tokenservice/token-exchange
Errors
| Code | Returns | Description |
|---|---|---|
| default | ErrorRest | Not available |
| 400 | ErrorRest | com.vmware.vapi.std.errors.invalid_request : The request cannot be fulfilled due to bad syntax. | com.vmware.vcenter.tokenservice.invalid_request : The request cannot be fulfilled due to bad syntax. | com.vmware.vcenter.tokenservice.invalid_grant : provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. | com.vmware.vcenter.tokenservice.invalid_scope : If the server is unwilling or unable to issue a token for all the target services indicated by the TokenExchange.ExchangeSpec.resource or TokenExchange.ExchangeSpec.audience parameters. |
| 401 | ErrorRest | com.vmware.vapi.std.errors.unauthorized : if authorization is not given to a caller. |
