Exchange Token Exchange
Released in v7.0.0Exchanges incoming token based on the spec and current client authorization data.
Request
URLURL
https://{api_host}/rest/vcenter/tokenservice/token-exchange
Header Parameters
Header Parameters
string
vmware-api-session-id
Required
Required session ID, acquired from Create Session API under CIS product
vmware-api-session-id Example
b00db39f948d13ea1e59b4d6fce56389
Request Body
Request Body
TokenserviceTokenExchangeExchangeRequestBody of type application/json (required){
"spec": {
"grant_type": "string",
"subject_token": "string",
"subject_token_type": "string"
}
}
spec
Required
TokenExchange.ExchangeSpec structure contains arguments that define exchange process.
Response
Response
Response BodyResponse Body
200 OK returns
TokenserviceTokenExchangeExchangeResponseBody
of type application/json
TokenExchange.Info structure that contains new token.
{
"value": {
"access_token": "string",
"expires_in": 0,
"issued_token_type": "string",
"refresh_token": "string",
"scope": "string",
"token_type": "string"
}
}cURL Command
curl -X POST -H "vmware-api-session-id: b00db39f948d13ea1e59b4d6fce56389" -H "Content-Type: application/json" -d '{"spec":{"actor_token":"string","actor_token_type":"string","audience":"string","grant_type":"string","requested_token_type":"string","resource":"string","scope":"string","subject_token":"string","subject_token_type":"string"}}' https://{api_host}/rest/vcenter/tokenservice/token-exchange
Errors
400
com.vmware.vapi.std.errors.invalid_request : The request cannot be fulfilled due to bad syntax. | com.vmware.vcenter.tokenservice.invalid_request : The request cannot be fulfilled due to bad syntax. | com.vmware.vcenter.tokenservice.invalid_grant : provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. | com.vmware.vcenter.tokenservice.invalid_scope : If the server is unwilling or unable to issue a token for all the target services indicated by the TokenExchange.ExchangeSpec.resource or TokenExchange.ExchangeSpec.audience parameters.
default
'Default' means this response is used for all HTTP codes that are not covered individually for this operation.
