VMware Horizon Cloud Service Next-Gen – The Automation Series – Chapter 2 – Access Token
This blog post is part of the VMware Horizon Cloud Service Next-Gen – The Automation Series, a series of blog posts that describes the possibilities and use of the VMware Horizon Cloud Service Next-Gen APIs.
In chapter 1, we created an API token for a user that has been assigned the required roles for using the next-gen APIs. In this chapter we will create an access token using the API token. This access token can then be used in future API calls by providing the access token as a bearer token in the header of the API call. How this is done using curl is well described in the documentation. Therefore, I will provide the steps using PowerShell to provide an alternative.
To generate the access token, we need to execute a HTTP post method to a URI using the following information:
| HTTP Method | POST |
| URI | https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize |
| Content-Type |
application/x-www-form-urlencoded
|
| API Token | The API token generated in chapter 1 |
With this information we will now construct the lines of code in PowerShell to generate the access token.
|
1 2 3 4 5 6 7 8 9 |
$Header = @{ "Content-Type" = "application/x-www-form-urlencoded" } $Body = @{ "refresh_token" = "<YOUR API TOKEN>" } Invoke-RestMethod -Uri https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize -Method Post -Headers $Header -Body $Body |
Looking at the lines of code, you can see that the Content-Type and its value are part of the header. This determines the type of content that you are sending to the URI.
As part of the request we want to specify which data we want to send to the URI. This is done in the body.
Now, as part of the execution, the URI, HTTP method, header and body are specified using the Invoke-RestMethod PowerShell cmdlet.
Once executed, you will receive the access token value as part of the response. This is the value you need for future next-gen API calls.
You can also see that the access token expires in 30 minutes. This is specified in the expires_in value. This means that, once expired, you have to execute the same script lines to receive an new access token that again expires after 30 minutes.
To make things a bit easier, I created a PowerShell function to simply receive the access token by only specifying the API token. So no need to construct the whole URI, HTTP method, header and body thing :-).
| The script below serves as an example. You may change the script to your own needs or standards, like error handling and things like that. |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
Function New-HCSAccessToken { [CmdletBinding()] param ( [Parameter(Mandatory=$True)] [string]$Token, [Parameter(Mandatory=$False)] [string]$Uri ) If (!($Uri)) { $Uri = "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize" } $Header = @{ "Content-Type" = "application/x-www-form-urlencoded" } $Body = @{ "refresh_token" = "$Token" } Write-Output (Invoke-RestMethod -Uri "$Uri" -Method Post -Headers $Header -Body $Body -UseBasicParsing).access_token } |
The access token is directly provided as output using the New-HCSAccessToken function.
I hope this chapter was informative and that you enjoyed reading.
In the next chapters we will start adding different configuration items in the VMware Horizon Cloud Service. For this we follow the same sequence as the Get Started flow in the Horizon Universal Console.
This means that next up is Active Directory configuration.
1 Response
[…] 1 – API Token Chapter 2 – Access Token Chapter 3 – Active Directory Chapter 4 – Single Sign-On Chapter 5 – Site Chapter […]