HPE Developer Community Portal

Authenticating against the API


About OAuth 2 authentication and authorization

The REST API uses OAuth 2 authentication. To perform any operation using the REST API, you must log in and obtain a valid OAuth token. To log in, use the same username/password combination that you would use to create a session on the Virtual Controller using the svt-session-start CLI command. Once you have received an OAuth token, pass this token in with every REST API operation to authorize the operation. The privilege level of a REST API session is equivalent to the privilege level of a CLI session that uses the same credentials. For example, a read-only user can perform GET operations but cannot perform most POST/PUT/DELETE operations.

Requesting an OAuth 2 token

This example shows how to request an OAuth 2 token for use with the REST API using curl. OAuth 2 token requests are the only HTTP requests that use basic authentication. For these OAuth 2 token requests, use simplivity as the username and leave the password blank.

You need a username/password combination that to use to request an OAuth 2 token.

The following curl command requests an OAuth 2 token:

curl -k https://simplivity@[host]/api/oauth/token -d grant_type=password -d 
username=[username] -d password=[password]

Where:

  • host is the IP address of the Virtual Controller to which you want to authenticate.
  • username is the username for a user account with the appropriate privileges for the REST API operations that you plan to perform.
  • password is the password that corresponds to the username that you have specified.

You must supply the -k switch due to the use of self-signed certificates. You can import these certificates into your local certificate store.

This call returns a JSON response. For example:

{
"access_token":"d3c4782f-7fd9-496f-969b-29b7f7715972",
"token_type":"bearer",
"expires_in":81301,
"scope":"read write",
"updated_at":1455232016377
}

Note the value for the access_token in this response.

Pass the value for the access_token in every HTTP request header, using the following format: Authorization: Bearer [access_token]

For example:

Authorization: Bearer d3c4782f-7fd9-496f-969b-29b7f7715972

Blog feed