Search
platform logo

Simplivity

Authenticating against the API

About OAuth 2 authentication and authorization

The REST API uses OAuth 2 authentication. To perform any operation using the REST API, you must log in and obtain a valid OAuth token. To log in, use the same username/password combination that you would use to create a session on the Virtual Controller using the svt-session-start CLI command. Once you have received an OAuth token, pass this token in with every REST API operation to authorize the operation. The privilege level of a REST API session is equivalent to the privilege level of a CLI session that uses the same credentials. For example, a read-only user can perform GET operations but cannot perform most POST/PUT/DELETE operations.

Requesting an OAuth 2 token

This example shows how to request an OAuth 2 token for use with the REST API using curl. OAuth 2 token requests are the only HTTP requests that use basic authentication. For these OAuth 2 token requests, use simplivity as the username and leave the password blank.

You need a username/password combination that to use to request an OAuth 2 token.

The following curl command requests an OAuth 2 token:

curl -k https://simplivity@[host]/api/oauth/token -d grant_type=password -d
username=[username] -d password=[password]

Where:

  • host is the IP address of the Virtual Controller to which you want to authenticate.
  • username is the username for a user account with the appropriate privileges for the REST API operations that you plan to perform.
  • password is the password that corresponds to the username that you have specified.

You must supply the -k switch due to the use of self-signed certificates. You can import these certificates into your local certificate store.

This call returns a JSON response. For example:

{
"access_token":"d3c4782f-7fd9-496f-969b-29b7f7715972",
"token_type":"bearer",
"expires_in":81301,
"scope":"read write",
"updated_at":1455232016377
}

Note the value for the access_token in this response.

Pass the value for the access_token in every HTTP request header, using the following format: Authorization: Bearer [access_token]

For example:

Authorization: Bearer d3c4782f-7fd9-496f-969b-29b7f7715972

Related Blogs

author logo
Roy Atkins

HPE SimpliVity PowerShell Module

May 16, 2019
author logo
Ron Dharma

Using Postman with HPE SimpliVity

Nov 9, 2018

HPE Developer Newsletter

Stay in the loop.

Sign up for the HPE Developer Newsletter or visit the Newsletter Archive to see past content.

By clicking on “Subscribe Now”, I agree to HPE sending me personalized email communication about HPE and select HPE-Partner products, services, offers and events. I understand that my email address will be used in accordance with HPE Privacy Statement. You may unsubscribe from receiving HPE and HPE-Partner news and offers at any time by clicking on the Unsubscribe button at the bottom of the newsletter.

For more information on how HPE manages, uses, and protects your personal data please refer to HPE Privacy Statement.