6 Replies Latest reply on Feb 13, 2020 10:54 PM by seplus

    REST API call to get Bearer Token

    seplus Novice

      I connected vra8 as REST Host in vro.(with basic authentication)

      And created action to get the Token. (this is on perm)

      Getting an error as "Bad Request 400"






              var url="/csp/gateway/am/api/login";


              var request = restHost.createRequest("POST",url);

             request.setHeader("Content-Type", "application/json");

             request.setHeader("Accept", 'application/json');

              System.log("Request url: "+ request.fullUrl);

              var requestResponse = request.execute();

              System.log("Request Response: "+ requestResponse.contentAsString);

              if(requestResponse.statusCode !=200){

                   System.log("Bearer Token Request Failed with an error code"+requestResponse.statusCode);

                   throw "Error: "+ requestResponse.statusCode;


                   var bearerToken = JSON.parse(requestResponse.contentAsString).cspAuthToken;

                   System.log("Bearer Token: "+ bearerToken);

                   return bearerToken;




         System.log("An  error : "+e);





         throw "No Rest Host Provided";


        • 1. Re: REST API call to get Bearer Token
          iiliev Champion
          VMware EmployeesCommunity Warriors

          I guess the problem is that you are not providing user credentials in the POST request body, which makes the request invalid.


          Check the documentation (vRA Programming Guide) for info/examples what should be sent as request body for this particular API call.

          1 person found this helpful
          • 2. Re: REST API call to get Bearer Token
            seplus Novice

            Thank you for the reply.

            The rest Host is already connected in the vRO invetory.

            I am creating the request using that Host connection, do we need to pass username and password again for that request ?

            • 3. Re: REST API call to get Bearer Token
              stevedrummond Hot Shot

              You cannot set the credential on the REST host connection as it doesn't know how to format the body and send it, or how to parse the result for the token and issue the token in all subsequent requests.


              You need to do something like the following:

              const body = { username: 'test user', password: 'mypassword', domain: 'mydomain.local' };
              const request = restHost.createRequest('POST', '/csp/gateway/am/api/login', JSON.stringify(body));
              const response = request.execute();
              const accessToken = JSON.parse(response.contentAsString).cspAuthToken;


              You will need then to include the accessToken in your auth header for all other requests to vRA 8.

              1 person found this helpful
              • 4. Re: REST API call to get Bearer Token
                seplus Novice

                Thank you!!!

                If I am publish this workflow as catalog, how can we give the requesting users credentials ?

                Or do we need to save the one api user's user name and password with this workflow?


                • 5. Re: REST API call to get Bearer Token
                  stevedrummond Hot Shot

                  You have two options. "Per User" or "Shared Session"; normally the plug-in objects handle this for you, particularly useful for "Per User" as it passes through their credentials for you.


                  As you are having to auth "manually" you can either your workflow with a shared service account and if necessary track what user is performing the action in some way (either just the vRA request artifact or some other ledger). Alternatively the catalog item would need to prompt the user for the username/password, or perhaps the presentation layer has some mechanism to "pass through" (I haven't looked), and the workflow uses that data to retrieve an auth token on behalf of the user.

                  • 6. Re: REST API call to get Bearer Token
                    seplus Novice

                    Thanks for the reply.

                    Getting the current logged on User's auth token, and using that getting the access token is the best method.

                    So that the request will show under the requester.

                    trying to find out the method to get current login user's auth token.