Hi:
I am try using Orchestrator REST web service through Python.
But I did not find a way to get principal HOK and delegate HOK.
Anyone has a way to get these 2 keys? And how to put it into Http header?
You need to get these tokens directly from SSO, not from vCO.
BTW, vCO REST API (version 5.1u1 and up) supports basic authentication over SSO, so you may call the REST API passing username/password, and vCO server will hide the complexity of dealing with SSO tokens.
when you mention basic, I assume you mean the user / password is in cleartext over the wire?
Not that this matters in my case but just want to be sure for a secure requirement.
Basic use base64 to encode / decode but is typically used with HTTPS.