To execute programmatic operations against the VCF Automation Provider Org APIs, administrators can utilize either VCF Automation API Tokens or a VCF IdP Token (VIDB Token). When leveraging the VIDB Token, authentication requires a two-step process. Below are the sequential API operations required to establish an active session. Step 1: Exchange VIDB Token for VIDB …
Continue reading VCF 9.1 API Access (7): VCF Automation Provider Org
In VCF 9.1, access control for API-driven automation is managed through VCF Custom Roles and Role Assignments linked to API tokens. This post details how these mechanisms govern programmatic authentication and authorization. 1. API Token Permission Inheritance API token access is governed directly by its associated security principal. This principal is an SSO user when …
As private cloud environments grow, manual administration becomes a significant reliability risk and a barrier to scaling. Adopting an API-driven model for VCF Fleet Management is essential for achieving operational excellence; it enables standardized operations, automated lifecycle management, and centralized governance across all VCF instances. By utilizing APIs or workflow automation through VCF Operations, organizations …
Continue reading VCF 9.1 API Access (6): Scoping Permissions for the VCF 9.1 Fleet Management API
In this post, we will walk through how to leverage your centralized VCF VIDB API token to get access to VCF SSO-enabled vCenter. By utilizing this secure token-exchange architecture, you can execute programmatic tasks against vCenter APIs without ever needing hardcoded local vCenter credentials. Step 1: Exchange your VIDB API token for VIDB Access Token …
Continue reading VCF 9.1 API Access (4): vCenter Authentication
Once you have exchanged your initial credentials for a functional VCF Bearer Access Token (via the Identity Broker), that single token can be used to authorize programmatic operations directly across various VCF component APIs. Below are two practical examples that demonstrate how to use your active bearer access token to authenticate requests to both the …
Continue reading VCF 9.1 API Access (3): Using API Access Token for NSX and Operations API
In VMware Cloud Foundation (VCF) 9.1, the platform offers flexible methods for programmatic access. This blog post explores how to exchange the IdP Access token for the Identity Broker access token. The Default Path: VIDB Token Exchange By default, VCF 9.1 supports using a VIDB token to exchange for an access token. The Mechanism: The …
Continue reading VCF 9.1 API Access (2): Balancing Operational Simplicity with IdP Governance
Unlocking the power of automation in VMware Cloud Foundation (VCF) 9.1 requires a solid understanding of how to manage programmatic access. By transitioning from manual administration to an API-first approach, you can ensure consistency, scalability, and security across your entire VCF fleet. This blog post helps you understand identity types in the context of VCF …
davidwzhang.com 