VCF 9.1 API Access (3): Using API Access Token for NSX and Operations API

On By David ZhangIn Cloud Foundation

VCF 9.1 API Access Series

This post is part of an ongoing deep-dive series on VCF 9.1 programmatic access.

Foundational Mechanics

Component Authentication & Token Exchange

Advanced Architecture, Governance & Least Privilege

Day-2 Lifecycle Automation

Once you have exchanged your initial credentials for a functional VCF Bearer Access Token (via the Identity Broker), that single token can be used to authorize programmatic operations directly across various VCF component APIs.

Below are two practical examples that demonstrate how to use your active bearer access token to authenticate requests to both the NSX Policy API and the VCF Operations API (formerly vRealize Operations).

Example 1: NSX Policy API Call

To interact with NSX, pass the VCF access token within the standard HTTP Authorization: Bearer header. The following request retrieves watermarking configurations from the NSX Manager:

Bash

curl --request GET \
  --url https://{{nsxm-fqdn}}/policy/api/v1/watermark \
  --header 'authorization: Bearer {{apiAccessToken}}'

Example 2: VCF Operations API Call

Similarly, the same bearer access token can target VCF Operations endpoints to retrieve environment details or system status. The request below queries the current API version supported by the Operations manager:

Bash

curl --request GET \
  --url https://{{vcf-ops-fqdn}}/suite-api/api/versions/current \
  --header 'accept: application/json' \
  --header 'content-type: application/json' \
  --header 'authorization: Bearer {{apiAccessToken}}'

By utilizing the centralized VCF Bearer Access Token as a standard authorization header, you can seamlessly orchestrate tasks across your network and operations layers without managing component-level local credentials.