The Tenant App requires API requests to be authenticated. The first step in this workflow is to obtain an authentication token.

To obtain an authentication token, the login request supplies the user credentials in a form that Basic HTTP authentication requires. In this example, the user is logging in to a Tenant App instance with URL


  • Secure a channel between the web browser and the Tenant App server. Open a browser and enter the URL of the Tenant App instance such as:

    The system warns that your connection is not private. Click through to confirm the security exception and establish an SSL handshake.

  • Verify that you can access the APIs. Enter the URL of your Tenant App instance with tenant-app-api/swagger-ui.html added to the end, such as:
  • Verify that you have the login credentials for a user of your Tenant App instance.


  1. POST a request to the login URL to acquire a token.
  2. Examine the response.
    A successful request returns an ops authorization token, which you must include in subsequent API requests.

Example: Login Request and Response

This example shows a request and response for a user with login user name: tenantapp-user and password: tenantapp-dummy-password.

Request header:
Content-Type: application/json
Accept: application/json
Request body in JSON format:
  "username" : "tenantapp-user",
  "password" : "tenantapp-dummy-password"
Response in JSON:
200 OK
  "token": "8f868cca-27cc-43d6-a838-c5467e73ec45::77cea9b2-1e87-490e-b626-e878beeaa23b",  
  "validity": 1470421325035,  
  "expiresAt": "Friday, November 5, 2019 6:22:05 PM UTC",  
  "roles": []
The response code indicates whether the request succeeded, or how it failed.
  • If the request is successful, the server returns HTTP response code 200 (OK) and reusable ops authorization token that expires after six hours. This token must be included in each subsequent API request.
  • If the credentials supplied in the POST body are invalid, the server returns HTTP response code 401.

What to do next

The obtained token must be included in each subsequent API request as the Authorization header.

Include the Authorization header in the format: vRealizeOpsToken <token value>.

If the token supplied in the Authorization header is invalid or expired, the server returns HTTP response code 401.

For information on individual APIs, open the tenant app api documentation url in the format: