VMware Chargeback requires API requests to be authenticated. The first step in this workflow is to obtain an authentication token.

To obtain an authentication token, the login request supplies the user credentials in a form that Basic HTTP authentication requires. In this example, the user is logging in to a VMware Chargeback instance with URL https://tenantapp.example.com/.


  • Secure a channel between the web browser and the VMware Chargeback server. Open a browser and enter the URL of the VMware Chargeback instance such as:

    The system warns that your connection is not private. Click through to confirm the security exception and establish an SSL handshake.

  • Verify that you can access the APIs. Enter the URL of your VMware Chargeback instance with tenant-app-api/swagger-ui.html added to the end, such as:
  • Verify that you have the login credentials for a user of your VMware Chargeback instance.


  1. POST a request to the login URL to acquire a token.
    POST https://tenantapp.example.com/tenant-app-api/api/suiteapi/internal/auth/token/acquire
  2. Examine the response.
    A successful request returns an ops authorization token, which you must include in subsequent API requests.

Example: Login Request and Response

This example shows a request and response for a user with login user name: tenantapp-user and password: tenantapp-dummy-password.

Request header:
POST https://tenantapp.example.com/suite-api/api/auth/token/acquire
Content-Type: application/json
Accept: application/json
Request body in JSON format:
  "username" : "tenantapp-user",
  "password" : "tenantapp-dummy-password"
Response in JSON:
200 OK
  "token": "8f868cca-27cc-43d6-a838-c5467e73ec45::77cea9b2-1e87-490e-b626-e878beeaa23b",  
  "validity": 1470421325035,  
  "expiresAt": "Friday, November 5, 2019 6:22:05 PM UTC",  
  "roles": []
Note: Add the label 'vRealizeOpsToken' and a space as prefix in the acquired token.
The response code indicates whether the request succeeded, or how it failed.
  • If the request is successful, the server returns HTTP response code 200 (OK) and reusable ops authorization token that expires after six hours. This token must be included in each subsequent API request.
  • If the credentials supplied in the POST body are invalid, the server returns HTTP response code 401.

What to do next

The obtained token must be included in each subsequent API request as the Authorization header.

Include the Authorization header in the format: vRealizeOpsToken <token value>.

If the token supplied in the Authorization header is invalid or expired, the server returns HTTP response code 401.

For information on individual APIs, open the VMware Chargeback api documentation url in the format: