You use API tokens to authenticate yourself when you make authorized API connections. You also need an API token when you associate a VMware Cloud Director instance with a VMware Cloud on AWS SDDC.

An API token has a time-to-live (TTL) period, which you define when you generate the API token. After this time, if you want to continue using the APIs that rely on a token, you must regenerate the token.

After generating an API token, save the token credentials to a safe place.

You can regenerate a token at any time. If you regenerate a token, you revoke all instances of the previous token. If you have used the API token, for example, in one of your scripts, you must replace it with the newly generated API token.


  1. Log in to VMware Cloud Director service.
  2. Click your user name and click My Account.
  3. On the My Account page, click the API Tokens tab.
  4. Click Generate a new API token.
  5. Enter a meaningful name of the token and in Token TTL define for how long the token is valid.
  6. Define the scopes for the token.
    Scopes provide a way to implement control over what areas in an organization your token can access - specifically which role in an organization, what services, and the level of permissions.
    Important: You can only provide your token with the roles that you have been assigned within your organization. You can check your roles in the My Roles tab.
    If you use the API token to associate a VMware Cloud Director instance with a VMware Cloud on AWS SDDC, its scope must contain the Administrator and NSX Cloud Admin service roles, as well as the Developer or the Organization Owner organization role.
  7. To get information about the users that authorize your app, select Open ID .
  8. Click Generate.
    A Token Generated pop-up window appears. You can copy, download, or print the token.
  9. Save the token credentials to a safe place, so that you can retrieve them and use them later.
    For security reasons, after you generate the token, the API Tokens page only displays the name of the token, and not the token credentials. You can no longer reuse the token by copying the credentials from this page.
  10. Click Continue.