Create a Session Using Basic Authentication

LDAP users and local users are defined by the VMware Cloud Director integrated identity provider, and must include credentials in the form required by Basic HTTP authentication when making a the request to create a VMware Cloud Director API Session.

Prerequisites

Verify that you know the API login URL. See Retrieve the Login URL and List of Supported API Versions.
Verify that you are logging in as a user whose identity is managed by the VMware Cloud Director integrated identity provider.

Procedure

Use the login URL to authenticate to the VMware Cloud Director API.
POST a request to this URL. The request must include your username, organization name, and password in a MIME Base64 encoding. See Create a Login Session Using the Integrated Identity Provider.
Examine the response.
The response code indicates whether the request succeeded, or how it failed.
- If the request is successful, the server returns HTTP response code 200 (OK) and headers that include:
```
X-VMWARE-VCLOUD-ACCESS-TOKEN: token
X-VMWARE-VCLOUD-TOKEN-TYPE: type
```
  Use the values of these headers to construct an Authorization header to use in subsequent VMware Cloud Director API requests. For example, if the value of the X-VMWARE-VCLOUD-TOKEN-TYPE is Bearer, then the constructed header would have this form:
```
Authorization Bearer token
```
- If the Authorization header is missing from the request, the server returns HTTP response code 403.
- If the credentials supplied in the Authorization header are invalid, the server returns HTTP response code 401.

Results

A valid request returns a Session element. See Create a Login Session Using the Integrated Identity Provider.

Example: Create a Login Session Using the Integrated Identity Provider

A request to create a login session using the Integrated Identity provider must supply the user's credentials in the following form:

user@organization:password

user is the user's login name.
organization is the name of the user's organization.
password is the user's password.

These credentials must be supplied in a MIME Base64 encoding, as specified in RFC 1421.

This example shows a Basic HTTP authentication login request and response for a user logging in to the Finance organization of a cloud whose API login URL is https://vcloud.example.com/cloudapi/1.0.0/sessions.

Request:

POST https://vcloud.example.com/cloudapi/1.0.0/sessions 
Authorization: Basic encoded-credentials
Accept: application/*;version=9.0

Response:

200 OK
...
<Session
   xmlns="http://www.vmware.com/vcloud/v1.5"
   userUrn="urn:vcloud:user:fe50b0b5-..." 
   user="bob"
   org="Finance" 
   ... >
  <Link
      rel="down"
      type="application/vnd.vmware.vcloud.org+xml"
      name="System"
      href="https://vcloud.example.com/api/org/5" />
  <Link
      rel="down"
      type="application/vnd.vmware.vcloud.query.queryList+xml"
      href="https://vcloud.example.com/api/query" />
   <Link
      rel="entityResolver"
      type="application/vnd.vmware.vcloud.entity+xml"
      href="https://vcloud.example.com/api/entity/" />
   <Link
      rel="down:extensibility"
      type="application/vnd.vmware.vcloud.apiextensibility+xml"
      href="https://vcloud.example.com/api/extensibility" />
</Session>

The response includes several Link types, including:

org: A link to your organization. See Retrieve a List of Organizations Accessible to You.
queryList: A link to the set of typed queries the user can run. See Using the Query Service.
entity: A link to the entity resolver. See Retrieve an Object as an Entity.
extensibility: A link to the extensibility framework entry point. See VMware Cloud Director Extension Services.