You use API tokens to authenticate yourself when you interact with our APIs. Previously called an OAuth Refresh token, an API token handles authorization more securely than an access key because it authorizes access per organization, and not across all your organizations.

How does it work? You generate an API token. Then, you replace the API token for a CSP token which lets you interact with the APIs of the VMware Cloud Services Platform (CSP) and of your VMware Cloud services. You can generate more than one API token. A token is valid for six months, after which time you regenerate it. If you feel the token has been compromised, you can revoke the token to prevent unauthorized access. You generate a new token to renew authorization.

Here are some links to the CSP RESTful APIs:


  1. On the VMware Cloud Services toolbar, click your user name and select My Account > API Tokens.
  2. Click New Token.
  3. Click Copy to Clipboard.
  4. Perform a POST to /am/api/auth/api-tokens/authorize.

    A csp-auth token is generated.

  5. Paste the CSP token into your script.