Create an API Token

To use VMware Live Cyber Recovery, you first must create an API token in the VMware Cloud console.

Before your users access the VMware Live Cyber Recovery UI, create an API token to authorize service access for your organization. For instructions on how to create an API token from the VMware Cloud Services console, see generate an API token.

Note: Using Multi-Factor Authentication (MFA) with API tokens is currently not supported with VMware Live Cyber Recovery. This limitation applies only to MFA for API tokens ( My account > API Tokens), and does not apply to your organization authentication policy ( Organization > Authentication Policy > Multi-Factor Authentication) or your VMware Cloud user account ( My account > Security).

When you create an API token, you define its scope of permissions by assigning specific organization roles and service roles. For VMware Live Cyber Recovery, scope the following roles to the API token.

Organization Role: Organization Owner
Service Roles:
- VMware Cloud on AWS Administrator
- VMware Cloud on AWS NSX Cloud Admin

The maximum lifespan of a VMware Cloud Services API token is 60 months, after which you must regenerate a new token and configure it inside of VMware Live Cyber Recovery. If you do not regenerate a new token when the old one expires, the product features cannot function. The best practice in this case is to create an API token with the longest Time To Live (TTL) possible, to avoid service interruption.

After you create the API token, you can add the API token to the VMware Live Cyber Recovery UI.

Important: Your user account must have the Organization Owner role and VMware Cloud Services service roles (Administrator and NSX Cloud Admin) associated with it to create an API token to use with VMware Live Cyber Recovery.