You can access the Orchestrator APIs using tokens instead of session-based authentication. As an Operator Super User, you can manage the API tokens. You can create multiple API tokens for a user.

Note: For Enterprise Read Only users and MSP Business Specialist users, token-based authentication is not activated.
By default, the API Tokens are activated. If you want to deactivate them, go to System Properties in the Operator portal, and set the value of the system property session.options.enableApiTokenAuth as False.
Note: Operator Super User should manually delete inactive Identity Provider (IdP) users from the Orchestrator to prevent unauthorized access via API Token.

The users can create, revoke, and download the tokens based on their roles.

To manage the API tokens:
  1. In the Operator portal, navigate to Administration > User Management > Users.
  2. Select a user and click Modify or click the link to the username. Go to the API Tokens section.
  3. Click New API Token.
  4. In the New Token window, enter a Name and Description for the token, and then choose the Lifetime from the drop-down menu.
  5. Click Save. The new token is displayed in the API Tokens table. Initially, the status of the token is displayed as Pending. Once you download it, the status changes to Enabled.
  6. To download the token, select the token, and then click Download API Token.
  7. To deactivate a token, select the token, and then click Revoke API Token. The status of the token is displayed as Revoked.
  8. Click CSV to download the complete list of API tokens in a .csv file format.
  9. When the Lifetime of the token is over, the status changes to Expired.
Note: Only the user who is associated with a token can download it and after downloading, the ID of the token alone is displayed. You can download a token only once. After downloading the token, the user can send it as part of the Authorization Header of the request to access the Orchestrator API.
The following example shows a sample snippet of the code to access an API. 
curl -k -H "Authorization: Token <Token>"
  -X POST https://vco/portal/
  -d '{ "id": 1, "jsonrpc": "2.0", "method": "enterprise/getEnterpriseUsers", "params": { "enterpriseId": 1 }}'
Similarly, you can configure additional properties and create API tokens for Partner Admins, Enterprise Customers, and Partner Customers. For more information, see:
  • 'Users - Customer' topic in the VMware SD-WAN Administration Guide
  • 'Users - Partner' topic in the VMware SD-WAN Partner Guide
The following are the other options available in the API Tokens section:
Option Description
Search Enter a search term to search for the matching text across the table. Use the advanced search option to narrow down the search results.
Columns Click and select the columns to be displayed or hidden on the page.
Refresh Click to refresh the page to display the most current data.