To retrieve object representations, clients make HTTP requests to object references.

Security

The HTTP link between an API client and server is established using SSL. API clients configure token-based authentication to communicate with the server.

Figure 1. Scenario: Provide user credentials to obtain details about alert with ID 123
Protected endpoint accessed with valid credentials
You can call the vRealize Operations Cloud APIs after generating the Cloud Services authentication token. Use the following endpoint:
https://www.mgmt.cloud.vmware.com/vrops-cloud/suite-api
Note: If your organization is located outside of the United States, use the country abbreviation for your API endpoint. Using the wrong endpoint will result in a 404 error. For example, if your organization is located in Australia, your country abbreviation is AU and your API endpoint is:
https://au.www.mgmt.cloud.vmware.com/vrops-cloud/suite-api 
You must pass the Cloud Services authentication token with every request as an HTTP header in the following format:
Authorization: CSPToken {CSP Auth Token}
For example:
curl -k https://www.mgmt.cloud.vmware.com/vrops-cloud/suite-api/api/resources -H "Content-Type: application/json" -H "Accept: application/json" -H "Authorization: CSPToken abc12345...

Request Headers

The following HTTP headers are typically included in API requests:
Accept-Language To specify the language desired in responses, use the Accept-Language request header. Message strings in ErrorType responses are localized. To request a response with message strings localized to French, use the following header:
Accept-Language: fr-FR
Authorization All requests to create an API session must include an Authorization header of the form prescribed by the identity provider that your organization uses
Content-Type Requests that include a body must include an appropriate HTTP Content-Type header.
  • For a request body in XML, the header must include Content-Type: application/xml
  • For a request body in JSON, the header must include Content-Type: application/json
Accept To specify the desired response format , include the Accept request header.
  • For a response in XML, the header must include Accept: application/xml
  • For a response in JSON, the header must include Accept: application/json

Request Bodies in XML

For a request body written in XML, vRealize Operations Cloud uses a validating XML parser that requires elements in a request body to agree with the schema in order and number. Request bodies are rejected as invalid unless they meet the following criteria:

  • XML namespace attributes must be supplied for all namespaces represented by elements in the request.
  • If multiple namespaces are represented in the request, XML namespace attributes must include an identifying prefix, and that prefix must be used with all elements from that namespace.
  • All required elements must appear in request bodies. All elements that appear in request bodies must appear in the order that the schema establishes, and with content that conforms to the type constraint that the schema specifies.