Most method calls must carry a session ID to authenticate with the server at the time of the call. The session ID is a temporary substitute for username and password, thereby limiting risk to the principal's credentials.
To acquire a session ID, you have these options:
- Invoke the
SessionManager.
Login
method with username and password, exchanging the principal's credentials for a session ID token. - Request a SAML token from the vCenter Single-Sign-On server, and use the token to invoke the
SessionManager.
LoginByToken
method, receiving a session ID token in exchange.
For example, the response headers might contain lines similar to the following:
content-type: application/json date: Tue, 14 Aug 2007 13:30:00 GMT vmware-api-session-id: 0123498765fabdec5263748596071829304100ab x-envoy-upstream-service-time: 45The value
0123498765fabdec5263748596071829304100ab
is the session ID token. Use it in the headers of your API requests, like this:
content-type: application/json vmware-api-session-id: 0123498765fabdec5263748596071829304100ab