You use an HTTP bearer token to authenticate a vRealize Automation REST API consumer request.

About this task

A consumer request must specify the correct component registry service and resource. For example, the URL to obtain an HTTP bearer token must specify the identity service and token resource.

The token expires in 24 hours by default. See Configure the Duration of an HTTP Bearer Token for information on how to set the duration.

For details regarding input, output, and response codes, see Syntax for Requesting an HTTP Bearer Token.


  • Secure a channel between the web browser and the vRealize Automation server. Open a browser and enter the URL such as:

    The system warns that your connection is not private. Click through to confirm the security exception and establish an SSL handshake.

  • Log in to vRealize Automation using the applicable credentials. For example, to assign a user to a role, log in as a tenant administrator.

  • Verify that the appliance name and fully qualified domain name of the vRealize Automation instance are available.


  1. Enter the command to request the HTTP bearer token.
    curl --insecure -H "Accept: application/json" -H 'Content-Type: application/json' --data '{"username":"","password":"vra-user-password","tenant":""}' https://$vRA/identity/api/tokens

    In this example, $vRA is an instance of vRealize Automation. The --insecure flag is included so that the request will return a response even if the traffic is not secured with a trusted certificate.

  2. Examine the response.

    A successful request returns an HTTP bearer token that you include in subsequent API requests.

  3. For convenience, store the token in a variable.
    export token="EXAMPLE-TOKEN-TEXT"

Token Request and Response

The following sample displays output based on the example request.

curl --insecure -H "Accept: application/json" -H 'Content-Type: application/json' --data '{"username":"","password":"vra-user-password","tenant":""}' https://$vRA/identity/api/tokens
{"expires":"2017-04-14T04:46:43.000Z","id":"MTQ5Mj ... M2RmMA==","tenant":""}

The id is the bearer token to store for future use.

export token="MTQ5Mj ... M2RmMA=="

If the credentials supplied in the Authorization header are invalid, the response includes status code 401 as in the following output.

<!DOCTYPE html><html><head><title>Error report</title></head><body><h1>HTTP Status 401 - Authentication required</h1></body></html>