Get Your Access Token for the vRealize Automation API

To get the token used to authenticate your session, you use the Identity Service API to get an API token. Then you use the API token as input to the IaaS API to get an access token.

The access token is valid for eight hours. If the token times out, request it again.

Note: The process to obtain the access token is different depending upon the vRealize Automation version.

For vRealize Automation version 8.0, you can use the Identity Service API alone, or you can use both the Identity Service API and IaaS API to obtain the access token.
For vRealize Automation versions 8.0.1, 8.1 or later, you must use both the Identity Service API and IaaS API to obtain the access token. Using the token generated by the Identity Service API alone will not work due to a missing internal state.

The following procedure shows how to obtain the access token using both the Identity Service API and the IaaS API.

Prerequisites

Secure a channel between the web browser and the vRealize Automation server. Open a browser and enter the URL such as: https://appliance.domain.com.

Procedure

Assign values to the variables for the hostname of your vRealize Automation appliance, your user name, and your password.
```
url='https://<vRA-FQDN>'
username='<your_username>'
password='<your_password>'
```
Use the Identity Service API to obtain the API token.
The API token is also known as the refresh token. It is valid for 90 days and can be used to generate a new access token when the access token expires.
Note: You cannot revoke the refresh token.
```
api_token=`curl -X POST \
  "$url/csp/gateway/am/api/login?access_token" \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -d '{
  "username": "'$username'",
  "password": "'$password'"
}' | jq -r .refresh_token`
```
Verify the API token variable is assigned.
The token is a compact string of characters as in the following example.
```
# echo $api_token
ABCutJJ7oEq7sWYD9qkpnlrzYqlFlSZmrWXYZrkpGswN8nzjmkWeNqn8QA1RfhQg
```

With the API token assigned, use the IaaS API to request the access token.

access_token=`curl -X POST \
  "$url/iaas/api/login" \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -d '{
  "refreshToken": "'$api_token'"
}' | jq -r .token`

Verify the access token variable is assigned.
The access token is a long JSON Web Token as in the following example.
```
# echo $access_token
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InNpZ25pbmdfMiJ9.eyJzdWIiOiJ2bXdhcmUuY29tOj...
...
tSQ74_XhszGifZe_gFdxw
```
After 25 minutes of inactivity, the access token times out and you must request it again. You can revoke an access token at any time.

Results

You have obtained the access token required to authenticate your API calls. This access token is valid for vRealize Automation users and is necessary when using tools that are integrated with vRealize Automation.

What to do next

Use the access token to verify user roles. See Verify User Roles.