vRealize Operations Manager requires API requests to be authenticated. The first step in this workflow is to obtain an authentication token.

To obtain an authentication token, the login request supplies the user credentials in a form that Basic HTTP authentication requires. In this example, the user is logging in to a vRealize Operations Manager instance with URL https://vrealize.example.com/.
Note: This example uses token-based authentication. For more information regarding authentication mechanisms, see Security.


  • Secure a channel between the web browser and the vRealize Operations Manager server. Open a browser and enter the URL of a vRealize Operations Manager instance such as:

    The system warns that your connection is not private. Click through to confirm the security exception and establish an SSL handshake.

  • Verify that you can access the APIs. Enter the URL of your vRealize Operations Manager instance with suite-api/docs/rest/index.html added to the end, such as:
  • Verify that you have the login credentials for a user of your vRealize Operations Manager instance.


  1. POST a request to the login URL to acquire a token.
    POST https://vrealize.example.com/suite-api/api/auth/token/acquire
    See Login Request and Response.
  2. Examine the response.
    A successful request returns an ops authorization token, which you must included in subsequent API requests.

Example: Login Request and Response

This example shows a request and response for a user with the login username: vRealize-user and password: vRealize-dummy-password.

Request header:
POST https://vrealize.example.com/suite-api/api/auth/token/acquire
Content-Type: application/json
Accept: application/json
Request body in JSON format:
  "username" : "vRealize-user",
  "password" : "vRealize-dummy-password"
Response in JSON:
200 OK
  "token": "8f868cca-27cc-43d6-a838-c5467e73ec45::77cea9b2-1e87-490e-b626-e878beeaa23b",  
  "validity": 1470421325035,  
  "expiresAt": "Friday, August 5, 2016 6:22:05 PM UTC",  
  "roles": []
The response code indicates whether the request succeeded, or how it failed.
  • If the request is successful, the server return HTTP response code 200 (OK) and re-usable ops authorization token that expires after six hours. This token must be included in each subsequent API request.
  • If the authorization header is missing for the request, the server returns HTTP response code 403.
  • If the credentials supplied in the Authorization header are invalid, the server returns HTTP response code 401.