You use a token to authenticate a vRealize Suite Lifecycle Manager API request.

All vRealize Suite Lifecycle Manager API requests require a valid authentication token in the header x-xenon-auth-token. To obtain a token, the login request supplies the user credentials in a form that Basic HTTP authentication requires. In this example, the user is logging in to a vRealize Suite Lifecycle Manager instance with URL https://LCM-Hostname/


  • Secure a channel between the web browser and the vRealize Suite Lifecycle Manager server. Open a browser and enter the URL such as:


    The system warns that your connection is not private. Click through to confirm the security exception and establish an SSL handshake.

  • Verify that you can log in to vRealize Suite Lifecycle Manager using the applicable credentials.


  1. Enter the command to request the HTTP bearer token.
    curl 'https://LCM-Hostname/lcm/api/v1/login' \
      -H 'content-type: application/json' \
      -H 'accept: application/json' \
      --data-binary $'{\n  "username": "admin@localhost",\n  "password": "VMware"\n}' \

    The -k flag is included to verify the certificate.

  2. Examine the response.

    A successful request returns an HTTP bearer token that you include in subsequent API requests.

      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ4biIsInN1YiI6Ii9jb3JlL2F1dGh6L3VzZXJzL3ZMQ01BZG1pbiIsImV4cCI6MTUwNzE4ODQwM30.dAcsjxo3qNkZfLaxwsGKHul_5MqdEmJUfmNf6zQqpZ0"
  3. For convenience, store the token in a variable.
    export token="EXAMPLE-TOKEN-TEXT"