VMware’s Cloud Services Platform is the central point for interacting with all of our Cloud services. Enhancements were made recently to the process of obtaining an API Token. The Cloud Services Platform team has introduced a better interface, with enhanced security capabilities around scoping. In this blog post, I’m going to take you through generating a token for the Cloud Automation Services which you can use with your own API calls!
Why Is This Useful?
The Cloud Management Business Unit has put a massive emphasis on creating more useful and functional API’s. In today’s multi and hybrid cloud world, administrators need to be able to interact with platforms through a number of different methods. One of those more common methods is via programmable interfaces. Specifically within Cloud Automation Services, we’ve overhauled our API focus to provide an API endpoint for nearly every function within the UI! It’s a journey – and we’re continuing to make more enhancements as time moves forward to get closer to that overall goal of API First! Did you know the Cloud Automation Services Hands on Lab extensively uses the API to generate your environment every time you login?
For a quick start using the Cloud Automation Services API, I suggest you have a read around the Cloud Automation Services – API First! blog post, or consume Jon Schulman’s Postman Collection for Cloud Automation Services. This Postman collection is a great way to get started quickly using the API and will be detailed in a future blog post, very soon!
If you wish to follow along, all of these steps can be executed against the Cloud Automation Services Hands on Lab! You should go check it out!
Lets get started!
First, navigate to https://console.cloud.vmware.com and sign in with your credentials. You’ll need to be a member of an organization in order to sign in – if you’re following along in the Hands on Lab, you should be good to go! Once signed in, you should land at a listing of all the applications available in your Organization.
Select the name of your organization on the top right and select “My Account”
On the next screen, select API tokens on the navigation bar. You should be presented with the currently assigned tokens for your organization.
There’s a lot of information on this screen. Lets take a tour around! As previously mentioned, we can see all the tokens currently assigned out to our organization. We can see expiration dates, last usage dates, as well as roles that exist for the tokens. The ability to scope tokens down to specific roles is a new capability within the platform. We can also change the view of this screen to be a much smaller list style view instead of the tile centric view we see now. Very awesome!
Generating Our Token
First, Select the “Generate Token” option from the menu above our existing tokens, s as a result we will be presented with a menu for creating our new API token!
As before, there’s a lot of data to unpack on this page! Let’s step through it all…
- We have a friendly name we can assign to our token. As I’m creating a new token for myself, I’ll simply name this “CAS-Token”
- We can define scopes around this tokens capabilities and the services it can access. In my case, I’ll set it as an Organization Owner. Note – Use caution when delegating permissions, and make sure you understand the level of access you are granting to your Cloud Services Organization
- Similar to the previous item, we can provide access to specific services and the API’s within them. In my case, I’m going to select Cloud Assembly, Service Broker, and Code Stream.
Fill in your data, and select “Generate” and we’ll be off to the races!
As a result, you’ll be rewarded for your efforts with a shiny new CAS API Token for your Organization. Choose to Copy, Download, or Print this token. Note – Once this screen is gone, it’s gone forever. You won’t be able to retrieve the token after this screen is closed. Use caution and store your secrets safely!
Our configuration is complete! You can now use this token to work directly with the Cloud Automation Services and Cloud Services Portal API’s! Note – this token has been revoked, in order to prevent you from stealing my stuff 🙂