VMware Aria Automation Orchstrator API Authentication

December 5, 2023 0 By Allan Kjaer

I was looking into how to run a workflow from PowerShell, and found the documentation a little confusing if you are using VMware vCenter SSO authentication.

In the documentation for VMware vCenter documentation looks like this.

There are little or no documentation for how to create a “holder-of-key (HoK) token)” i found 1 community thread and git repository where i cloud:



But that required the usage of some dll, from the SDK, and did not what to use this.

But if found that you can just use “Basic” Authentication like this (the example just gets som workflows, it do not execute them):

$username = "<USER>"
$password = "<PASSWORD>"
$vroserver = "<vRO FQDN>"

$pair = "{0}:{1}" -f ($username, $password)
$bytes = [System.Text.Encoding]::ASCII.GetBytes($pair)
$token = [System.Convert]::ToBase64String($bytes)

$headers = @{"Content-Type" = "application/json"; "Accept" = "application/json"; "Authorization" = "Basic $token"}
$response = Invoke-WebRequest -method GET -Uri 'https://$($vroserver)/vco/api/workflows?maxResult=10&startIndex=0&queryCount=false' -Headers $headers -SkipCertificateCheck 

The user is the UPN for the user like: “vrouser@vsphere.local” or “vrouser@domain.local”.

If the it uses Aria Automation authentication (vIDM) then you can use this:

$username = "<USER>"
$password = "<PASSWORD>"
$vroserver = "<vRO FQDN>"

# Get Authentication refresh token
$accessTokenUrl = "https://$($vroserver)/csp/gateway/am/api/login?access_token"
$properties = @{'username' = $username; 'password' = $password}
$bodyObject = New-Object -TypeName PSObject -Property $properties
$body = $bodyObject | ConvertTo-Json
$headers = @{"Content-Type" = "application/json"; "Accept" = "application/json"} 
$content = Invoke-RestMethod $accessTokenUrl -Method POST -Headers $headers -Body $body -SkipCertificateCheck -SkipHeaderValidation
$refreshToken = $content.refresh_token
# Get Access Token
$refreshProperties = @{"refreshToken" = $refreshToken}
$bodyObject = New-Object -TypeName PSObject -Property $refreshProperties
$body = $bodyObject | ConvertTo-Json
$accessUrl = "https://$($vroserver))/iaas/api/login"
$content = Invoke-RestMethod $accessUrl -Method POST -Headers $headers -Body $body -SkipCertificateCheck  -SkipHeaderValidation
$accessToken = $content.tokenType +" "+ $content.token

$headers = @{"Content-Type" = "application/json"; "Accept" = "application/json"; "Authorization" = "$accessToken"}
$response = Invoke-WebRequest -method GET -Uri 'https://$($vroserver)/vco/api/workflows?maxResult=10&startIndex=0&queryCount=false' -Headers $headers -SkipCertificateCheck 

The user name is NOT the UPN, but only the login name, for Aria Automation authentication.

Please share this page if you find it usefull: