VMware Aria Automation Orchstrator API Authentication

December 5, 2023 0 By Allan Kjaer

I was looking into how to run a workflow from PowerShell, and found the documentation a little confusing if you are using VMware vCenter SSO authentication.

In the documentation for VMware vCenter documentation looks like this.

There are little or no documentation for how to create a “holder-of-key (HoK) token)” i found 1 community thread and git repository where i cloud:

https://communities.vmware.com/t5/VMware-Aria-Automation/HoK-token-for-accessing-vRO-via-REST-call-powershell/td-p/518817

https://github.com/qlikq/ExampleVRORestMethodHoKtoken

But that required the usage of some dll, from the SDK, and did not what to use this.

But if found that you can just use “Basic” Authentication like this (the example just gets som workflows, it do not execute them):

$username = "<USER>"
$password = "<PASSWORD>"
$vroserver = "<vRO FQDN>"

$pair = "{0}:{1}" -f ($username, $password)
$bytes = [System.Text.Encoding]::ASCII.GetBytes($pair)
$token = [System.Convert]::ToBase64String($bytes)

$headers = @{"Content-Type" = "application/json"; "Accept" = "application/json"; "Authorization" = "Basic $token"}
$response = Invoke-WebRequest -method GET -Uri 'https://$($vroserver)/vco/api/workflows?maxResult=10&startIndex=0&queryCount=false' -Headers $headers -SkipCertificateCheck 
$response.content

The user is the UPN for the user like: “vrouser@vsphere.local” or “vrouser@domain.local”.

If the it uses Aria Automation authentication (vIDM) then you can use this:

$username = "<USER>"
$password = "<PASSWORD>"
$vroserver = "<vRO FQDN>"

# Get Authentication refresh token
$accessTokenUrl = "https://$($vroserver)/csp/gateway/am/api/login?access_token"
$properties = @{'username' = $username; 'password' = $password}
$bodyObject = New-Object -TypeName PSObject -Property $properties
$body = $bodyObject | ConvertTo-Json
$headers = @{"Content-Type" = "application/json"; "Accept" = "application/json"} 
$content = Invoke-RestMethod $accessTokenUrl -Method POST -Headers $headers -Body $body -SkipCertificateCheck -SkipHeaderValidation
$refreshToken = $content.refresh_token
   
# Get Access Token
$refreshProperties = @{"refreshToken" = $refreshToken}
$bodyObject = New-Object -TypeName PSObject -Property $refreshProperties
$body = $bodyObject | ConvertTo-Json
$accessUrl = "https://$($vroserver))/iaas/api/login"
$content = Invoke-RestMethod $accessUrl -Method POST -Headers $headers -Body $body -SkipCertificateCheck  -SkipHeaderValidation
$accessToken = $content.tokenType +" "+ $content.token

$headers = @{"Content-Type" = "application/json"; "Accept" = "application/json"; "Authorization" = "$accessToken"}
$response = Invoke-WebRequest -method GET -Uri 'https://$($vroserver)/vco/api/workflows?maxResult=10&startIndex=0&queryCount=false' -Headers $headers -SkipCertificateCheck 
$response.content

The user name is NOT the UPN, but only the login name, for Aria Automation authentication.

Please share this page if you find it usefull:
CategoryAria Automation Aria Automation Orchestrator Powershell VMware
TagsAria Automation Aria Automation Orchestrator PowerShell VMware

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.