vCloud PAYG REST API

The vCloud PAYG REST API is a programing interface which allows administrators and clients to orchestrate management of the VMware vCloud Director environment.  

 

This section will guide you to create a Service Account and add IP addresses from which you can connect to the API.


Topics


Use of Service Accounts

Service Accounts are separate CloudCreator accounts that have VMware vCloud Admin access. They have the following characteristics:

  • Do not need 2 factor authentication.
  • Have access to all vCloud VDCs across the organisation in all datacentres.
  • Can be used to access the vCloud GUI after login to CloudCreator.
  • Conform to the following password expiry rules:
    • Passwords cannot be set manually, and are auto-generated.
    • Service Account passwords do not expire but can be reset. Any applications using the Service Account will also need to be changed. See Reset a Service Account Password
    • The application will lock out the Service Account after ten failed attempts. It will remain locked for 30 minutes before auto-unlocking.
    • There is no constraint on the number of Service Accounts created so they can be treated as disposable in event of account lockouts or forgotten passwords.

 


Use of Whitelists

CCL only allows access to VDCs via API from whitelisted Public IP addresses. The IP addresses added to the whitelist need to be the public facing source address of the machine making the API call.

 


Full Schema Reference on API Calls

The reference information relating to API calls includes:

 


Create a Service Account 

Use these steps to create a Service Account and add IP addresses from which you can connect to the REST API.

 

1. Click the Virtual Clouds icon   in the sidebar.

 

2. If your company is using multiple virtual clouds, click the cloud name at the top of your screen. From the dropdown menu, select the required Parent or Child cloud.
 

 

3. In the Summary screen for your virtual cloud, select the Options Cog > Manage Subscriptions.

 

 

4. In the Manage Subscriptions screen, click the Configure link for vCloud, as shown below.

 

 

5. In the vCloud Configuration screen, click Create Service Account.

 

 

6. The Configure Service Account screen will appear. The service account expiry date will default to 90 days unless you select the Do not expire checkbox. Select this if required, then click Create. 

 

Note: The passwords for all vCloud public API service accounts are set to 'not expire'.

 

 

7. If you selected the Do not expire option, the following declaration will appear. Tick the box to acknowledge your acceptance and click OK.

 

 

8. An account will be created with an automatically generated Service Account Name and Password. Select Copy password, as it will not be accessible after you close this window. Once you have copied and pasted the password, click OK to confirm. 

 

 

Note: The Service Account may take a short period of time (approximately 10-15 minutes) to replicate across all required servers and become fully available.

 

9. Once a Service Account is established, it can be accessed directly from the Summary screen for your virtual cloud. Select the Options Cog > Manage Resource Pool API Access.

 

 


Create an IP Address in a Whitelist

Use these steps to add an IP address to the vCloud Whitelist.

 

1. From the vCloud Configuration screen, scroll down to the IP Whitelists section. Click the Cog icon  next to the required datacentre. 

 

 

2. The datacentre details will appear, including the datacentre URL that the API calls will be directed to. Select Manage IP Whitelist.

 

 

3. In the Manage IP Whitelist screen, click the Plus icon   to add an IP address. 

 

 

4. A blank field will appear. Enter an external IP address (see the guide below) and click Save to apply the changes.

 

 

Use the table and notes below as a guide for entering IP addresses.

 

IP Address Types Format
Single

111.111.111.111

(eg: 111.1.0.40)

Range

111.111.111.111-222

(eg: 111.2.0.40-50)

Group of IP addresses in the CIDR format

111.111.111.111/xx

(where xx is a number between 24 and 32, eg: 101.20.40.100/28)

 

Notes:

  • In all cases the numbers 111 and 222 in the formats above are limited to being between the actual values 0 and 255 (inclusive).
  • The following industry-standard 'Private' IPs are not able to be loaded:
    • 0.0.0.0 and 127.0.0.1
    • 10.0.0.0 through to 10.255.255.255
    • 172.16.0.0 through 172.31.255.255
    • 192.168.0.0 through 192.168.255.255
  • Be careful of accidentally establishing more than one IP Address range that covers the same set of IP Addresses.

 

5. Once your Service Account is been created, you can connect to the API endpoint for the selected datacentre using the IP address you have added.

 


 

Delete an IP Address in a Whitelist

Use these steps to remove an IP address from the vCloud Whitelist.

 

1. From the Summary screen for your virtual cloud, select the Options Cog Manage Resource Pool API Access

 

 

2. In the vCloud Configuration screen, scroll down to the IP Whitelists section. Click the Options Cog  next to the required datacentre.

 

 

3. The datacenter details will appear. Click Manage IP Whitelist.

 

 

4. In the Manage Whitelist IPs screen, click the cross icon next to the external IP address to be removed.

 

 

5. Click OK to confirm the deletion, then Save. The IP address has now been removed from your Whitelist.

 


View and Configure a Service Account Expiry Date

Follow these steps to view and configure a service account expiry date:

 

1. From the Summary screen for your virtual cloud, select the Options Cog > Manage Resource Pool API Access.

 

 

2.  The vCloud Configuration screen will show a list of your service accounts. Here you can:

  • View a service account expiry date and hover your mouse over a 'Non-expire account' to see who set a service account to 'not expire'. 
  • Configure a Service Account Expiry Date. Select the Cog icon  of the Service Account you want to configure and go to the next step. 
  • Select the Key icon    to reset the service account password. See Reset a Service Account Password.

 

 

3. The Configure Service Account screen will appear. Here you can select either:

  • Do not expire > Save:  The Service Account expiration declaration will appear. Tick the checkboxes to accept and click OK. 

OR

  • Set expiry date:  Select an option and click OK to confirm. If you have selected more than 90 days, the Service Account expiration declaration will appear. Tick the checkboxes to accept and click OK. 

 

 

Note: If you have not selected an option or have clicked out of the window, the expiry date will default to 90 days. You will receive the following message. Click OK or Cancel to return to the previous screen. 

 

 


Delete a Service Account

Follow these steps to delete a vCloud Service Account.

 

1. From the Summary screen for your virtual cloud, select the Options Cog Manage Resource Pool API Access

 

 

2. In the vCloud Configuration screen, click the X icon  next to the service account you want to delete.

 

 

3. Click Delete to confirm the deletion. The Service Account will be removed.

 


Reset a Service Account Password

Follow these steps to reset the password for a vCloud Service Account.

 

1. From the Summary screen for your virtual cloud, select the Options Cog  Manage Resource Pool API Access

 

 

2. In the vCloud Configuration screen, click the Key icon    next to the service account you want to reset.

 

 

3. Click Reset to confirm the password reset.

 

 

4. The new password displays in the confirmation window.

 

Important: You must copy and paste this password, as it won't be accessible after you close this window.

 

 

5. Once you have copied the password, click OK. Your password has now been changed.


 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

The page cannot be found

The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. Please make sure you spelled the page name correctly or use the search box.