Users authenticate with vCloud Air by supplying credentials established when the vCloud Air user was created. User credentials are authenticated by the identity management system for vCloud Air.

Authenticating with vCloud Air returns a vCloud Air authorization token that the client can use to receive an authorization token from vCloud. The client only needs to present authentication credentials once to access each functional boundary (vCloud Air and vCloud) surfaced by the API.

HTTP communications between a vCloud Air client and server are secured with SSL. vCloud Air implements Basic HTTP authentication, as defined by RFC 2617, which enables a client to authenticate by including an Authorization header in the request. The Authorization header contains the basic credentials in Base64 encoding containing a user name and password.

The authentication for this exchange uses the following format:

Request:

POST https://vchs.vmware.com/api/vchs/sessions
Authorization: Basic UserName@domain.com:password
Accept: application/xml;version=5.6

Wherein UserName@domain.com:password is encoded.

Response:

201 Created
x-vchs-authorization:vchs-auth-token

All requests from authenticated clients must include an Authorization header. The response code indicates whether the request succeeded or how it failed. If the request is successful, the server returns HTTP response code 201 Created because logging in to the API requires a POST call. If the Authentication header is missing, the server returns HTTP response code 403. If the credentials supplied in the Authentication header are invalid, or if the token has expired, the server returns HTTP response code 401.

After the client authenticates, vCloud Air retrieves a session token from SAML and authenticates with the vCloud instance.