LDAP users and local users are defined by the vCloud Director integrated identity provider, and must include credentials in the form required by Basic HTTP authentication when making a the request to create a vCloud API Session.

Verify that you know the API login URL. See Example: Retrieve the Login URL and List of Supported API Versions.

Verify that you are logging in as a user whose identity is managed by the vCloud Director integrated identity provider.

1

Use the login URL to authenticate to the vCloud API.

POST a request to this URL. The request must include your username, organization name, and password in a MIME Base64 encoding. See Example: Create a Login Session Using the Integrated Identity Provider.

2

Examine the response.

The response code indicates whether the request succeeded, or how it failed.

If the request is successful, the server returns HTTP response code 200 (OK) and headers that include a header of the form:

x-vcloud-authorization: token

This header, including the token, must be included in each subsequent vCloud API request.

If the Authorization header is missing from the request, the server returns HTTP response code 403.

If the credentials supplied in the Authorization header are invalid, the server returns HTTP response code 401.

A valid request returns a Session element. See Example: Create a Login Session Using the Integrated Identity Provider.

A request to create a login session using the Integrated Identity provider must supply the user's credentials in the following form:

user@organization:password

user is the user's login name.

organization is the name of the user's organization.

password is the user's password.

These credentials must be supplied in a MIME Base64 encoding, as specified in RFC 1421.

This example shows a Basic HTTP authentication login request and response for a user logging in to the Finance organization of a cloud whose API login URL is https://vcloud.example.com/api/sessions.

Request:

POST https://vcloud.example.com/api/sessions 
Authorization: Basic encoded-credentials
Accept: application/*;version=9.0

Response:

200 OK
x-vcloud-authorization: cn9uYmd...
...
<Session
   xmlns="http://www.vmware.com/vcloud/v1.5"
   userUrn="urn:vcloud:user:fe50b0b5-..." 
   user="bob"
   org="Finance" 
   ... >
  <Link
      rel="down"
      type="application/vnd.vmware.vcloud.org+xml"
      name="System"
      href="https://vcloud.example.com/api/org/5" />
  <Link
      rel="down"
      type="application/vnd.vmware.vcloud.query.queryList+xml"
      href="https://vcloud.example.com/api/query" />
   <Link
      rel="entityResolver"
      type="application/vnd.vmware.vcloud.entity+xml"
      href="https://vcloud.example.com/api/entity/" />
</Session>

The response includes the re-usable x-vcloud-authorization header and these Link types:

org

A link to your organization. See Retrieve a List of Organizations Accessible to You.

queryList

A link to the set of typed queries the user can run. See Using the Query Service.

entity

A link to the entity resolver. See Retrieve an Object as an Entity.