Create user token
You need to generate a bearer token to gain access to the BlueXP REST APIs. A user token is more commonly used for customer automation than the service token. There are two workflows available to create a user token. The one you select depends on your authentication environment.
The first of the two workflows is required for federated authentication. However you can also use it for non-federated authentication. And because cleartext passwords are not used, it is the more secure way to authenticate and so is recommended for both federated and non-federated authentication. |
Create a user token with federated authentication
This workflow describes how to create a user access token when using federated authentication. You can also use it to create a user token for non-federated authentication which is recommended because of the enhanced security.
Review the parameters in the JSON input example for the second workflow step.
1. Generate a NetApp refresh token
Navigate to Refresh Token Generator and generate a long-lived token. You need to provide this in the refresh_token
JSON input parameter in the next step.
2. Generate the user token
This API call uses the Auth0 authentication service and not the NetApp BlueXP service. See the URL in the curl example below and adjust for your environment as needed. The client identifier in the JSON input is the same constant value for all customers.
HTTP method | Resource path |
---|---|
POST |
/oauth/token |
- curl example
curl --location --request POST 'https://netapp-cloud-account.auth0.com/oauth/token' --header 'Content-Type: application/json' --data @JSONinput
- Input parameters
-
The JSON input example includes the list of input parameters.
- JSON input example
{
"grant_type": "refresh_token",
"refresh_token": "<REFRESH_TOKEN>",
"client_id": "Mu0V1ywgYteI6w1MbD15fKfVIUrNXGWC"
}
- Output
-
The JSON output example includes the list of returned values. The
expires_in
value is expressed in seconds. - JSON output example
{
"access_token": "<USER_TOKEN>",
"id_token": "<ID_TOKEN>",
"scope": "openid profile cc:update-password",
"expires_in": 86400,
"token_type": "Bearer"
}
Create a user token with nonfederated authentication
This workflow describes how to create an access token when using non-federated authentication.
Review the parameters in the JSON input example for the first workflow step. You must have the account credentials and the client identifier.
1. Generate the user token
This API call uses the Auth0 authentication service. See the URL in the curl example below and adjust for your environment as needed.
HTTP method | Resource path |
---|---|
POST |
/oauth/token |
- curl example
curl --location --request POST 'https://netapp-cloud-account.auth0.com/oauth/token' --header 'Content-Type: application/json' --data @JSONinput
- Input parameters
-
The JSON input example includes the list of input parameters.
- JSON input example
{
"username": "user@my-company-demo.com",
"scope": "openid profile",
"audience": "https://api.cloud.netapp.com",
"client_id": "<CLIENT_ID>",
"grant_type": "password",
"password": "userpassword",
"Realm":"Username-Password-Authentication"
}
- Output
-
The JSON output example includes the list of returned values. The
expires_in
value is expressed in seconds. - JSON output example
{
"access_token": "<USER_TOKEN>",
"id_token": "<ID_TOKEN>",
"scope": "openid profile cc:update-password",
"expires_in": 86400,
"token_type": "Bearer"
}