Create user token

Contributors netapp-ranuk Download PDF of this page

You must generate a bearer token to authenticate and access the Cloud Manager REST API. There are two workflows available depending on the type of authentication. You need to select the correct workflow:

Create a user token with federated authentication

This workflow describes how to create an access token when using federated authentication.

Before you begin

Review the parameters in the JSON input example for the second workflow step. In particular, you must have the client identifier.

1. Generate a NetApp refresh token

Navigate to Refresh Token Generator and generate a long-lived token. You need to provide this in the refresh_token JSON input parameter in the next step.

2. Generate the user token

This API call uses the Auth0 authentication service and not the NetApp Cloud Manager service. See the URL in the curl example below and adjust for your environment as needed.

HTTP method Resource path

POST

/oauth/token

curl example
curl --location --request POST 'https://netapp-cloud-account.auth0.com/oauth/token' --header 'Content-Type: application/json' --d @JSONinput
Input parameters

The JSON input example includes the list of input parameters.

JSON input example
{
    "grant_type": "refresh_token",
    "refresh_token": "<REFRESH_TOKEN>",
    "client_id": "<CLIENT_ID>"
}
Output

The JSON output example includes the list of returned values. The expires_in value is expressed in seconds.

JSON output example
{
    "access_token": "<USER_TOKEN>",
    "id_token": "<ID_TOKEN>",
    "scope": "openid profile cc:update-password",
    "expires_in": 86400,
    "token_type": "Bearer"
}

Create a user token with nonfederated authentication

This workflow describes how to create an access token when using non-federated authentication.

Before you begin

Review the parameters in the JSON input example for the first workflow step. In particular, you must have the account credentials and the client identifier.

1. Generate the user token

This API call uses the Auth0 authentication service and not the NetApp Cloud Manager service. See the URL in the curl example below and adjust for your environment as needed.

HTTP method Resource path

POST

/oauth/token

curl example
curl --location --request POST 'https://netapp-cloud-account.auth0.com/oauth/token' --header 'Content-Type: application/json' --d @JSONinput
Input parameters

The JSON input example includes the list of input parameters.

JSON input example
{
    "username": "user@my-company-demo.com",
    "scope": "openid profile",
    "audience": "https://api.cloud.netapp.com",
    "client_id": "<CLIENT_ID>",
    "grant_type": "password",
    "password": "userpassword",
    "Realm":"Username-Password-Authentication"
}
Output

The JSON output example includes the list of returned values. The expires_in value is expressed in seconds.

JSON output example
{
    "access_token": "<USER_TOKEN>",
    "id_token": "<ID_TOKEN>",
    "scope": "openid profile cc:update-password",
    "expires_in": 86400,
    "token_type": "Bearer"
}