Skip to main content

Create user token

Contributors dmp-netapp netapp-ranuk

You need to generate a bearer token to gain access to the BlueXP REST APIs. A user token is more commonly used for customer automation than the service token. There are two workflows available to create a user token. The one you select depends on your authentication environment.

Note The first of the two workflows is required for federated authentication. However you can also use it for non-federated authentication. And because cleartext passwords are not used, it is the more secure way to authenticate and so is recommended for both federated and non-federated authentication.

Create a user token with federated authentication

This workflow describes how to create a user access token when using federated authentication. You can also use it to create a user token for non-federated authentication which is recommended because of the enhanced security.

Before you begin

Review the parameters in the JSON input example for the second workflow step.

1. Generate a NetApp refresh token

Navigate to Refresh Token Generator and generate a long-lived token. You need to provide this in the refresh_token JSON input parameter in the next step.

2. Generate the user token

This API call uses the Auth0 authentication service and not the NetApp BlueXP service. See the URL in the curl example below and adjust for your environment as needed. The client identifier in the JSON input is the same constant value for all customers.

HTTP method Resource path

POST

/oauth/token

curl example
curl --location --request POST 'https://netapp-cloud-account.auth0.com/oauth/token' --header 'Content-Type: application/json' --data @JSONinput
Input parameters

The JSON input example includes the list of input parameters.

JSON input example
{
    "grant_type": "refresh_token",
    "refresh_token": "<REFRESH_TOKEN>",
    "client_id": "Mu0V1ywgYteI6w1MbD15fKfVIUrNXGWC"
}
Output

The JSON output example includes the list of returned values. The expires_in value is expressed in seconds.

JSON output example
{
    "access_token": "<USER_TOKEN>",
    "id_token": "<ID_TOKEN>",
    "scope": "openid profile cc:update-password",
    "expires_in": 86400,
    "token_type": "Bearer"
}

Create a user token with nonfederated authentication

This workflow describes how to create an access token when using non-federated authentication.

Before you begin

Review the parameters in the JSON input example for the first workflow step. You must have the account credentials and the client identifier.

1. Generate the user token

This API call uses the Auth0 authentication service. See the URL in the curl example below and adjust for your environment as needed.

HTTP method Resource path

POST

/oauth/token

curl example
curl --location --request POST 'https://netapp-cloud-account.auth0.com/oauth/token' --header 'Content-Type: application/json' --data @JSONinput
Input parameters

The JSON input example includes the list of input parameters.

JSON input example
{
    "username": "user@my-company-demo.com",
    "scope": "openid profile",
    "audience": "https://api.cloud.netapp.com",
    "client_id": "<CLIENT_ID>",
    "grant_type": "password",
    "password": "userpassword",
    "Realm":"Username-Password-Authentication"
}
Output

The JSON output example includes the list of returned values. The expires_in value is expressed in seconds.

JSON output example
{
    "access_token": "<USER_TOKEN>",
    "id_token": "<ID_TOKEN>",
    "scope": "openid profile cc:update-password",
    "expires_in": 86400,
    "token_type": "Bearer"
}