Create a service token for the NetApp Console
Suggest changes
Create a service access token that can be used by the NetApp Console internal services and external clients. You can create the token using client secret authentication or private key JWT authentication. Private key JWT authentication is recommended for increased security.
Use the following steps to create a service access token using the client secret authentication method.
You need to obtain the following:
-
client_id
The application ID that the Console SaaS UI has assigned to your application. -
client_secret
The secret generated by the UI when you registered the application.
See Register a service for more information about obtaining these credentials.
This API call uses the Auth0 authentication service and not a NetApp Console service endpoint. You need to review the URL in the curl example and adjust for your environment as needed.
| HTTP method | Resource path |
|---|---|
POST |
/oauth/token |
- Curl example
curl --location --request POST 'https://netapp-cloud-account.auth0.com/oauth/token' --header 'Content-Type: application/json' --d @JSONinput- Input parameters
-
The JSON input example below includes the list of required input parameters.
- JSON input example
{
"audience": "https://api.cloud.netapp.com",
"client_id": "TvPPs4SeM5smEElsGmdDUznljhN3YY8s",
"client_secret": "3ajeU_pG9rngJvsdfFRghtr5G3NnmgdnYG7IVfN5wDR_tnd1-qfScYC_TPraT",
"grant_type": "client_credentials"
}- Output
-
The JSON output example below includes the list of returned values. The
expires_invalue is expressed in seconds. - JSON output example
{
"access_token": "<SERVICE_TOKEN>",
"expires_in": 86400,
"token_type": "Bearer"
}Use the following steps to create a service access token using the private key JWT authentication method.
You need to obtain the following:
-
client_id
The application ID that the Console SaaS UI has assigned to your application. -
audience
Theaudiencevalue generated by the UI when you registered the application.
See Register a service for more information about obtaining these credentials.
This API call uses the Auth0 authentication service and not a NetApp Console service endpoint. You need to review the URL in the curl example and adjust for your environment as needed.
| HTTP method | Resource path |
|---|---|
POST |
/oauth/token |
- Curl example
curl --location --request POST 'https://netapp-cloud-account.auth0.com/oauth/token' --header 'Content-Type: application/json' --d @JSONinput- Input parameters
-
The JSON input example below includes the list of required input parameters.
|
The client_assertion value in the JSON input example is the signed JWT token. You need to generate this value using the client_id and audience each time you request a service access token.
|
- JSON input example
{
"audience": "https://api.cloud.netapp.com",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImhkMnY4U1BncGxkYjdhS0ZnZ2VpSWxVeDdhZjdXU1cxXzNmenZBN3BiUnMifQ.eyJpYXQiOjE3MzA0OTM4MjAsImlzcyI6IkV2MmJ2Y2NSdjVXODlZdzFLQ1Z2bHNQVHRNbXZXY3lnIiwic3ViIjoiRXYyYnZjY1J2NVc4OVl3MUtDVnZsc1BUdE1tdldjeWciLCJhdWQiOiJodHRwczovL2Rldi1uZXRhcHAtY2xvdWQtYWNjb3VudC5hdXRoMC5jb20vIiwiZXhwIjoxNzMwNDk0MTIwLCJqdGkiOiIwMzUwYzdlOS1mYjRjLTRkMjctYWY4Yi05MjllZmUyMjRlYWIifQ.X_8Wh-UCAqQICMdolb6TBDzQU9Z8yIrRXRiDkJC1NxHl5R25hTo8gKJpiQEuWTrRjXpne0NT5XHAozfnu_RD3i2TDDwxpftLCpLwahsJRTmvIRLapxhAJOa9Y57JJknft192SVcEadaMLnBpk8iJNUCGKDBDeNtd0DM1BBMosT_4QA8375-g5JRpzlXbI7RpMs7ylyy_G3Yjl4fm4xcSNNGC7n-p362iODG2h86waJDmIdt-D6JiKztcgtuGkEZPwG_bQZw25e06J_MIsKd42KeRTm3L5DLXiV-cpF5bwPAMMOFn6a36bBYriERKbLzpmMy8-b3HUunn4xH4i0TxZw",
"grant_type": "client_credentials"
}- Output
-
The JSON output example below includes the list of returned values. The
expires_invalue is expressed in seconds. - JSON output example
{
"access_token": "<SERVICE_TOKEN>",
"expires_in": 86400,
"token_type": "Bearer"
}