This is an archive version of the document. To get the most up-to-date information, see the current version.Authorization and Security
To start working with the Veeam Service Provider Console REST API, clients must first authenticate themselves and receive authorization grant by obtaining an access token and a refresh token.
- Access token is a string that represents authorization issued to the client and must be used in all requests. By default, access token expires after 1 hour.
- Refresh token is a string that represents authorization granted to the client and can be used to obtain a new access token when the current access token expires.
To obtain an access token, the client uses one of the following authentication types:
- OAuth 2.0 Authentication
- Username and Password (deprecated)
After first authorization, you can configure the following options to optimize authentication process:
- API Key-Based Authorization
- Asymmetric Authentication (deprecated)
