Authorization and Security

In this article

    Authorization in REST API

    Veeam Backup & Replication REST API authorization process is based on the OAuth 2.0 Authorization Framework and involves obtaining an access token and a refresh token.

    • Access token is a string that represents authorization issued to the client. It must be specified in all requests during the current logon session.
    • Refresh token is a string that represents authorization granted to the client. It is used to obtain a new access token if the current access token expires or becomes lost.

    The authorization process involves the following procedures:

    1. Requesting authorization
    2. Using the refresh token
    3. Performing logout

    Security Settings

    The Veeam Backup & Replication REST API has the following default security settings:

    • Access token lifetime is 15 minutes.
    • Refresh token lifetime is 14 days.
    • Authorization code lifetime is 5 minutes.