Authorization and Security
Authorization in REST API
Veeam Backup & Replication REST API authorization process is based on the OAuth 2.0 Authorization Framework and involves obtaining an access token and a refresh token.
- Access token is a string that represents authorization issued to the client. It must be specified in all requests during the current logon session.
- Refresh token is a string that represents authorization granted to the client. It is used to obtain a new access token if the current access token expires or becomes lost.
The authorization process involves the following procedures:
The Veeam Backup & Replication REST API has the following default security settings:
- Access token lifetime is 15 minutes.
- Refresh token lifetime is 14 days.
- Authorization code lifetime is 5 minutes.