Authorization and Security
To start working with Veeam ONE REST API, clients must first authenticate themselves. Veeam ONE REST API authorization process is based on the OAuth 2.0 Authorization Framework and involves obtaining an access token and a refresh token.
- Access token is a string that represents authorization issued to the client and must be used in all requests during the current logon session.
- Refresh token is a string that represents authorization granted to the client and can be used to obtain a new access token when the current access token expires.
Veeam ONE REST API authorization process involves the following procedures:
To obtain a pair of tokens, the client sends the HTTP POST request to the /api/token path.
|
Simultaneous sessions initiated in different client applications under the same user credentials may interfere with each other. To avoid unexpected logout, use a different user account for every application. |
|
To learn how to authorize your access using a client application, you can review the Example Requests and Responses section. Alternatively, you can use Swagger UI. |
Example Requests and Responses
Request: POST https://one-srv:1239/api/token
Request Header: Content-Type: application/x-www-form-urlencoded
Request Body: grant_type : password username : one-srv\administrator password : Password1 |
The server sends a response in the following format.
Response Code: 200 Success Response Body: { "access_token": "eyJhbGciOiJIUzI1NiIsImtpZCI6IldlYkFwaVNlY3VyaXR5S2V5IiwidHlwIjoiSldUIn0.eyJ1bmlxdWVfbmFtZSI6IklJLVYwMTEtMlxcQWRtaW5pc3RyYXRvciIsInJvbGUiOiJBZG1pbiIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3NpZCI6IlMtMS01LTIxLTQyOTA5MTM0ODQtMTAzNDIyNjA4Ny03MzA0MjcyODQtNTAwIiwiQWNjZXNzVG9rZW5JZCI6IAFhYjkzYjllLWRhMWYtNDQxOC1hOWUzLTJlOGQxZDU4NDJlZiIsIlVzZXJJZCI6IjIiLCJuYmYiOjE2MDgyMTM1NTQsImV4cCI6MTYwODIxNDQ1MywiaWF0IjoxNjA4MjEzNTUzfQ.9ctZVlohJHJXx_XnF7VhzX_lMoZMCKahC_8cRKlYCQc", "refresh_token": "523cf7a168ac46b3bc4f884570f7bb5c", "token_type": "Bearer", "expires_in": 899, "user": "ONE-SRV\\Administrator", "user_role": "Admin" } |
Request: POST https://one-srv:1239/api/token
Request Header: Content-Type: application/x-www-form-urlencoded
Request Body: grant_type : refresh_token refresh_token : 523cf7a168ac46b3bc4f884570f7bb5c |
Request: POST https://localhost:1239/api/revoke
Request Header: Content-Type: application/x-www-form-urlencoded Authorization: Bearer
Request Body: token : eyJhbGciOiJIUzI1NiIsImtpZCI6IldlYkFwaVNlY3VyaXR5S2V5IiwidHlwIjoiSldUIn0.eyJ1bmlxdWVfbmFtZSI6IklJLVYwMTEtMlxcQWRtaW5pc3RyYXRvciIsInJvbGUiOiJBZG1pbiIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3NpZCI6IlMtMS01LTIxLTQyOTA5MTM0ODQtMTAzNDIyNjA4Ny03MzA0MjcyODQtNTAwIiwiQWNjZXNzVG9rZW5JZCI6IAFhYjkzYjllLWRhMWYtNDQxOC1hOWUzLTJlOGQxZDU4NDJlZiIsIlVzZXJJZCI6IjIiLCJuYmYiOjE2MDgyMTM1NTQsImV4cCI6MTYwODIxNDQ1MywiaWF0IjoxNjA4MjEzNTUzfQ.9ctZVlohJHJXx_XnF7VhzX_lMoZMCKahC_8cRKlYCQc |