Authorization and Security
To start working with the Veeam Service Provider Console REST API, clients must first authenticate themselves and receive authorization grant by obtaining an access token and a refresh token.
- Access token is a string that represents authorization issued to the client and must be used in all requests. By default, access token expires after 1 hour.
- Refresh token is a string that represents authorization granted to the client and can be used to obtain a new access token when the current access token expires.
To perform this task, a client must have one of the following roles assigned: Portal Administrator, Company Owner, Company Administrator, Service Provider Global Administrator, Service Provider Administrator.
To obtain an access token, the client uses one of the following authentication types:
- OAuth 2.0 Authentication
- Username and Password (deprecated)
After first authorization, you can configure the following options to optimize authentication process:
- API Key-Based Authorization
- Asymmetric Authentication (deprecated)