Veeam Plug-in for Nutanix AHV 7 [Archived]
REST API Reference
Related documents

Authorization

Veeam Backup for Nutanix AHV REST API authorization process involves obtaining an access token — a string that represents authorization issued to the user and that must be send in the Bearer <Access-Token> format in the Authorization header in all requests during the current logon session.
The /token resource collection allows a Veeam Backup for Nutanix AHV user to authenticate himself and authorize his access to the Veeam Backup for Nutanix AHV REST API.
To learn more about the authorization process and security settings, see the Veeam Backup for Nutanix AHV REST API Reference Overview, section Authorization and Security.

Bearer

Authenticates a user (client) who sends the request to the server. Must contain the access token for the current logon session.

Security Scheme Type: API Key
Header parameter name: Authorization

Request Authorization Tokens

The HTTP POST request to the /token endpoint allows you to authorize your access to the Veeam Backup for Nutanix AHV REST API.

SecurityBearer
Request
Request Body schema: application/x-www-form-urlencoded
required
grantType
write-only
required
string (GrantType)

Grant type that will be used to authenticate a user.

Enum: "Password" "RefreshToken" "UpdaterToken"
userName
string or null

[Required if the grantType parameter value is Password] User name.

password
string or null <password>

[Required if the grantType parameter value is Password] Password of the user.

refreshToken
string or null

[Required if the grantType parameter value is RefreshToken] Refresh token.

updaterToken
string or null

[Required if the grantType parameter value is UpdaterToken] Updater token.

longLivedRefreshToken
boolean
Default: false

Defines whether the expiration time of the refresh token is increased to 14 days.

Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request

500

Internal Server Error. The request has been received but could not be completed because of an internal error at the server side.

post/api/oauth2/token
Request samples
application/x-www-form-urlencoded
grantType=Password&userName=string&password=pa%24%24word&refreshToken=string&updaterToken=string&longLivedRefreshToken=false
Response samples
application/json
{
  • "accessToken": "string",
  • "refreshToken": "string",
  • "accessTokenExpiresAt": "2019-08-24T14:15:22Z",
  • "refreshTokenExpiresAt": "2019-08-24T14:15:22Z"
}

Logout

The HTTP POST request to the /logout endpoint performs the logout operation for an authorized user.

SecurityBearer
Responses
204

No Content

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request

500

Internal Server Error. The request has been received but could not be completed because of an internal error at the server side.

post/api/oauth2/logout
Request samples 
Response samples 
application/problem+json
{
  • "type": "string",
  • "title": "string",
  • "status": 0,
  • "detail": "string",
  • "instance": "string",
  • "extensions": {
    }
}

    
    

                                

                                    
Document updated 9/03/2025
Page content applies to build 12.7.1.12