Pivotal Cloud Foundry v1.10

Using the Ops Manager API

This topic explains how to get started using the Ops Manager API. For the complete Ops Manager API documentation, browse to https://YOUR-OPS-MANAGER-FQDN/docs.


You must install the User Account and Authentication Command Line Interface (UAAC) to perform the procedures in this topic. To install the UAAC, run the following command from a terminal window:

$ gem install cf-uaac

Step 1: Authenticate

To use the Ops Manager API, you must authenticate and retrieve a token from the Ops Manager User Account and Authentication (UAA) server. For more information about UAA, see the User Account and Authentication (UAA) Server topic.

Perform the procedures in the Internal Authentication or External Identity Provider section below depending on which authentication system you configured for Ops Manager.

Internal Authentication

If you configured your Ops Manager for Internal Authentication, perform the following steps:

  1. SSH into the Ops Manager VM:

    $ ssh -i opsman ubuntu@OPS-MAN-FQDN

    If the private key that you generated when deploying your Ops Manager Director instance is not named opsman, provide the correct filename instead.

  2. From the Ops Manager VM, use the UAAC to target your Ops Manager UAA server:

    $ uaac target https://OPS-MAN-FQDN/uaa

  3. Retrieve your token to authenticate:

    $ uaac token owner get
    Client ID: opsman
    Client secret: [Leave Blank]
    User name: OPS-MAN-USERNAME
    Password: OPS-MAN-PASSWORD

    Replace OPS-MAN-USERNAME and OPS-MAN-PASSWORD with the credentials that you use to log in to the Ops Manager web interface.

External Identity Provider

If you configured your Ops Manager for an external Identity Provider with SAML, perform the following steps:

  1. From your local machine, target your Ops Manager UAA server:

    $ uaac target https://OPS-MAN-FQDN/uaa

  2. Retrieve your token to authenticate. When prompted for a passcode, retrieve it from https://OPS-MAN-FQDN/uaa/passcode.

    $ uaac token sso get
    Client ID: opsman
    Client secret: [Leave Blank]
    Passcode: YOUR-PASSCODE
    If authentication is successful, the UAAC displays the following message: Successfully fetched token via owner password grant.

Step 2: Access the API

Ops Manager uses authorization tokens to allow access to the API. You must pass an access token to the API endpoint in a header that follows the format Authorization: Bearer YOUR-ACCESS-TOKEN.

The following example procedure retrieves a list of deployed products. See the Ops Manager API documentation at https://YOUR-OPS-MANAGER-FQDN/docs for the full range of API endpoints.

  1. List your tokens:
    $ uaac contexts
    Locate the entry for your Ops Manager FQDN. Under client_id: opsman, record the value for access_token.
  2. Use the GET /api/v0/deployed/products endpoint to retrieve a list of deployed products, replacing UAA-ACCESS-TOKEN with the access token recorded in the previous step:
    $ curl "https://OPS-MAN-FQDN/api/v0/deployed/products" \ 
        -X GET \ 
        -H "Authorization: Bearer UAA-ACCESS-TOKEN"
    The request produces the following response:
Create a pull request or raise an issue on the source for this page in GitHub