I seem to spend a lot of my time responding to queries about the vRealize Automation API these days. That being the case, I thought it might be worth starting to put together a few blog posts to address some of the common use cases that people are looking to deliver.

Anatomy of a vRA API call.


vRealize Automation uses four of the available HTTP methods.
1. GET
3. PUT

vRealize Automation requires the following headers:
1. Accept : application/json
The Accept request-header field can be used to specify certain media types which are acceptable by the recipient of the response.

2. Content-Type: application/json
The Content-Type header indicates the media type of the body that will be sent to the recipient. It can be thought of as a declaration “here is what I am sending you”. In theory, you only need to include this header for POST/PUT calls where you need to inform the recipient of what is being sent, but in practical terms it is simpler to include this for all requests.

3. Authorization: Bearer tokenId
The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested. In the case of vRA, a “realm” would be a specific tenant.
Based on the roles assigned to the account that you authenticate with certain URIs or methods may not work. In these cases you will receive a 403 (forbidden) response from the server.

Each function you want to perform requires interaction with one or more URIs (universal resource identifiers – sometimes referred to as URLs or API endpoints) for each of the services listed below. These URIs support one or more of the methods listed above, and as mentioned previously require you to have appropriate permissions to interact with them.

While there isn’t 100% coverage of vRA functionality through the API, a large number of services are exposed. These include:
1. Advanced-Designer-Service
2. Approval-Service
3. Branding-Service
4. Catalog-Service
5. Component-Registry
6. Composition-Service
7. Container-Service
8. Content-Management
9. Endpoint-Configuration-Service
10. Event-Broker-Service
11. Forms-Service
12. Iaas-Proxy-Provider
13. Identity
14. IPAM-Service
15. Licensing-Service
16. Management-Service
17. Network-Service
18. Notification-Service
19. o11n-Gateway-Service (Orchestration)
20. Placement-Service
21. Plugin-Service
22. Portal-Service
23. Properties-Service
24. Reservation-Service
25. Software-Service
26. Workitem-Service

In the case of both POST and PUT, you need to provide some data for the call to use as an input. This is referred to as a Body. Note that we also refer to information that we receive back from a request as the Body of the response.

Status Codes
When you submit a request, you may not receive a Body in response from the server. What you will always receive is a Status Code. This is helpful in identifying whether a request was successfully submitted, but doesn’t always correlate to a request being successfully processed. More on that later.
Status Codes are also handy when attempting to figure out why something hasn’t worked. A 401 means you aren’t authenticated. A 403 means you don’t have the appropriate permissions to do what you are trying to do. A 404 on the other would indicate that the URI you are attempt to use doesn’t exist – maybe you’ve made a typo.

How do I figure it all out?

As of vRA 7.1, you can navigate to https://{{vra-fqdn}}/component-registry/services/docs and you will get the new API documentation on SwaggerUI. This shows all the available URIs for each service, and for calls that require specific parameters to be included with the body, this information is also included.


Next up, we will get you setup with Postman (a REST client) and begin looking at some examples.

Further reading:
Understanding HTTP methods using a coffee order as an example.
Back to where it all started – Roy Fielding on REST APIs. This is super interesting… but maybe I’m just a geek.
URLs and URIs.
HTTP Header RFC.
More on Status Codes.