Authentication

Authentication to the VMware Tanzu GraphQL API requires a TCSP user token that is scoped to an Tanzu Hub role. See How do I generate API tokens in the VMware Cloud Services documentation.

The authMutation mutation has a method to generate an access token, which is used in subsequent API Queries to authenticate.

1
2
3
4
5
6
7
8

mutation {
    authMutation {
        generateAccessToken(userToken: "<API User Token>") {
            authorization
            expirationTime
        }
    }
}

The response to the authMutation method is a JSON payload with the properties requested from the AuthAccessToken type.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

{
    "data": {
        "authMutation": {
            "generateAccessToken": {
                "authorization": "Bearer eyJhbGciOi..<snip>..s5fFXkAzzwCUg",
                "expirationTime": "2022-11-15T16:25:55.082Z"
            }
        }
    }
}

The authorization field is a Bearer token that is then added to subsequent queries as the Authorization header. The expirationTime field is a UTC ISO-8601 formatted timestamp of the expiry time for the authorization. Note: there’s also an accessToken property that contains a JWT access token, but that is not requested in this example.

Authorization using cURL

The same query can be executed using cURL via the command line. Note that the --data-binary payload must be structured with escaped newlines (\n).

curl 'https://api.platform.tanzu.broadcom.com/hub/graphql' \n
    -H 'Content-Type: application/json' \n
    -H 'Accept: application/json' \n
    --data-binary  '{"query":"mutation($TANZU_USER_TOKEN: String!) {\n  authMutation {\n    generateAccessToken(userToken: $TANZU_USER_TOKEN) {\n      authorization\n      expirationTime\n    }\n  }\n}","variables":{"TANZU_USER_TOKEN":"_t9YqUHLn..<snip>..MgtqnTzjxS"}}'

Share this post