Login and access token calls
To interact with BMC Helix Cloud Cost through the REST API, perform the following steps:
Obtain an initial authentication token
Log in and obtain an authentication token. Save the authentication token that you receive in the response to your logon request and include it in the header of each subsequent request during the session. The token is valid as long as your session remains active. If your session times out due to inactivity, you must log on again and obtain a new token.
Send the following HTTP request:
HTTP method: POST
Request URL: https://portal.us1.onbmc.com/cloudops/api/v3/users/login
Request body propertiesProperty
Description
userid Login ID of the user password Password Example request JSON
Header Content-Type:application/json Body { "id": "john_smith@companyabc", "password": "P@ssw0rd" }
If successful, this method logs you into the API server and returns a token.
Example response JSON{ "user_id": "26116073073078869423", "first_name": "john", "last_name": "smith", "tenant_id": "97223027309016641763", "tenant_name": "BMC Software", "user_status": "ENABLE", "last_login_time": 1568038988898, "last_selected_tenant_id": "97223027309016641763", "trial_expiry_time": 0, "token": "eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOltdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJSRUZfVE9LRU4iLCJleHAiOjE1NjgxMjU2MzEsImlhdCI6MTU2ODAzOTIzMSwianRpIjoiMTA4OGFhNmItMzY0ZC00MGMzLWI3MDQtNzNmOTk2MmZjZTgxIn0.TfXlfkq43ydCKXqt4cyX0refkMmA8mc8GA6rNTfVIkNgmA4fC7NMxqLb-YttkHzGTm0TmnuAY9hUzH-6bVnmzS8CLluo9AQY8wzWM7CLsfPFd_wnCD-Je0yRTEftspFj4b5ND_M_GnXbC6VYQpjbOthZbm-0wf_x3wuJGvI1XzqY-_8y4tMx-GfAlnyBVwmmXZb0ofl3vVpUZVRCLYtVApsjxfcMXNo6N5B2lJhk9e-4EajPGx21bDCTz5zwe4WeZ_-RO_Ve3NPSQayJ3PQzKD07w65MXFsohUyPH1DzD76CghR4EZt3hy7jDT7iLvBCH4MsGqV6FG9pnPxNWHAyCw", "tenants": [ { "tenant_id": "97223027309016641763", "tenant_name": "BMC Software", "is_msp_tenant": false, "is_trial_tenant": false, "trial_expiry_time": -1, "organizations": [ { "id": "1", "name": "BMC Software" }, { "id": "2", "name": "POV-TEST" }, { "id": "3", "name": "POV-TEST-2" }, { "id": "4", "name": "POV-TEST-3" } ] }, { "tenant_id": "53230692198492071055", "tenant_name": "BMC", "is_msp_tenant": false, "tenant_phone_number": "813-695-5599", "is_trial_tenant": false, "trial_expiry_time": -1, "organizations": [ { "id": "6", "name": "Mobile Banking App Team" }, { "id": "7", "name": "AWS Operations" }, { "id": "8", "name": "AWSOperations" }, { "id": "2", "name": "Stock Trader App Team" }, { "id": "3", "name": "IT Service Team" }, { "id": "4", "name": "COE Team" }, { "id": "9", "name": "BT" }, { "id": "1", "name": "BMC" }, { "id": "5", "name": "Loan App Team" } ] } ] }
From the response, save the text string returned in the token: header. That text string is your refresh token. For example, in the previous response, you would save the following:
eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOltdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJSRUZfVE9LRU4iLCJleHAiOjE1NjgxMjU2MzEsImlhdCI6MTU2ODAzOTIzMSwianRpIjoiMTA4OGFhNmItMzY0ZC00MGMzLWI3MDQtNzNmOTk2MmZjZTgxIn0.TfXlfkq43ydCKXqt4cyX0refkMmA8mc8GA6rNTfVIkNgmA4fC7NMxqLb-YttkHzGTm0TmnuAY9hUzH-6bVnmzS8CLluo9AQY8wzWM7CLsfPFd_wnCD-Je0yRTEftspFj4b5ND_M_GnXbC6VYQpjbOthZbm-0wf_x3wuJGvI1XzqY-_8y4tMx-GfAlnyBVwmmXZb0ofl3vVpUZVRCLYtVApsjxfcMXNo6N5B2lJhk9e-4EajPGx21bDCTz5zwe4WeZ_-RO_Ve3NPSQayJ3PQzKD07w65MXFsohUyPH1DzD76CghR4EZt3hy7jDT7iLvBCH4MsGqV6FG9pnPxNWHAyCw
Generate a JWT token
Use the token generated in the earlier step, tenant ID, and org_id to make the access token request.
HTTP method: POST
Request URL: https://portal.us1.onbmc.com/cloudops/api/v3/auth/tokens
Request body propertiesProperty Description refresh_token The token obtained from the login response tenant_id Identifier for the tenant org_id Identifier for the organization Example request JSON
{ "refresh_token": "eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOltdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJSRUZfVE9LRU4iLCJleHAiOjE1NjgxMjQ3MDIsImlhdCI6MTU2ODAzODMwMiwianRpIjoiNzM5MGViZWUtNTFjNC00YTdmLThlM2MtMzRmMDE3MjQ2M2VkIn0.PUMSSwfMUzAY_DA4tnTE6X7VnwYvp13x3Gj4YlUwXuMq3YRep3oOUzYk1td87tSWlho2sRkL19UM4PbTSe7X2W3aN8PwfIm24Msmg5WuP416aoMKNQ8F3-WvXEh56UlDRKZdo87GICvHcpvCHvHy8gk8GW1cKGYlnzDNDrJNgnQTAtwxzO8DBenXU2STBbNa4gUCpUwJvGWWmv4NvkFj15MnnMT2Cbp_oOSVK_bQLMSQ8qHsnIS0yL9KHBaT4cQJ0ZA0iYO7o4HXe-6YxPhrRILHLLbB-ViDkgdEtg7fP6HjCQiLxT1eudqMHTaAz-ZPW3vHLwGUDG-chdaRQ8cE4Q", "context": { "tenant_id": "9722302730901664176334", "org_id": 1 } }
If successful, this method returns the authorization token.
Example response JSON
{ "json_web_token": "eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOlsiZXlKMWMyVnlYMmxrSWpvaU1qWXhNVFl3TnpNd056TXdOemc0TmprME1qTWlMQ0owWlc1aGJuUmZhV1FpT2lJNU56SXlNekF5TnpNd09UQXhOalkwTVRjMk15SXNJblZ6WlhKZmMzUmhkSFZ6SWpvaVJVNUJRa3hGSWl3aWJHRnpkRjlzYjJkcGJsOTBhVzFsSWpveE5UWTRNRE00T1RnNE9EazRMQ0pqYjI1MFpYaDBJanA3SW5SbGJtRnVkRjlwWkNJNklqazNNakl6TURJM016QTVNREUyTmpReE56WXpJaXdpYVhOZmJYTndYM1JsYm1GdWRDSTZabUZzYzJVc0luQmxjbTFwYzNOcGIyNXpJanBiSWtsdVpuSmhMa0ZqWTI5MWJuUnpMbFpwWlhjaUxDSkpibVp5WVM1RmVHTmxjSFJwYjI1ekxsWnBaWGNpTENKSmJtWnlZUzVCZFhSdmJXRjBhVzl1TGsxaGJtRm5aU0lzSWtsdVpuSmhMa0YxZEc5dFlYUnBiMjR1Vm1sbGR5SXNJa2x1Wm5KaExsSnZiR1Z6TGxacFpYY2lMQ0pKYm1aeVlTNURiMjV1WldOMGIzSnpMbFpwWlhjaUxDSkpibVp5WVM1R1pXRjBkWEpsUm14aFp5NVdhV1YzSWl3aVVHOXNhV041TGtGamRHbHZibEJ2YkdsamVVMWhjSEJwYm1kekxrMWhibUZuWlNJc0lrbHVabkpoTGs5eVoyRnVhWHBoZEdsdmJuTXVUV0Z1WVdkbElpd2lVRzlzYVdONUxrRmpkR2x2Ym5NdVJYaGxZM1YwWlNJc0lsQnZiR2xqZVM1QlkzUnBiMjV6TGxacFpYY2lMQ0pKYm1aeVlTNVNaWE52ZFhKalpWQnZiMnh6TGsxaGJtRm5aU0lzSWtOdmMzUXVRblZrWjJWMGN5NVdhV1YzSWl3aVNXNW1jbUV1VlhObGNuTXVUV0Z1WVdkbElpd2lVRzlzYVdONUxsSmxZMjl0YldWdVpHRjBhVzl1Y3k1V2FXVjNJaXdpU1c1bWNtRXVRMjl1Ym1WamRHOXlTVzV6ZEdGdVkyVXVTVzUyYjJ0bElpd2lRMjl6ZEM1U1pXTnZiVzFsYm1SaGRHbHZibk11Vm1sbGR5SXNJa2x1Wm5KaExrTnZibTVsWTNSdmNrbHVjM1JoYm1ObGN5NVdhV1YzSWl3aVNXNW1jbUV1U1VSUVV5NU5ZVzVoWjJVaUxDSlFiMnhwWTNrdVFXTjBhVzl1VUc5c2FXTjVUV0Z3Y0dsdVozTXVWbWxsZHlJc0lrbHVabkpoTGxWelpYSnpMbFpwWlhjaUxDSkpibVp5WVM1RGIyNXVaV04wYjNKekxrTnZiVzFoYm1SRmVHVmpkWFJsSWl3aVNXNW1jbUV1VW1WemIzVnlZMlZ6TGxacFpYY2lMQ0pRYjJ4cFkza3VVRzlzYVdONVVtVnpkV3gwY3k1V2FXVjNJaXdpUTI5emRDNVNaVzFsWkdsaGRHbHZibk11U1c1MmIydGxJaXdpU1c1bWNtRXVSWGhqWlhCMGFXOXVjeTVOWVc1aFoyVWlMQ0pRYjJ4cFkza3VVRzlzYVdOcFpYTXVWbWxsZHlJc0lsQnZiR2xqZVM1U1pXMWxaR2xoZEdsdmJuTXVTVzUyYjJ0bElpd2lVRzlzYVdONUxrVjJZV3gxWVhScGIyNXpMbFpwWlhjaUxDSlFiMnhwWTNrdVEyOXVibVZqZEc5eVVHOXNhV05wWlhNdVRXRnVZV2RsSWl3aVVHOXNhV041TGtGamRHbHZibk11VFdGdVlXZGxJaXdpU1c1bWNtRXVVbVZ3YjNKMGN5NU5ZVzVoWjJVaUxDSlFiMnhwWTNrdVEyOXVibVZqZEc5eVVHOXNhV05wWlhNdVZtbGxkeUlzSWtOdmMzUXVRblZrWjJWMGN5NU5ZVzVoWjJVaUxDSlFiMnhwWTNrdVFXTjBhVzl1VW1WemRXeDBjeTVXYVdWM0lpd2lVRzlzYVdONUxsQnZiR2xqYVdWekxrMWhibUZuWlNJc0lrbHVabkpoTGs5eVoyRnVhWHBoZEdsdmJuTXVWbWxsZHlJc0lrbHVabkpoTGtsRVVGTXVWbWxsZHlJc0lrTnZjM1F1VW1WemIzVnlZMlZRYjI5c2N5NU5ZVzVoWjJVaUxDSkpibVp5WVM1RGIyNXVaV04wYjNKekxrMWhibUZuWlNJc0lrTnZjM1F1VW1WdFpXUnBZWFJwYjI1ekxsWnBaWGNpTENKSmJtWnlZUzVKZEdsc0xsWnBaWGNpTENKUWIyeHBZM2t1Um1WbFpDNVFkV0pzYVhOb0lpd2lTVzVtY21FdVVtVnpiM1Z5WTJWUWIyOXNjeTVXYVdWM0lpd2lTVzVtY21FdVNYUnBiQzVOWVc1aFoyVWlMQ0pEYjNOMExsWnBaWGNpTENKSmJtWnlZUzVWYzJWeVNXNXpkR0Z1WTJVdVRXRnVZV2RsSWwwc0ltOXlaMkZ1YVhwaGRHbHZibk1pT2xzaU5DSXNJak1pTENJeUlpd2lNU0pkTENKeWIyeGxjeUk2V3lKVVpXNWhiblJCWkcxcGJpSmRMQ0p2Y21kZmFXUWlPaUl4SWl3aWRtbGxkMTl2Y21kZmFXUnpJanBiSWpFaVhYMHNJblJsYm1GdWRITWlPbHRkZlE9PSJdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJBQ0NFU1NfVE9LRU4iLCJleHAiOjE1NjgwNDAxMzUsImlhdCI6MTU2ODAzOTIzNSwianRpIjoiNTE2MjMxMWMtMjI1Zi00MTVlLThmMTctNDY4NjlkNDY4YzgwIn0.XAjCW5MaEkJJaOb4xp8E-U8IIXOfpXj90XbyOKY7r9Qn_FuOAsu0D4l54S4rEZB-uYhDjFGHnozV3iMDBhmnXGCHg9OapvWD-5MFhnUD30QsZbb48PaA0IchZOQ_EN5J6JwQ3L1PyvuanRwmnVSG8jFEYyGKz90cQJHSkalzqAGovNCUQ2OL2IeZVwylsxnJpayrvJ7wbdeMW_ctGWISIFeHlNQtsh0gtB3SJG5RqUTUYDi1JIF2meIQ9E9eiJfnYh_QafHNM0x6vdN9MyPqYsnw-jMvEj6aUX9bEsuGutf5IamyD820fgwZFHzzJ79Zo5zEW8UUpSSjxnvwo6X-lg" }
From the response header, save the text string returned in the json_web_token line. That text string is your authentication token, which you need to include in future requests.
Comments