Login and access token calls

To interact with BMC Helix Cloud Cost through the REST API, you need to generate an IDM authentication token. For details, see these topics:


Generating an authentication token for Remedy SSO users

The Remedy Single Sign-On Server generates an IMS token for authentication. You need to convert it to an IDM token.

Do the following:

  1. Generate an IMS token. For details, see Access and authentication for the REST API.

  2. Run the following endpoint to convert the IMS token to IDM. 

    Sample payload

    Request URL:

    https://<BMC Helix Portal URL>/v2/auth/tokens/ims

    Request body:

    {
     "ims_token": " imsToken",
      "context": {
                   "tenant_id": "123456",
                   "org_id": "1"
                 }
    }

    Response:

    IDM JWT token

    Every Remedy SSO user has a tenant ID. A tenant can have multiple organizations. You can generate an IDM JWT token for the required organization by specifying the tenant and org ID as shown in the sample payload.

  3. Use this IDM JWT token to access the public API endpoints. 

Generating an authentication token for CloudOps users

Log in and obtain an authentication token. Save the authentication token that you receive in the response to your logon request and include it in the header of each subsequent request during the session. The token is valid as long as your session remains active. If your session times out due to inactivity, you must log on again and obtain a new token.

Obtaining an authentication token

Do the following:

  1. Send the following HTTP request:

    HTTP method: POST

    Request URLhttps://portal.us1.onbmc.com/cloudops/api/v3/users/login

    Request body properties

    Property

    Description

    userid

    Login ID of the user

    password

    Password

    Example request JSON

    Header
    Content-Type:application/json
    Body
    {
       "id": "john_smith@companyabc",
       "password": "P@ssw0rd"
     }

  2. If successful, this method logs you into the API server and returns a token. 
    Example response JSON

    {
     "user_id": "26116073073078869423",
     "first_name": "john",
     "last_name": "smith",
     "tenant_id": "97223027309016641763",
     "tenant_name": "BMC Software",
     "user_status": "ENABLE",
     "last_login_time": 1568038988898,
     "last_selected_tenant_id": "97223027309016641763",
     "trial_expiry_time": 0,
     "token": "eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOltdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJSRUZfVE9LRU4iLCJleHAiOjE1NjgxMjU2MzEsImlhdCI6MTU2ODAzOTIzMSwianRpIjoiMTA4OGFhNmItMzY0ZC00MGMzLWI3MDQtNzNmOTk2MmZjZTgxIn0.TfXlfkq43ydCKXqt4cyX0refkMmA8mc8GA6rNTfVIkNgmA4fC7NMxqLb-YttkHzGTm0TmnuAY9hUzH-6bVnmzS8CLluo9AQY8wzWM7CLsfPFd_wnCD-Je0yRTEftspFj4b5ND_M_GnXbC6VYQpjbOthZbm-0wf_x3wuJGvI1XzqY-_8y4tMx-GfAlnyBVwmmXZb0ofl3vVpUZVRCLYtVApsjxfcMXNo6N5B2lJhk9e-4EajPGx21bDCTz5zwe4WeZ_-RO_Ve3NPSQayJ3PQzKD07w65MXFsohUyPH1DzD76CghR4EZt3hy7jDT7iLvBCH4MsGqV6FG9pnPxNWHAyCw",
     "tenants": [
        {
         "tenant_id": "97223027309016641763",
         "tenant_name": "BMC Software",
         "is_msp_tenant": false,
         "is_trial_tenant": false,
         "trial_expiry_time": -1,
         "organizations": [
            {
             "id": "1",
             "name": "BMC Software"
            },
            {
             "id": "2",
             "name": "POV-TEST"
            },
            {
             "id": "3",
             "name": "POV-TEST-2"
            },
            {
             "id": "4",
             "name": "POV-TEST-3"
            }
          ]
        },
        {
         "tenant_id": "53230692198492071055",
         "tenant_name": "BMC",
         "is_msp_tenant": false,
         "tenant_phone_number": "813-695-5599",
         "is_trial_tenant": false,
         "trial_expiry_time": -1,
         "organizations": [
            {
             "id": "6",
             "name": "Mobile Banking App Team"
            },
            {
             "id": "7",
             "name": "AWS Operations"
            },
            {
             "id": "8",
             "name": "AWSOperations"
            },
            {
             "id": "2",
             "name": "Stock Trader App Team"
            },
            {
             "id": "3",
             "name": "IT Service Team"
            },
            {
             "id": "4",
             "name": "COE Team"
            },
            {
             "id": "9",
             "name": "BT"
            },
            {
             "id": "1",
             "name": "BMC"
            },
            {
             "id": "5",
             "name": "Loan App Team"
            }
          ]
        }
      ]
    }

  3. From the response, save the text string returned in the token: header. That text string is your refresh token. For example, in the previous response, you would save the following:

    eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOltdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJSRUZfVE9LRU4iLCJleHAiOjE1NjgxMjU2MzEsImlhdCI6MTU2ODAzOTIzMSwianRpIjoiMTA4OGFhNmItMzY0ZC00MGMzLWI3MDQtNzNmOTk2MmZjZTgxIn0.TfXlfkq43ydCKXqt4cyX0refkMmA8mc8GA6rNTfVIkNgmA4fC7NMxqLb-YttkHzGTm0TmnuAY9hUzH-6bVnmzS8CLluo9AQY8wzWM7CLsfPFd_wnCD-Je0yRTEftspFj4b5ND_M_GnXbC6VYQpjbOthZbm-0wf_x3wuJGvI1XzqY-_8y4tMx-GfAlnyBVwmmXZb0ofl3vVpUZVRCLYtVApsjxfcMXNo6N5B2lJhk9e-4EajPGx21bDCTz5zwe4WeZ_-RO_Ve3NPSQayJ3PQzKD07w65MXFsohUyPH1DzD76CghR4EZt3hy7jDT7iLvBCH4MsGqV6FG9pnPxNWHAyCw

Generating a JWT token

Do the following:

  1. Use the token generated in the earlier step, tenant ID, and org_id to make the access token request.

    HTTP method: POST

    Request URLhttps://portal.us1.onbmc.com/cloudops/api/v3/auth/tokens

    Request body properties

    Property

    Description

    refresh_token

    The token obtained from the login response

    tenant_id

    Identifier for the tenant

    org_id

    Identifier for the organization

    Example request JSON

    {
     "refresh_token": "eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOltdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJSRUZfVE9LRU4iLCJleHAiOjE1NjgxMjQ3MDIsImlhdCI6MTU2ODAzODMwMiwianRpIjoiNzM5MGViZWUtNTFjNC00YTdmLThlM2MtMzRmMDE3MjQ2M2VkIn0.PUMSSwfMUzAY_DA4tnTE6X7VnwYvp13x3Gj4YlUwXuMq3YRep3oOUzYk1td87tSWlho2sRkL19UM4PbTSe7X2W3aN8PwfIm24Msmg5WuP416aoMKNQ8F3-WvXEh56UlDRKZdo87GICvHcpvCHvHy8gk8GW1cKGYlnzDNDrJNgnQTAtwxzO8DBenXU2STBbNa4gUCpUwJvGWWmv4NvkFj15MnnMT2Cbp_oOSVK_bQLMSQ8qHsnIS0yL9KHBaT4cQJ0ZA0iYO7o4HXe-6YxPhrRILHLLbB-ViDkgdEtg7fP6HjCQiLxT1eudqMHTaAz-ZPW3vHLwGUDG-chdaRQ8cE4Q",
     "context": {
       "tenant_id": "9722302730901664176334",
       "org_id": 1
      }
    }

  2. If successful, this method returns the authorization token. 

    Example response JSON

    Failed to execute the [code] macro.

  3. From the response header, save the text string returned in the json_web_token line.  That text string is your authentication token, which you need to include in future requests. 

Related topic

HTTP-request-and-response-headers

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*