Authentication

The following steps describe how to generate an access token for HPE GreenLake cloud services. You need an HPE GreenLake account to complete these steps.

Adding services to your workspace

You can use the platform to add any services listed in the services page of your workspace. You can also think of the Add functionality as service onboarding.

  1. On the Services page, click Catalog on the left menu. The Services page displays a series of tiles for services that are available to you.
  2. Click any service to learn more about the service.
  3. Select Launch on the services detail view, and follow the prompts from the Deploy Service wizard to deploy the service.
note

If you are authorized to add the selected service, a successful provisioning message appears. If you do not have the authorization to add or load this service into your workspace, a failed provisioning message appears. Contact your account administrator for help.

Requesting access to HPE GreenLake APIs

You must create a support request to get access to the APIs.

  1. While logged in to HPE GreenLake, click Help & Support.
  2. In the Help section, select HPE GreenLake.
  3. In the Support section, click Create New Case.
  4. Fill in the requested details.
    • Enter your name, company name, email, and phone number.
    • Choose your preferred contact method, either email or phone.
    • In Support Issue Details, in What do you need help with?, choose Workspace, User, Onboarding.
    • Choose HPE GreenLake Platform APIs Onboarding .
    • Provide the workspace ID. To find your workspace ID, go to HPE GreenLake cloud, click the workspace menu, and select Manage Workspace.
    • (Optional) In Can you give us more details?, you can:
      • Enter additional details in the text box.
      • Upload a supporting document by clicking Select File.
  5. Click Submit . A ticket is created with HPE GreenLake support, and they will respond within 24 hours.

Creating a personal API client

By creating a personal API client, you create the client ID and client secret required to access HPE GreenLake or another HPE service's APIs. The client ID and client secret are used to generate an access token. An access token authenticates API communication between your application and the platform.

  1. On the HPE GreenLake header, click the workspace menu and then select Manage Workspace.
  2. Select Personal API clients.
  3. Click Create personal API client.
  4. In Personal API client name, enter a name for the API client.
  5. Select the Service that you want to access.
  6. Click the Create personal API client button to continue. The Personal API client created display appears and shows that your credentials were successfully created.
  7. Click the Copy button next to Client ID and Client Secret and save both to a safe and secure location. HPE GreenLake does not store your client secret. If lost, you need to reset your client secret.
  8. Click Close to continue. You are returned to the main Personal API clients page, where you can generate the access token.

Generating an access token

On the Personal API clients page, you can view API credential details and generate access tokens.

Access tokens are small strings of code sent in the header of your API calls. Access tokens identify whether you (or your application) have the necessary permissions to access resources securely through an API call. Access tokens inherit the permissions of the user that created the personal API client.

In a standard enterprise workspace or in a tenant workspace, the access token applies automatically to the workspace of the logged-in user. In Managed Service Provider (MSP) mode, all MSP roles can configure access tokens to apply to the MSP workspace or to a tenant workspace.

note

To learn more about workspace types, see Manage workspace type or Manage Service Provider (MSP) mode Terminology.

Access tokens remain valid for limited periods. HPE GreenLake tokens stay valid for 15 minutes. Tokens for all other HPE services stay valid for 120 minutes.

  1. On the Home page, click Manage Workspace, and then click the Personal API clients card.
  2. Click the arrow next to the credential name to display the credential details. You can now generate an access token or view a sample code to generate access tokens
  3. Click Generate access token. The Generate access token modal appears. The options in the Generate access token modal depend on your workspace type. Only MSPs require and see the option Generate access token for access to workspace.
  4. From the Generate access token modal, perform the following steps.
    1. The Client ID is prepopulated with the client ID.
    2. Paste the client secret into the Client secret field.
    3. (MSP-only) From the Generate access token for access to workspace drop-down, choose, or search for the workspace for which to create the access token. In MSP mode, you can choose to generate a token for the MSP workspace or a tenant workspace. API requests that are made using this access token only retrieve results from or affect the chosen workspace.
  5. Click Create access token. The Access token created modal appears with your Access token.
  6. Click Copy next to your access token.
tip

HPE GreenLake does not store tokens. Therefore, you must copy and store your access token in a secure location.

note

The access token can be used as authorization bearer token to make secure REST API calls to HPE GreenLake API services. For example, if using cURL, include -H 'Authorization: Bearer <YOUR_JWT_HERE>' in your API request header. Replace <YOUR_JWT_HERE> with your token. The API reference documentation on HPE GreenLake Developer Portal provides example request headers in multiple programming languages.

Viewing code samples for generating an access token

You can programmatically generate access tokens. Through the HPE GreenLake UI, you can create sample code for this purpose.

Access tokens remain valid for limited periods. HPE GreenLake cloud tokens stay valid for 15 minutes. Tokens for all other HPE services stay valid for 120 minutes.

  1. On the Home page, click Manage Workspace, and then click Personal API client.
  2. Click the arrow next to the credential name to display the credential details. You can now generate an access token or view sample code for generating access tokens.
  3. Click View code sample. The Generate code sample modal appears. The options in the Generate code sample modal depend on your workspace type. Only managed service providers require, and see the option Produce sample for accessing.
  4. From the Generate code sample modal, perform the following steps.
    1. (MSP-only) From the Produce sample for accessing drop-down, select the target workspace. In MSP mode, you can choose to generate a token for the MSP workspace or a tenant workspace. The resulting code sample generates an access token applicable to the chosen workspace.
    2. From the Select programming language drop-down, select the programming language.
    3. Personal API client is always prepopulated with the name given to the personal API client.
    4. Paste the client secret into the Enter client secret field. The information you selected or entered is displayed in the code sample.
  5. Click Copy code sample. The copied code sample can be used to generate an access token programmatically.
  6. Click Close when you are finished.
note

To learn more about workspace types, see Manage workspace type or Manage Service Provider (MSP) mode Terminology.

note

The access token can be used as authorization bearer token to make secure REST API calls to HPE GreenLake API services. For example, if using cURL, include -H 'Authorization: Bearer <YOUR_JWT_HERE>' in your API request header. Replace <YOUR_JWT_HERE> with your token. The API reference documentation on HPE GreenLake Developer Portal provides example request headers in multiple programming languages.

Resetting your client secret

There may be a time when you want to reset your client secret for security purposes.

  1. Click the ellipsis next to the Generate Access Token, then select Reset client secret.
  2. Click Reset Client Secret. The Personal API client secret reset dialog appears.
  3. Click Copy next to the Client secret. Save the client secret in a secure location, as HPE GreenLake does not store the client secret.
  4. Click Close.

Deleting your client credentials

  1. Click the ellipsis next to the Generate Access Token.
  2. Select Delete personal API client. The Delete personal API client dialog appears.
  3. Click Delete personal API client.
note

If a user is deleted from HPE GreenLake, any personal API clients generated and associated with any services owned by this user will no longer be valid.

Points to Remember

  • HPE GreenLake cloud tokens stay valid for 15 minutes and tokens for all other HPE services stay valid for 120 minutes.
  • The credentials created for a user are valid until they are deleted, reset, or the user account is removed.