HPE GreenLake API Client Credentials
HPE GreenLake API Client Credentials provide secure, programmatic access to HPE GreenLake services. These APIs enable developers to create, manage, and use credentials for authenticating automated workflows and applications across workspaces.
Overview
HPE GreenLake API Client Credentials allow you to programmatically interact with HPE GreenLake services without requiring user interaction. These credentials are ideal for automation scenarios, scheduled tasks, CI/CD pipelines, and backend service integrations.
Key Features
- Secure Authentication — Generate and manage client credentials with appropriate scoping
- Workspace-Specific Access — Create tokens scoped to specific workspaces
- MSP Support — Exchange tokens between parent and tenant workspaces (for MSPs)
- Programmatic Control — Full API access for credential lifecycle management
Access Token Scope
Each workspace requires an access token scoped specifically to that workspace. Typically, you must create API client credentials in each workspace to obtain a workspace-scoped access token.
- Learn more about basic token generation
MSP Token Exchange
For Managed Service Provider (MSP) workspaces hosted in HPE GreenLake Cloud, token exchange is supported. MSPs can generate a single set of credentials in their parent workspace, use them to acquire a signed access token, and then exchange that token for tenant-scoped tokens as needed.
This process follows the OAuth 2.0 Token Exchange specification (IETF RFC 8693).
- Learn more about MSP token exchange
Access and Permissions
To use HPE GreenLake API Client Credentials, you must have the appropriate role and permissions in your HPE GreenLake cloud workspace.
Role Types
| Role | Permissions |
|---|---|
| Administrator | View, edit, and delete privileges |
| Operator | View and edit privileges |
| Observer | View-only privileges |
Required API Permissions
The following table outlines the specific permissions required for each API endpoint:
| API Endpoint | Resource | Permission Required |
|---|---|---|
GET /workspaces/v1/credentials |
Workspace | View |
POST /workspaces/v1/credentials |
Workspace | Edit |
DELETE /workspaces/v1/credentials/{id} |
Workspace | Delete |
POST /workspaces/v1/credentials/{id}/reset |
Workspace | Edit |
For more information about roles and permissions, see the HPE GreenLake Cloud User Guide:
- View preconfigured roles and their permissions
- Learn how to create custom roles
- Discover how to assign roles to users
API Availability
The following table shows the availability of API endpoints across HPE GreenLake platforms:
| Endpoint | HPE GreenLake Cloud | HPE GreenLake Dedicated Platform |
|---|---|---|
GET /workspaces/v1/credentials |
✓ | ✓ |
POST /workspaces/v1/credentials |
✓ | ✓ |
DELETE /workspaces/v1/credentials/{id} |
✓ | ✓ |
POST /workspaces/v1/credentials/{id}/reset |
✓ | ✓ |
| Token Exchange | ✓ | ✗ |
Recent Updates
August 2024
- HPE GreenLake for Credential Management was renamed to HPE GreenLake API Client Credentials
- APIs were moved from the Identity & Access Management category to a dedicated section
- No changes to API functionality
For complete details on all changes, see the changelog.