HPE GreenLake API Client Credentials developer guide
The examples in this guide help you use the HPE GreenLake API Client Credentials.
Prerequisites
Endpoints
Endpoints are the host URLs to which you will submit your API requests. To access HPE GreenLake for API Client Credentials APIs, use the unified API:
-
https://global.api.greenlake.hpe.com
URIs
Unique Resource Identifiers (URIs) are used to identify a server or resource used within the users and workspaces. A URI is a full API path ending in an identification number. For example:
-
/identity/v1/users/{userId}
Generating tokens
You must configure API credentials and generate an access token to make API calls. HPE GreenLake APIs use OAuth-based access tokens used as an authorization bearer token.
To access the HPE GreenLake platform Identity & Access Management API, proceed as follows:
- Connect to the HPE GreenLake edge-to-cloud platform UI workspace.
- Go to Manage Workspace > API > Create Credentials .
- Select HPE GreenLake Platform from the Select Service Manager drop-down. If you do not see HPE GreenLake Platform as an option when configuring API client credentials, see the Getting Started Guide for more information.
- Enter the Credential Name .
- Click Create Credential .
Making it all work
With the API Client Credentials, you can:
- Create a credential
- List the credentials you have created
- Reset the secret of a credential
- Delete a credential
You can perform these operations for the HPE GreenLake platform service manager and provisioned service managers in standard enterprise, managed service provider (MSP), and MSP tenant workspaces.
The following API descriptions clarify the optional parameters for managing MSP tenant workspaces and provisioned service managers.
Create a credential
To create a new credential in a workspace, submit a POST request:
POST https://global.api.greenlake.hpe.com/workspaces/v1/credentialsThe elements of the APIs payload are the credentialName and optionally associatedTenant and associatedServiceManagerProvision.
- Credential name — Human readable alias for this credential.
-
Associated tenant
(MSP only)
—
A reference to the tenant in which this credential will be created. If you supply an
associatedTenant, it will be returned in the response payload.
You need to supply the UUID of the workspace. To find the UUID:
-
Use the
Get basic workspace information
API to find your workspace UUID.
- Alternatively, use the HPE GreenLake platform UI .
- (MSP only) Use the Obtain a list of tenants API to find workspace UUIDs for the MSP tenant workspace.
"associatedTenant": {
"resourceUri": "/workspaces/v1/workspaces/<UUID of Workspace>"
}(Optional) Provide an associated service manager provision. This refers to the instance of the provisioned service in your workspace to which you want to link the credential. If you supply an associatedServiceManagerProvision, the response payload will return it.
You need to supply the UUID of the provisioned service instance.
- To find this UUID, use the GET a list of provisioned service managers API.
"associatedServiceManagerProvision": {
"resourceUri": "/service-catalog/v1beta1/service-manager-provisions/<UUID of provisioned service instance>"
}Sample request with both associatedTenant and associatedServiceManagerProvision
{
"credentialName": "<A human readable alias for your new credential>",
"associatedServiceManagerProvision": {
"resourceUri": "/service-catalog/v1beta1/service-manager-provisions/767c0c92-5ecc-4952-85d6-04a2acaaf050"
}
"associatedTenant": {
"resourceUri": "/workspaces/v1/workspaces/eba3541b-db86-465f-9cae-31f33ccb1fa0"
}
}Sample response
{
"id": "fa4e341b-db86-495f-9cee-31f48bba1ea0",
"credentialName": "My credential",
"clientId": "fa4e341b-db86-495f-9cee-31f48bba1ea0",
"clientSecret": "9163c936b93911ee822c16e5bfc542a7",
"type": "credentials",
"generation": 1,
"createdAt": "2024-01-22 15:18:59.936526",
"updatedAt": "2024-01-22 15:18:59.936526",
"associatedTenant": {
"resourceUri": "/workspaces/v1/workspaces/aa4e3a1a-cc83-335b-9cae-b93911ee822c",
"tenantName": "Tenant ABC"
},
"associatedServiceManagerProvision": {
"resourceUri": "/service-catalog/v1beta1/service-manager-provisions/767c0c92-5ecc-4952-85d6-04a2acaaf050"
}
}Listing your credentials
To list the credentials, submit a GET request:
GET https://global.api.greenlake.hpe.com/workspaces/v1/credentials-
Associated service manager provision
—
If a credential was created with an
associatedServiceManagerProvisionit will be present in the response for that credential. -
Associated tenant
(MSP only)
—
If a credential was created with an
associatedTenantit will be present in the response for that credential. -
Filtering
(MSP only)
—
For MSP workspaces, this
GETendpoint supports filtering using the OData standard. To retrieve credentials in an MSP tenant, append?filter='tenantId eq <The tenantId of interest>'to the GET request.
Sample response with associatedTenant and associatedServiceManagerProvision:
{
"items": [
{
"credentialName": "Credential Demo",
"associatedServiceManagerProvision": {
"resourceUri": "/service-catalog/v1beta1/service-manager-provisions/767c0c92-5ecc-4952-85d6-04a2acaaf050"
},
"associatedTenant": {
"resourceUri": "/workspaces/v1/workspaces/aa4e3a1a-cc83-335b-9cae-b93911ee822c",
"tenantName": "Tenant ABC"
},
"id": "b660bcc4-1914-45b1-81a8-fcff6cb82a9e",
"clientId": "b660bcc4-1914-45b1-81a8-fcff6cb82a9e",
"type": "credentials",
"generation": 1,
"createdAt": "2024-01-22 10:00:00.000000",
"updatedAt": "2024-01-22 10:00:00.000000"
}
],
"count": 1
}Reset the secret of a credential
Use the reset endpoint to regenerate the clientSecret of a credential. POST to the endpoint, supplying the id of the credential you wish to reset.
POST https://global.api.greenlake.hpe.com/workspaces/v1/credentials/{id}/reset-
Associated service manager provision
—
If a credential was created with an
associatedServiceManagerProvisionit will be present in the response for that credential. -
Associated tenant
(MSP only)
—
If a credential was created with an
associatedTenantit will be present in the response for that credential.
Sample response with associatedTenant and associatedServiceManagerProvision:
{
"credentialName": "Credential Demo",
"id": "fa4e341b-db86-495f-9cee-31f48bba1ea0",
"clientId": "fa4e341b-db86-495f-9cee-31f48bba1ea0",
"clientSecret": "8274d83827b93912dd811c16f5bfa542b6",
"type": "credentials",
"generation": 1,
"createdAt": "2024-01-22 15:19:00.000000",
"updatedAt": "2024-01-22 15:19:00.000000",
"associatedServiceManagerProvision": {
"resourceUri": "/service-catalog/v1beta1/service-manager-provisions/767c0c92-5ecc-4952-85d6-04a2acaaf050"
},
"associatedTenant": {
"resourceUri": "/workspaces/v1/workspaces/aa4e3a1a-cc83-335b-9cae-b93911ee822c",
"tenantName": "Tenant ABC"
},
}Delete a credential
Use the delete endpoint to delete a credential. Submit a DELETE request to the endpoint supplying the id of the credential you wish to delete.
DELETE https://global.api.greenlake.hpe.com/workspaces/v1/credentials/{id}A successful deletion returns an HTTP status 204.
Filtering
Filters provide the ability to limit the resources that take part in the action of a REST call. When a REST call includes a filter, the GET or PUT action is restricted to a response that meets the filter requirements. Specify filters using the query parameter filter.
Filtering example
In this example of filtering, the query's resources are limited to results for the specified username. Within the filter, the separator is a space.
GET <URI>?filter=username eq 'user@example.com'Filtering on a single property
filter = <propertyName> <comparison operation> <literal>GET /workspaces/v1/credentials?filter=tenantId eq '7600415a-8876-5722-9f3c-b0fd11112283'
Examples of the possible filter values:
| Filter | Example | Description |
|---|---|---|
| tenantId | tenantId eq '7600415a-8876-5722-9f3c-b0fd11112283' |
Returns credentials for a user within a particular tenant, only enabled for MSP managed tenants. |
OData filtering reference
This filtering is a subset of OData 4.0 filtering.