HomeGuidesAPI ReferenceGuidesMRT APIConfiguration API
GitHubAirheads Developer Community
Guides
GitHubAirheads Developer Community

Authentication

Suggest Edits

PyCentral requires credentials for each platform your script will call. You only need to configure the platforms you're actually using — New Central, GLP, or both.

Choosing an Authentication Method

PyCentral supports two authentication methods for Central & GLP:

MethodBest ForToken Expiry
Client ID & Client Secret (Recommended)Automation & long-running scriptsAuto-renews - New tokens are generated automatically by SDK upon expiry
Access TokensQuick tests & one-time API callsManually need to update token upon expiry

📘

Which method should you use ?

If you want a hassle-free setup use Client ID & Secret. The SDK will automatically generate a new token whenever required with this method. Setup is minimal and this is our recommended method.

Get Your Credentials

New Central

Gather the following:

  1. Base URL or Cluster Name (Choose one): Identifies your Central Account's API gateway. Both options function identically. Use whichever is convenient:
    1. Base URL — Base of the URL for requests to your Central API Gateway. For instructions on how to locate your Base URL, see Finding Your Base URL in Central.
    2. Cluster Name — Name of the cluster where your account is provisioned. A table detailing all cluster names can be found here.
  2. API Credentials (Choose one):
    • Client ID & Client Secret (Recommended)
      The SDK automatically generates new tokens when they expire, so you don't have to manage them manually. Learn how to create your credentials here .
    • Access Token
      Manually, retrieve an access token here (Tokens expire in 2 hours)

GLP

For GLP authentication:

  1. No base URL required — GLP's endpoint is fixed

  2. API Credentials (Choose one):

    • Client ID & Client Secret (Recommended)
      The SDK automatically generates new tokens when they expire, so you don't have to manage them manually. Create a Personal API Client on HPE GreenLake by following these steps
    • Access Token
      Manually, retrieve an access token here (Tokens expire in 15 mins)

Classic Central

For Classic Central authentication, see the Classic Central documentation

Configure Your Credentials

PyCentral accepts credentials in two ways. Choose the one that fits your workflow.

Option 1 — token.yaml file (recommended for getting started)

Create a token.yaml file in the same directory as your script. Only include the block for the platform(s) your script will call.

New Central only:

new_central:
  base_url: <your-api-base-url>
  client_id: <your-client-id>
  client_secret: <your-client-secret>

GLP only:

glp:
  client_id: <your-client-id>
  client_secret: <your-client-secret>

Both platforms:

new_central:
  base_url: <your-api-base-url>
  client_id: <your-client-id>
  client_secret: <your-client-secret>

glp:
  client_id: <your-client-id>
  client_secret: <your-client-secret>

⚠️

Security warning

Never commit token.yaml with valid credentials to version control. It's recommended to add it to your .gitignore immediately:

echo "token.yaml" >> .gitignore

Once your token.yaml is ready, pass the file path to NewCentralBase using the with context manager. You can find an example for this option below

Option 2 — Python dict (recommended for CI/CD and production)

Pass credentials directly as a dict built from environment variables. No file on disk, no risk of accidentally committing secrets.

Set the environment variables in your shell or CI/CD pipeline before running your script:

export CENTRAL_BASE_URL="https://us5.api.central.arubanetworks.com"
export CENTRAL_CLIENT_ID="your-client-id"
export CENTRAL_CLIENT_SECRET="your-client-secret"

Examples

See how each credential option translates into a working script.

from pycentral import NewCentralBase
 
with NewCentralBase(token_info="token.yaml") as conn:
    resp = conn.command(
        api_method="GET",
        api_path="network-monitoring/v1/device-inventory"
    )
    if resp["code"] == 200:
        print(resp["msg"])
    else:
        print(f"Error {resp['code']}: {resp['msg']}")

import os
from pycentral import NewCentralBase

credentials = {
    "new_central": {
        "base_url": os.environ["CENTRAL_BASE_URL"],
      # "cluster_name": os.environ["CENTRAL_CLUSTER"],  # alternative to base_url, e.g. US-WEST-5
        "client_id": os.environ["CENTRAL_CLIENT_ID"],
        "client_secret": os.environ["CENTRAL_CLIENT_SECRET"],
    }
}

with NewCentralBase(token_info=credentials) as conn:
    resp = conn.command(
        api_method="GET",
        api_path="network-monitoring/v1/device-inventory"
    )
    if resp["code"] == 200:
        print(resp["msg"])
    else:
        print(f"Error {resp['code']}: {resp['msg']}")

Updated 9 days ago

What’s Next

Once your credentials are configured, head to the Quickstart guide to install PyCentral and make your first API call.