Generating & Managing Access Token
This section is a quick start guide to generating & managing tokens for HPE Aruba Networking Central REST API
Introduction
To get started with using the HPE Aruba Networking Central REST API, you need an access token from HPE GreenLake Platform. Tokens are valid for 2 hours, after which they expire. This guide will walk you through how to:
Compatibility with Product Versions( new Central vs Classic Central)
The tokens generated through the steps mentioned in this guide are only compatible with new Central.
If you need to make API calls to classic Central, follow the steps outlined in Access Token Management. Tokens for new Central will not work with Classic Central, and vice versa.
What is an access token ?
Access Token is a string that identifies a user, app, or web page and is used to access an API. The access token provides a temporary and secure access to the APIs. This token is a "bearer token", which means the bearer of this token is granted access into the system.
The token you generate will have the same rights and permissions as your user role for the Central app. Every New Central API request must include this token in the Authorization header.
Without a valid token, your API calls will fail with a 401 Unauthorized Error.
Create Client Credentials
Before you can generate tokens, you can need to create client credentials. This is one-time step that provides you with a client ID and client secret which can be used to generate access tokens.
1. Select Manage Workspace
Token management falls under the Manage Workspace link highlighted in red here.
2. Select Personal API clients category
The Personal API clients category within the Manage Workspace page is where you can access your Token credentials for HPE GreenLake Cloud Platform and your installed applications in this platform like HPE Aruba Networking Central.
3. Create Credentials
Click the Create Personal API client button to create API credentials that will allow you to generate access tokens.
4. Select Service Manager
Provide a credential nickname ex. "new-central-tutorial-token" and choose your HPE Aruba Networking Central Instance from the service manager dropdown menu.
5. Create & Save Credentials
Click on the Create personal API client button to create API token credentials for the HPE Aruba Networking Central Instance.
After creating credentials you should copy the client ID and client secret to a safe location. You will need to use this credential information to generate tokens and automate token generation.
Warning
HPE GreenLake platform does not store your client secret. If lost, you need to reset your client secret .
Generate Access Token
Once you created your client credentials, you can use them to generate an access token. You can generate access token via HPE GreenLake UI or API.
Using HPE GreenLake UI
In the Personal API clients section, select the set of credentials you've created and click the credential name to expand the accordion component. Click Generate Access Token.
Paste your client secret into this input to generate an access token for your Central Instance.
Now you can copy the access token and use it to make API calls to your HPE Aruba Networking Central Instance.
Using HPE GreenLake API
You can also request an access token programmatically by sending a POST request to HPE GreenLake Platform with your client ID and client secret.
Below are code samples in cURL and Python to demonstrate how to send this API request:
Note
Ensure you replace the placeholders(<your_client_id> and <your_client_secret>) with your actual client credentials before running the below code samples.
curl -X POST https://sso.common.cloud.hpe.com/as/token.oauth2 -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id=$YOUR_CLIENT_ID&client_secret=$YOUR_CLIENT_SECRET"
from oauthlib.oauth2 import BackendApplicationClient
from requests.auth import HTTPBasicAuth
from requests_oauthlib import OAuth2Session
client = BackendApplicationClient(YOUR_CLIENT_ID)
oauth = OAuth2Session(client=client)
auth = HTTPBasicAuth('9b05b48f-a144-44a6-96e9-6e73f32bd2e5', YOUR_CLIENT_SECRET)
token = oauth.fetch_token(token_url='https://sso.common.cloud.hpe.com/as/token.oauth2', auth=auth)
print(token["access_token"])
Upon successfully generating a token, the API request will return a response in the following format:
{
"access_token": "<access_token>",
"token_type": "Bearer",
"expires_in": 7199
}
The following table provides a details of the keys in the API response shown above:
| Key | Type | Description |
|---|---|---|
| access_token | String | The token you can use to make API calls to new Central |
| token_type | String | Indicates the type of token issued |
| expires_in | Int | The duration (in seconds) for which the token is valid |
Token Validity & Expiry
Access tokens in new Central are valid for 2 hours. After the token expires, you'll need to generate a new access token to continue making API calls.
There's no automatic token renewal or refresh mechanism. You must manually request a new token using your API client credentials via HPE GreenLake Platform's UI or API .
Manage Client Credentials
- Reset Credentials : If you have forgotten your client secret, you can reset your client credentials through HPE GreenLake UI to get a new client secret.
- Delete Credentials: If you no longer need a set of credentials, you can delete them to reduce security risks
Important
Resetting or deleting your client credentials will invalidate all access tokens associated with those credential.
Security Best Practice
- Never hard-code tokens in your script. Use environment variables or secure storage solutions.
- Generate new tokens regularly to maintain security.
- Reset credentials if you suspect your token has been compromised.
With your access token ready, you can now start making API calls to interact with new Central. The next guide will walk you through the process of making your first API call using our API Reference Guide
Updated about 2 months ago