Connecting to the VIO APIs via Postman and curl

For an upcoming engagement I have been looking at the options for managing VIO (VMware Integrated Openstack) via its APIs.

While trying it out in a lab environment I found myself stuck at the very first hurdle, I couldn’t get my login request to succeed. Without the access cookie I wouldn’t be able to do anything else. The VMware documentation for VIO has a page outlining how to use the APIs but this wasn’t working for me when I tried to use Postman or curl. Curl was returning a 401 Unauthorized code with an error message about password not being a recognised internal or external command (this was on a Windows machine). Postman was simply returning the 401 Unauthorized code.

After some trial and error using verbose mode in curl, and referring to this documentation page I managed to get a successful connection in curl. The solution was to place the credentials into quotes (don’t fall into the trap I did of using a different VMware page showing an example of using the api commands via curl with single quote marks) so that the command became the following:

curl -k -v -X POST -d "username=administrator@vsphere.local&password=VMware1!"  

Within the output of the command there is a line

Set-Cookie: JSESSIONID=CC6E2E5C8446D74B5C1F82DF0721F70F;

This is the cookie returned by the management server which can be used within subsequent API calls to confirm that the session is authenticated.

So now curl was working, but Postman was still failing with a 401 error. Looking at the contents of the successful verbose call via curl I noticed that it was setting a header of:

Content-Type: application/x-www-form-urlencoded

Adding this to Postman and setting the request body without using quotes to


Provided a successful connection, and the JSESSIONID value is shown in the response cookies.

Now The JSESSIONID cookie value can be passed to future api calls using the -b option in curl, for example to list the VIO clusters registered with the management server:

curl -k -v -b JSESSIONID=7C233CE2BE8D4DF44B28B258E89;

Or in Postman by setting a header named Cookie:

Remember to include the semicolon on the end of the value in both methods or you will receive a 401 Unauthorized error again.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close