Authentication
The Cisco Nexus Hyperfabric API requires access using an authenticated and authorized account. Only authorized accounts are able to submit requests to API operations. All operations must communicate over a secure HTTPS connection.
To use the Hyperfabric API, start by logging into the Hyperfabric service through a browser with your cisco.com credentials. Once logged in, generate a bearer token (RFC), as described in Create a bearer token. Include this token in the HTTP Authorization header for all future API operations, like in this example:
'Authorization: Bearer {token}'
Bearer Tokens
A bearer token that is issued by Hyperfabric is a JWT and is specific to a user within a single organization. If a user belongs to multiple organizations, they must create separate tokens for each organization.
In other words, a bearer token performs actions scoped to a specific user within a specific organization.
Bearer Tokens are effectively passwords and should be treated with as much security as any other password owned by a user.
If the token is stolen, any API request that is executed by that token are tied to the owner of the token regardless of who might actually be using the token.
Note: A bearer token authenticates the specific account it is created for. The token remains valid only for operations within the organization that issued it. For accounts in multiple organizations, you must create a token for the desired organization's API.
The Hyperfabric service platform provides individual user management. A single API gateway serves all users and organizations. The platform enforces token-specific authorization and privileges based on a token's scope. For information on creating and managing users and their roles, see Users.
Create a Bearer Token
Before you can send any API requests to the Hyperfabric API, you must create a bearer token for authentication. Every API call must include this token in the HTTP Authorization header, specifying Bearer as the authentication scheme.
Using a browser, log in to the Hyperfabric service with your Cisco Connection Online (CCO) ID and password.
If your account is part of multiple organizations, verify the selected organization under your name in the top-right corner. To change the organization, click on the Organization item in the left menu and select the correct Organization.
Click your name to open your account settings.
Select API bearer tokens.
A list of existing tokens opens, along with a button for creating a new token.
Click Add a bearer token.
A dialog box opens for creating a token.
Enter a token name and choose a scope and a duration.
You can select a Valid for period from one month to two years.
Click Generate Token.
A window displays the new token.
Copy the token and store it to a safe location.
IMPORTANT: The new token is displayed only once, immediately after creation, and is never displayed again. You must copy and save it now, as there is no way to view it again later. Store the token as securely as your store an account password as it will give anyone access to the account if shared.
Click Done.
TIP: Store the bearer token as an environment variable, such as $AUTH_TOKEN, on your computer.
For example:
export AUTH_TOKEN=<token>
Users
New users can be added to an organization and are identified by their email address. A new user must have CCO credentials to be able to log in to Nexus Hyperfabric. The following user roles are currently supported:
ADMINREAD-WRITEREAD-ONLY
The ADMIN role is required to create, delete, or edit users.