API Getting Started

Last updated on October 17, 2019

General Overview

VMware Secure State provides public APIs documented through a user-friendly Swagger interface for its customers to query cloud account findings, rules, and compliance information to create advanced reports and automation. The APIs expose a powerful query engine that enables users to derive meaningful insights about the state of their cloud setup. Customers can use VSS APIs to integrate the power of our connected threat model with their favorite tools.

API Overview

Through the VSS APIs, users can view Violations, Rules, and Compliance frameworks configured for their cloud environment. We have 2 primary API sets: Findings API and Rules API that are both based on a common authentication model. This document outlines how to get started with using VSS APIs.

Get an API Access Token

In order to call the VSS APIs, users need to setup the appropriate API authorization for their account. These are the steps:

  1. First, go to https://console.cloud.vmware.com/csp/gateway/portal/#/user/tokens and generate a VSS API token. You will be taken to the “Generate a New API Token” page.

    On this page, either select “All Roles” or the “VMware Secure State” Service Role and simply select “Generate”.

  2. A new API Token is now created that will be needed for authorization. Copy and store this in a safe place.

  3. Next, make a web request to the VMware Cloud Service Platforms to provision a temporary access token using the new API token as described here:

curl -X POST \ https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize \ -d refresh_token={api_token}

Response Body: { "id_token": "eyJ...", "token_type": "bearer", "expires_in": 1799, "scope": "...", "access_token": "{access_token}", "refresh_token": "{api_token}" }

From the response body, extract the “access_token”. This is used to make an authenticated call to VSS APIs to gather insights about a user’s cloud infrastructure.

Now, you can begin using one of our API sets below:

type: embedded-entry-inline id: c78kIZCywjxJnkfu6ucPQqG

type: embedded-entry-inline id: c4A2tz1Isvmb13utnsPc6Mz

Swagger Documentation

We have exposed an easy-to-use Swagger interface that documents and provides examples for utilizing our public APIs. The Swagger documentation can be found here: https://api.securestate.vmware.com/

Our Swagger interface provides API call examples and allows users to dynamically test any calls within their browser.


VMware Secure State public APIs and Swagger documentation powered by our advanced cloud query engine empower security admins to gather actionable insights about the state of their cloud configurations.