Getting Started with VCF 9.0 APIs — A Developer’s Guide

VMware Cloud Foundation (VCF) 9.0 marks a significant shift toward a unified, API-first private cloud platform. For the modern infrastructure engineer, this means moving away from manual UI clicks and toward programmatic lifecycle management. VCF 9.0 consolidates the SDDC Manager, vSphere, and NSX into a cohesive API surface, allowing you to treat your entire data center as code.

In this post, we’ll break down the VCF API landscape, how to authenticate, and the tools you need to start automating today.

Understanding the VCF API Landscape

VCF 9.0 provides a comprehensive set of RESTful APIs designed for automation. The ecosystem is divided into several core components, each accessible via public OpenAPI specifications:

• SDDC Manager API: The central brain for orchestrating domains, clusters, and host lifecycles.

• VCF Installer API: Used for automated "Bring-up" and initial deployment of the VCF stack.

• VCF Operations API: Focused on fleet-wide health monitoring, reporting, and performance metrics.

• vSphere Automation API: Manages the underlying virtual infrastructure, including VMs and resource pools.

API Specification Formats

VCF APIs primarily follow the OpenAPI 3.0 standard, making it easy to generate client SDKs or import definitions into tools like Postman. While legacy SOAP/WSDL support exists for certain vSphere services, OpenAPI is the recommended path for all new VCF 9.0 development.

Authentication: The Key to the Kingdom

VCF 9.0 uses token-based authentication. Before performing any management tasks, you must exchange credentials for a Bearer Token.

The Authentication Flow

1. Obtain Access Token: Send a POST request to the token endpoint with your administrative credentials.

2. Token Validity: Access tokens typically expire in 1 hour, while refresh tokens last for 24 hours.

3. Use in Headers: Include the token in the Authorization: Bearer <token> header for all subsequent calls.

Example: Authenticating with SDDC Manager

curl -X POST "https://<sddc-manager-fqdn>/v1/tokens" \ -H "Content-Type: application/json" \ -d '{ "username": "admin@local", "password": "YourSecurePassword" }'

Tooling and SDKs

You don’t have to write raw HTTP requests from scratch. Broadcom provides officially supported SDKs and community tools:

• Python & Java SDKs: Available publicly via PyPI and Maven Central.

• OpenAPI Generator: Because the specs are public, you can generate client libraries in almost any language (Go, Ruby, C#) using the VCF GitHub repository.

• API Explorer: VCF 9.0 includes an "in-product" API Explorer (Swagger UI) that allows you to test calls directly against your live environment.

Best Practices for "Day 1"

• Use Versioned Prefixes: Always include the version in your URI (e.g., /v1/hosts) to ensure your scripts don't break when new API versions are released.

• Handle Async Tasks: Many VCF operations (like creating a domain) are asynchronous. The API will return a taskId; you must poll this task to confirm completion.

• Environment Variables: Never hardcode your API tokens or passwords in scripts. Use a secrets manager or environment variables.

Conclusion

The VCF 9.0 API is your gateway to a truly automated private cloud. By mastering the authentication flow and understanding the component-based architecture, you're ready to move from manual tasks to scalable infrastructure code.