Authentication¶
PyCentral provides a flexible authentication system allowing users to make API calls to New Central, GLP, and/or Classic Central. You only need to provide credentials for the platform(s) you want PyCentral to interact with.
Choosing an Authentication Method¶
PyCentral supports two authentication methods for New Central & GLP:
| Method | Best For | Token Expiry |
|---|---|---|
| Client ID & Client Secret (Recommended) | Automation & long-running scripts | Auto-renews - New tokens are generated automatically by SDK upon expiry |
| Access Tokens | Quick tests & one-time API calls | Manually need to update token upon expiry |
If you want a hassle-free setup use Client ID & Secret, the SDK will automatically generate a new token whenever required. If you're just testing an API, using Access Token is fine
Unified Credentials¶
PyCentral also supports a unified credential model. Instead of providing separate glp and new_central credential blocks, you provide one unified block using your GLP client credentials. The SDK generates one token through GLP auth (using workspace_id) and reuses that same token for both GLP and New Central API calls.
MSP Mode Requires Unified Credentials
MSP mode only supports unified credentials. See the MSP guide for setup details and usage.
How It Works¶
- You provide GLP
client_id,client_secret, andworkspace_idin a singleunifiedblock. - The SDK creates one access token via GLP and uses it for both GLP and New Central calls.
- No separate
glpornew_centralcredential blocks are needed. Ifunifiedis present, standaloneglpandnew_centralentries are ignored.
Required Fields¶
| Field | Required | Description |
|---|---|---|
client_id |
Yes | GLP client ID |
client_secret |
Yes | GLP client secret |
workspace_id |
Yes | GLP workspace ID |
base_url or cluster_name |
Only for New Central calls | Identifies the Central API gateway. Omit if you only need GLP APIs |
access_token |
No | Pre-existing token; if omitted the SDK generates one automatically |
Configuration Examples¶
Unified — GLP + New Central
token_info = {
"unified": {
"client_id": "<glp-client-id>",
"client_secret": "<glp-client-secret>",
"workspace_id": "<workspace-id>",
"cluster_name": "Internal" # or "base_url": "https://apigw-<cluster>.central.arubanetworks.com"
}
}
Unified — GLP Only
token_info = {
"unified": {
"client_id": "<glp-client-id>",
"client_secret": "<glp-client-secret>",
"workspace_id": "<workspace-id>"
}
}
This enables GLP APIs only. Add base_url or cluster_name to also enable New Central APIs.
New Central¶
Base URL or Cluster Name (Choose one) Identifies your Central Account's API gateway. Both options function identically. Use whichever is convenient:
- Base URL Base of the URL for requests to your Central API Gateway. For instructions on how to locate your Base URL, see Finding Your Base URL in Central.
- Cluster Name Name of the cluster where your account is provisioned. A table detailing all cluster names can be found here.
API Credentials (Choose one):
- Client ID & Client Secret (Recommended)
The SDK automatically generates new tokens when they expire, so you don't have to manage them manually. Learn how to create your credentials here. - Access Token
Manually, retrieve an access token. Learn how to retreive an access token here. (Tokens expire in 2 hours)
GLP¶
No Base URL Required
API Credentials (Choose one):
- Client ID & Client Secret (Recommended)
The SDK automatically generates new tokens when they expire, so you don't have to manage them manually. Get your credentials here. - Access Token
Manually, retrieve an access token here (Tokens expire in 15 mins)
Classic Central¶
Classic Central suppports authentication methods for access tokens or generating through OAUTH APIs
Base URL
You can find your Classic Central account's base URL from the table provided within this guide here.
API Credentials (Choose one):
-
OAUTH
Manually, use the pycentral.workflows_utils.get_conn_from_file() function to generate new tokens when they expire. View our Classic Central guide for OAUTH Authentication with PyCentral here.
-
Access Token
Manually, retrieve an access token. Learn how to retreive an access token here. (Tokens expire in 2 hours)
Next Steps¶
- Quick Start - Start using PyCentral
- Module Reference - Explore modules