The high-level sequence of API calls to establish a unidirectional association is a two-part process. “Association data” which cryptographically identifies the source site Site “A” is collected first, then passed to an API endpoint which creates a Task within vCloud Director at Site “B”, adding Site “A” as an associated site and storing both the cryptographic data provided during the association and the URLs of the included REST endpoints for Site “B”. The following figure shows this process.

 

With the first part of the associated completed, vCloud Director at Site “B” has the credentials it requires to authenticate and decrypt API calls and payload data from Site “A”, but no way to identify itself to Site “A” or, to encrypt API payload data in a way in which Site “A” will be able to reciprocate. The association sequence is then repeated in the opposite direction to establish bidirectional authentication and encryption. The following figure shows this process.

 

With the second part of the association complete, both members of the association are now aware of each other, have the URLs of the remote site’s REST API endpoints, and have the credentials to be able to use them securely. The API endpoints in the current version (v29.0 at the time of writing) allow the administrator to collect the association data from one vCloud Director site and submit it to another (as shown above) using the following API workflow.

The requests and responses show only the relevant elements. See the vCloud Director API guide in the References section for full details. The workflow shows the sequence of steps, the requests (è) and their relevant headers, and the responses (ç) and their relevant content.