VMware record



Create, update, list and delete VMware records for authenticating to vSphere components running vSphere v4.x and 5.x. Vulnerability and compliance scans are supported (using VM, PC).

How it works - The VMware record allows for connections to the vSphere API for vSphere 5.x and 4.x. The vSphere API is a SOAP API used by all vSphere components, including VMware ESXi, VMware ESX, VMware vCenter Server, and the VMware vCenter Server Appliance. By default, the API connection occurs over an encrypted SSL web services connection on port 443.

Download Qualys User Guide - VMware Authentication (.pdf)

Input Parameters




(Required) Specify create, update, delete (using POST) or list (using GET or POST). See List Auth Records for type


(Optional) Specify 1 to view (echo) input parameters in the XML output. By default these are not included.


(Required to update or delete record) Record IDs to update/delete. Specify record IDs and/or ID ranges (for example, 1359-1407). Multiple entries are comma separated.


(Required to create record) A title for the record. The title must be unique. Maximum 255 characters (ascii).


(Optional to create or update record) User defined comments. Maximum of 1999 characters.

Login Credentials



(Required to create record, optional to update record) The user name for a VMware account. A maximum of 13 characters (ascii) may be specified.


(To create record password or login_type=vault is required) The password for a VMware account. Maximum 100 characters (ascii).


(To create record password or login_type=vault is required) Set to vault if a third party vault will be used to retrieve password. Vault parameters need to be provided in the record.

Click here for vault parameters

Set to “vcenter” to scan ESXi hosts through vCenter. The VMware record will include your ESXi IP addresses. You also need a vCenter authentication record with the vCenter IP addresses that map to your ESXi hosts.


(Optional) The service communicates with ESXi web services on port 443 and another port can be configured. When unspecified, port 443 is used.


(Optional) A list of FQDNs for the hosts that correspond to all ESXi host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed. Multiple hosts are comma separated.


(Optional) Specify "all" for a complete SSL certificate validation. Specify “skip” if the host SSL certificate is self-signed or uses an SSL certificate signed by a custom root CA. Specify “none” for no SSL verification.


(Optional) Specify 0 (the default) if the ESXi hosts are not disconnected. Specify 1 if the ESXi hosts are disconnected and you don’t want to send any traffic to the ESXi hosts.

Note: is_disconnect=1 is only valid when login_type=vcenter

Target Hosts


Note: If you set "is_disconect=1" and add IPs that are already associated with a Unix record, the VMware ESXi record is not created or updated. Instead, an error is returned in the response. You must remove the IPs from the non-applicable record to resolve the error.


(Required to create record) The IP address(es) the server will log into using the record’s credentials. Multiple entries are comma separated.

(Optional to update record) IPs specified will overwrite existing IPs in the record, and existing IPs will be removed.

This parameter and the add_ips parameter or the remove_ips parameter cannot be specified in the same request.


(Optional to update record) IPs to be added to an existing record. Multiple IPs/ranges are comma separated.

This parameter and the ips parameter cannot be specified in the same request.


(Optional to update record) IPs to be removed from your record. You may enter a combination of IPs and ranges. Multiple entries are comma separated.

This parameter and the ips parameter cannot be specified in the same request.


(Optional to create or update record, and valid when the networks feature is enabled) The network ID for the record.


Sample - Create VMware record

API request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=create&title=NewVMwareRecordWithAPI&username=USERNAME&password=PASSWORD&ips=" "https://qualysapi.qualys.com/api/2.0/fo/auth/vmware/" > apiOutputCreateVMwareRecord.txt

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE BATCH_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/batch_return.dtd">






        <TEXT>Successfully Created</TEXT>








DTDs for auth type "vmware"

<platform API server>/api/2.0/batch_return.dtd

<platform API server>/api/2.0/fo/auth/vmware/auth_vmware_list_output.dtd