vIDM API - Using Postman to Create a Network Range

Workspace One Access / vIDM


vIDM is part of VMware Cloud Foundation (VCF), and you may have multiple instances depending on the number of VCF deployments.

In cases where the vIDM policy for network ranges is complex / limited, I found it efficient to use the vIDM API to push the same network ranges to all vIDM appliances.

vIDM with multiple network ranges

The official vIDM docs are at, with a swagger spec you can download and install as a Postman collection. The collection doesn't contain all the API's available, so keep in mind using anything not officially documented is probably not supported.


  • vIDM 3.3.x is deployed and configured
  • Postman installed

Authenticating to vIDM with Postman

For automating this on a more regular basis, you should create a token and do things properly, but for my lab, I wanted quick and dirty. This works with local & remote accounts, and is ok for doing it every now and then.

Using Chrome or Firefox, login to vIDM, and press F12 for developer mode.

For Firefox, browse to Storage / Cookies / https://<your-vidm>

Firefox vIDM Cookie

For Chrome, browse to Application / Cookies / https://<your-vidm>

Chrome vIDM Cookie

Copy the value of HZN.

From Postman, on the Authorization tab, change Type, to No Auth. See figure 4 below.

On the Headers tab, add a new key/value: Authorization, HZN <HZN value>. The value should include HZN and the cookie value, ie: HZN eyJ0eXAi...

Get Network Ranges

Set the method to GET, and url: https://<your-vidm>/SAAS/jersey/manager/api/orgnetworks

(Don't forget to disable SSL certificate validation).

Hit Send. Now you can see the configured network ranges.

Postman with Authorization value

Adding Network Ranges

Within Postman, view the hidden headers, deselect Content-Type, and add your own Content Type, with value: application/vnd.vmware.horizon.manager.orgnetwork+json;charset=UTF-8

Adding custom Content-Type

To add multiple IP ranges use the following URL and JSON body:

POST https://<your-vidm>/SAAS/jersey/manager/api/orgnetworks

2  "name": "test3",
3  "description": "Test3 Sent via API",
4  "uuid": "",
5  "defaultNetwork": false,
6  "ipAddressRanges": "{\"ranges\":[[\"\",\"\"],[\"\",\"\"]]}",
7  "viewPodAccessURLs": [],
8  "xenFarmAccessURLs": []

Creating network ranges from the API

Viewing from the vIDM UI should now show the newly created network ranges.

New network ranges in the vIDM UI

Now you can add these ranges to access policies as required.

Doing everything else

Thanks to the browser developer tools, you can see what other API's are being called to perform any of your own automation.

Watch the network calls as you click on pages to request (GET) or create / update (POST) data. View the Headers and url's along with the data in the Request tab.

Using browser developer tools