NSX Policy API Guide

NSX 2.2.0

Table of Contents

  1. Overview
  2. API Methods
    1. Users and Roles
    2. Api Services
      1. Api Request Batching
      2. Task Management
    3. Error Resolver
    4. Licensing
    5. Nsx Component Administration
      1. Backup Restore Management
        1. Backup
        2. Restore
      2. Cluster Management
      3. Nsx Administration
      4. Trust Management
        1. Certificate
        2. Crl
        3. Csr
    6. Policy
      1. Connectivity
        1. Bgp
        2. Network
        3. Prefix List
        4. Provider Interfaces
        5. Providers
        6. Route Aggregation List
        7. Segments
        8. Static Routes
      2. Constraints
      3. Dns Forwarder
      4. Edge Firewall
      5. Infra
        1. Deployment Zones
        2. Domain Deployment Maps
        3. Enforcement Points
        4. Provider Deployment Maps
      6. L2Vpn
      7. L3Vpn
      8. Labels
      9. Nat
      10. Operations
        1. Realized
      11. Realization
      12. Si
      13. Statistics
        1. Group
        2. L2Vpn
        3. L3Vpn
      14. Template
    7. Upgrade
      1. Nodes
  3. API Types
  4. API Type Schemas
  5. API Errors


Overview

Introduction

NSX Policy provides a programmatic API to automate management activities. The API follows a resource-oriented Representational State Transfer (REST) architecture, using JSON object encoding. Clients interact with the API using RESTful web service calls over the HTTPS protocol.

Each API method is identified by a request method and URI. Method parameters are specified as key-value pairs appended to the URI. Unless otherwise noted, request and response bodies are encoded using JSON, and must conform to the JSON schema associated with each method. The content type of each request and reply is "application/json" unless otherwise specified. Each request that can be made is documented in the API Methods section. The associated request and response body schemas are documented in the API Schemas section.

Some APIs may be marked as deprecated. This indicates that the functionality provided by the API has been removed or replaced with a different API. The description of the API will indicate what API(s) to call instead.

Some APIs may be marked as experimental. This indicates that the API may be changed or removed without notice in a future NSX Policy release.

It is possible for any request to fail. Errors are reported using standard HTTP response codes. It should be assumed the following errors could be returned by any API method: 301 Moved Permanently, 307 Temporary Redirect, 400 Bad Request, 401 Unauthorized, 403 Forbidden, 500 Internal Server Error, 503 Service Unavailable. Where other errors may be returned, the type of error is indicated in the API method description. All errors are documented in the API Errors section.

Request Authentication

Most API calls require authentication. This API supports HTTP Basic authentication and session-based authentication schemes. Multiple authentication schemes may not be used concurrently.

HTTP Basic Authentication

To authenticate a request using HTTP Basic authentication, the caller's credentials are passed using the 'Authorization' header. The header content should consist of a base64-encoded string containing the username and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.

For example, to authenticate a request using the default credentials of user admin with password admin, include the following header with the request:

Authorization: Basic YWRtaW46YWRtaW4=

The following cURL command will authenticate to the manager using basic authentication and will issue a GET request for logical ports:

curl -k -u USERNAME:PASSWORD https://MANAGER/api/v1/logical-ports

where:
USERNAME is the user to authenticate as,
PASSWORD is the password to provide, and
MANAGER is the IP address or host name of the NSX manager

For example:

curl -k -u admin:secretPw99 https://192.168.22.32/api/v1/logical-ports

Note: the -k argument instructs cURL to skip verifying the manager's self-signed X.509 certificate.

Session-Based Authentication

Session-based authentication is used by calling the /api/session/create authentication API to manage a session cookie. The session cookie returned in the result of a successful login must be provided in subsequent requests in order to associate those requests with the session.

Session state is local to the server responding to the API request. Idle sessions will automatically time-out, or can be terminated immediately using the POST /api/session/destroy API.

To obtain a session cookie, POST form data to the server using the application/x-ww-form-urlencoded media type, with fields "j_username" and "j_password" containing the username and password separated by an ampersand. Since an ampersand is a UNIX shell metacharacter, you may need to surround the argument with single quotes.

The following cURL command will authenticate to the server, will deposit the session cookie in the file "cookies.txt", and will write all HTTP response headers to the file headers.txt. One of these headers is the X-XSRF-TOKEN header that you will need to provide in subsequent requests.

curl -k -c cookies.txt -D headers.txt -X POST -d 'j_username=USERNAME&j_password=PASSWORD' https://MANAGER/api/session/create

For example:

curl -k -c cookies.txt -D headers.txt -X POST -d 'j_username=admin&j_password=secretPw99' https://192.168.22.32/api/session/create

The manager will respond with the roles and permissions granted to the user, and cURL will deposit the session cookie into the file "cookies.txt".

In subsequent cURL requests, use the -b argument to specify the cookie file. You also need to pass the X-XSRF-TOKEN header that was saved to the headers.txt file, using cURL's -H option:

curl -k -b cookies.txt -H "`grep X-XSRF-TOKEN headers.txt`" https://192.168.22.32/api/v1/logical-ports

When the session expires, the manager will respond with a 403 Forbidden HTTP response, at which point you must obtain a new session cookie and X-XSRF-TOKEN.

Session cookies can be destroyed by using the /api/session/destroy API:

curl -k -b cookies.txt -H "`grep X-XSRF-TOKEN headers.txt`" -X POST https://MANAGER/api/session/destroy

Example Requests and Responses

Example requests and responses are provided for most of the API calls below. Your actual response might differ from the example in the number of fields returned because optional empty fields are not returned when you make an API call.

Restrictions on Certain Fields in a Request

When configuring layer 2 switching, the following fields can contain any character except semicolon (;), vertical bar (|), equal sign (=), comma (,), tilde (~), and the "at" sign (@). They also have a length limitation as specified below:

OpenAPI Specification of NSX Policy API

You can get an OpenAPI specification of the NSX Policy API with one of the following calls:



API Methods

Toggle all tables +

Users and Roles

Associated URIs:

Create registration access token

The privileges of the registration token will be the same as the caller. Request:
Method:
POST
URI Path:
/policy/api/v1/aaa/registration-token
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: POST https://<nsx-mgr>/api/v1/aaa/registration-token Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
RegistrationToken+

Example Response: { "token": "e9112e46-a54a-486f-82bb-043b89228c1b", "roles":[ "network_engineer" ] } Required Permissions: crud Additional Errors:

Get registration access token

Request:
Method:
GET
URI Path:
/policy/api/v1/aaa/registration-token/<token>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/aaa/registration-token/e9112e46-a54a-486f-82bb-043b89228c1b Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
RegistrationToken+

Example Response: { "token": "e9112e46-a54a-486f-82bb-043b89228c1b", "roles": [ "network_engineer" ] } Required Permissions: read Additional Errors:

Delete registration access token

Request:
Method:
DELETE
URI Path:
/policy/api/v1/aaa/registration-token/<token>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-mgr>/api/v1/aaa/registration-token/e9112e46-a54a-486f-82bb-043b89228c1b Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
n/a

Required Permissions: crud Additional Errors:

Assign roles to User or Group

Request:
Method:
POST
URI Path:
/policy/api/v1/aaa/role-bindings
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
RoleBinding+

Example Request: POST https://<nsx-mgr>/api/v1/aaa/role-bindings { "name": "local_admin@System Domain", "type": "remote_user", "roles":[ { "role": "auditor" } ] } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
RoleBinding+

Example Response: { "resource_type": "RoleBinding", "description": "", "id": "7e672b0e-f0bd-48bc-b579-9e6f1b2b3969", "display_name": "local_admin@System Domain", "tags": [], "roles": [ { "role": "auditor" } ], "name": "local_admin@System Domain", "type": "remote_user", "_create_user": "admin", "_create_time": 1493960803006, "_last_modified_user": "admin", "_last_modified_time": 1493960803006, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: users_role_assignments Additional Errors:

Get all users and groups with their roles

Request:
Method:
GET
URI Path:
/policy/api/v1/aaa/role-bindings
Request Headers:
n/a
Query Parameters:
RoleBindingRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/aaa/role-bindings?page_size=1 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
RoleBindingListResult+

Example Response: { "sort_ascending": true, "sort_by": "id", "result_count": 2, "results": [ { "resource_type": "RoleBinding", "description": "", "id": "0395447b-480a-4091-9075-4070138e0cee", "display_name": "rt-group1", "tags": [], "roles": [ { "role": "auditor" } ], "name": "rt-group1", "type": "remote_group", "_create_user": "admin", "_create_time": 1493963048438, "_last_modified_user": "admin", "_last_modified_time": 1493963048438, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "resource_type": "RoleBinding", "description": "", "id": "7e672b0e-f0bd-48bc-b579-9e6f1b2b3969", "display_name": "local_admin@System Domain", "tags": [], "roles": [ { "role": "enterprise_admin" } ], "name": "local_admin@System Domain", "type": "remote_user", "_create_user": "admin", "_create_time": 1493960803006, "_last_modified_user": "admin", "_last_modified_time": 1493960803006, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } ] } Required Permissions: read Feature: users_role_assignments Additional Errors:

Update User or Group's roles

Request:
Method:
PUT
URI Path:
/policy/api/v1/aaa/role-bindings/<binding-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
RoleBinding+

Example Request: PUT https://<nsx-mgr>/api/v1/aaa/role-bindings/5c669dc6-47a8-4508-3077-6a48f26c5a4g { "name": "local_admin@System Domain", "type": "remote_user", "_revision": 0, "roles":[ { "role": "enterprise_admin" } ] } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
RoleBinding+

Example Response: { "resource_type": "RoleBinding", "description": "", "id": "7e672b0e-f0bd-48bc-b579-9e6f1b2b3969", "display_name": "local_admin@System Domain", "tags": [], "roles": [ { "role": "enterprise_admin" } ], "name": "local_admin@System Domain", "type": "remote_user", "_create_user": "admin", "_create_time": 1493960803006, "_last_modified_user": "admin", "_last_modified_time": 1493960803006, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } Required Permissions: crud Feature: users_role_assignments Additional Errors:

Get user/group's role information

Request:
Method:
GET
URI Path:
/policy/api/v1/aaa/role-bindings/<binding-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/aaa/role-bindings/5c669dc6-47a8-4508-3077-6a48f26c5a4g Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
RoleBinding+

Example Response: { "resource_type": "RoleBinding", "description": "", "id": "7e672b0e-f0bd-48bc-b579-9e6f1b2b3969", "display_name": "local_admin@System Domain", "tags": [], "roles": [ { "role": "enterprise_admin" } ], "name": "local_admin@System Domain", "type": "remote_user", "_create_user": "admin", "_create_time": 1493960803006, "_last_modified_user": "admin", "_last_modified_time": 1493960803006, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: users_role_assignments Additional Errors:

Delete user/group's roles assignment

Request:
Method:
DELETE
URI Path:
/policy/api/v1/aaa/role-bindings/<binding-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-mgr>/api/v1/aaa/role-bindings/5c669dc6-47a8-4508-3077-6a48f26c5a4g Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Example Response: 200 OK Required Permissions: crud Feature: users_role_assignments Additional Errors:

Get information about all roles

Request:
Method:
GET
URI Path:
/policy/api/v1/aaa/roles
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/aaa/roles Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
RoleListResult+

Example Response: { "results": [ { "role": "enterprise_admin" }, { "role": "security_op" }, { "role": "auditor" }, { "role": "security_engineer" }, { "role": "network_op" }, { "role": "network_engineer" } ] } Required Permissions: read Feature: users_configuration Additional Errors:

Get role information

Request:
Method:
GET
URI Path:
/policy/api/v1/aaa/roles/<role>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/aaa/roles/auditor Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
RoleWithFeatures+

Example Response: { "role": "auditor", "features": [ { "feature": "groups_ip_sets", "permission": "read" }, { "feature": "groups_mac_sets", "permission": "read" }, { "feature": "groups_ip_pools", "permission": "read" }, { "feature": "groups", "permission": "read" }, { "feature": "services", "permission": "read" } ] } Required Permissions: read Feature: users_configuration Additional Errors:

Get information about logged-in user. The permissions parameter of the NsxRole has been deprecated.

Request:
Method:
GET
URI Path:
/policy/api/v1/aaa/user-info
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/aaa/user-info Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
UserInfo+

Example Response: { "user_name": "admin", "roles": [ { "role": "enterprise_admin" } ] } Required Permissions: none Feature: users_configuration Additional Errors:

Get all the User Groups where vIDM display name matches the search key case insensitively. The search key is checked to be a substring of display name. This is a non paginated API.

Request:
Method:
GET
URI Path:
/policy/api/v1/aaa/vidm/groups
Request Headers:
n/a
Query Parameters:
VidmInfoSearchRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/aaa/vidm/groups?search_string=clay_group Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
VidmInfoListResult+

Example Response: { "result_count": 3, "results": [ { "name": "clay_group_EA@testad2.local", "type": "remote_group", "display_name": "clay_group_EA@testad2.local" }, { "name": "clay_group_SE@testad2.local", "type": "remote_group", "display_name": "clay_group_SE@testad2.local" }, { "name": "clay_group_AU@testad2.local", "type": "remote_group", "display_name": "clay_group_AU@testad2.local" } ] } Required Permissions: read Feature: users_role_assignments Additional Errors:

Get all the users and groups from vIDM matching the search key case insensitively. The search key is checked to be a substring of name or given name or family name of user and display name of group. This is a non paginated API.

Request:
Method:
POST
URI Path:
/policy/api/v1/aaa/vidm/search
Request Headers:
n/a
Query Parameters:
VidmInfoSearchRequestParameters+
Request Body:
n/a

Example Request: POST https://<nsx-mgr>/api/v1/aaa/vidm/search?search_string=John Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
VidmInfoListResult+

Example Response: { "result_count": 3, "results": [ { "name": "John_doe@testad2.local", "type": "remote_user", "display_name": "John Doe" }, { "name": "Johnd@testad2.local", "type": "remote_user", "display_name": "John Roe" }, { "name": "Johns_group@testad2.local", "type": "remote_group", "display_name": "John's Group" } ] } Required Permissions: read Feature: users_role_assignments Additional Errors:

Get all the users from vIDM whose userName, givenName or familyName matches the search key case insensitively. The search key is checked to be a substring of name or given name or family name. This is a non paginated API.

Request:
Method:
GET
URI Path:
/policy/api/v1/aaa/vidm/users
Request Headers:
n/a
Query Parameters:
VidmInfoSearchRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/aaa/vidm/users?search_string=John Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
VidmInfoListResult+

Example Response: { "result_count": 2, "results": [ { "name": "John_doe@testad2.local", "type": "remote_user", "display_name": "John Doe" }, { "name": "John_roe@testad2.local", "type": "remote_user", "display_name": "John Roe" } ] } Required Permissions: read Feature: users_role_assignments Additional Errors:

Api Services

Api Services: Api Request Batching

Associated URIs:

Register a Collection of API Calls at a Single End Point

Enables you to make multiple API requests using a single request. The batch
API takes in an array of logical HTTP requests represented as JSON arrays.
Each request has a method (GET, PUT, POST, or DELETE), a relative_url (the
portion of the URL after https://<nsx-mgr>/api/), optional headers
array (corresponding to HTTP headers) and an optional body (for POST and PUT
requests). The batch API returns an array of logical HTTP responses
represented as JSON arrays. Each response has a status code, an optional
headers array and an optional body (which is a JSON-encoded string).
Request:
Method:
POST
URI Path:
/policy/api/v1/batch
Request Headers:
n/a
Query Parameters:
BatchParameter+
Request Body:
BatchRequest+

Example Request: POST https://<nsx-mgr>/api/v1/batch { "requests":[ { "method":"POST", "uri":"/v1/switching-profiles", "body": { "resource_type": "SpoofGuardSwitchingProfile", "display_name": "spoof-guard-lswitch-bindings", "white_list_providers": ["LSWITCH_BINDINGS"] } }, { "method":"GET", "uri":"/v1/switching-profiles" } ] } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
BatchResponse+

Example Response: { "results": [ { "body": { "revision": 0, "id": "9e6e5375-d7d9-48b4-9118-b1121757f1e3", "display_name": "custom1-qos-switching-profile", "code": 201, "body": { "resource_type": "SpoofGuardSwitchingProfile", "id": "02d866d7-495c-47f4-b945-61a8559219b9", "display_name": "spoof-guard-lswitch-bindings", "white_list_providers": [ "LSWITCH_BINDINGS" ], "_last_modified_time": 1458772318447, "_create_time": 1458772318447, "_last_modified_user": "admin", "_system_owned": false, "_create_user": "admin", "_revision": 0 } }, { "code": 200, "body": { "cursor": "00361b53de57-0313-4f3d-b494-635c58b1d986spoof-guard-lswitch-bindings", "result_count": 4, "results": [ { "_revision": 0, "id": "9e6e5375-d7d9-48b4-9118-b1121757f1e3", "display_name": "custom1-qos-switching-profile", "resource_type": "QosSwitchingProfile", "description": "", "id": "7f39bf67-ccf5-4613-8993-506ec89d893a", "display_name": "TT", "tags": [], "dscp": { "mode": "TRUSTED", "priority": 0 }, "shaper_configuration": [ { "resource_type": "IngressRateShaper", "enabled": false, "average_bandwidth_mbps": 0, "peak_bandwidth_mbps": 0, "burst_size_bytes": 0 }, { "resource_type": "IngressBroadcastRateShaper", "enabled": false, "burst_size_bytes": 0, "peak_bandwidth_kbps": 0, "average_bandwidth_kbps": 0 }, { "resource_type": "EgressRateShaper", "enabled": false, "average_bandwidth_mbps": 0, "peak_bandwidth_mbps": 0, "burst_size_bytes": 0 } ], "class_of_service": 2, "_last_modified_time": 1457999948761, "_create_time": 1457999948761, "_last_modified_user": "admin", "_system_owned": false, "_create_user": "admin", "_last_modified_user": "admin" }, "code": 201 }, { "body": { "result_count": 9, "results": [ { "resource_type": "IpfixSwitchingProfile", "revision": 0, "id": "cb317635-939b-430a-ae50-005fc4c6ac14", "display_name": "nsx-default-ipfix-global-profile", "enabled": false, "_last_modified_time": 1413324646801, "_create_time": 1413324646801, "_create_user": "system", "_last_modified_user": "system" }, { "resource_type": "QosSwitchingProfile", "revision": 0, "id": "9e6e5375-d7d9-48b4-9118-b1121757f1e3", "display_name": "custom1-qos-switching-profile", "system_defined": false, "dscp": { "priority": 1, "mode": "UNTRUSTED" }, "burst_size": 20, "class_of_service": 1, "peak_bandwidth": 400, "average_bandwidth": 200, "_last_modified_time": 1413349096169, "_create_time": 1413349096169, "_create_user": "admin", "_last_modified_user": "admin" }, { "resource_type": "IpDiscoverySwitchingProfile", "revision": 0, "id": "64814784-7896-3901-9741-badeff705639", "display_name": "nsx-default-ip-discovery-overlay-profile", "system_defined": true, "arp_snooping_enabled": true, "dhcp_snooping_enabled": true, "_last_modified_time": 1413324646789, "_create_time": 1413324646789, "_create_user": "system", "_last_modified_user": "system" }, { "resource_type": "IpDiscoverySwitchingProfile", "revision": 0, "id": "64814874-6987-1093-1479-badeff705639", "display_name": "nsx-default-ip-discovery-vlan-profile", "system_defined": true, "arp_snooping_enabled": false, "dhcp_snooping_enabled": false, "_last_modified_time": 1413324646800, "_create_time": 1413324646800, "_create_user": "system", "_last_modified_user": "system" }, { "resource_type": "QosSwitchingProfile", "revision": 0, "id": "f313290b-eba8-4262-bd93-fab5026e9495", "display_name": "nsx-default-qos-switching-profile", "system_defined": true, "dscp": { "priority": 0, "mode": "TRUSTED" }, "burst_size": 0, "class_of_service": 0, "peak_bandwidth": 0, "average_bandwidth": 0, "_last_modified_time": 1413324646729, "_create_time": 1413324646729, "_create_user": "system", "_last_modified_user": "system" }, { "resource_type": "PortMirroringSwitchingProfile", "revision": 1, "id": "93b4b7e8-f116-415d-a50c-3364611b5d09", "display_name": "nsx-default-port-mirroring-profile", "system_defined": false, "direction": "INGRESS", "_last_modified_time": 1413345541673, "_create_time": 1413324646767, "_create_user": "system", "_last_modified_user": "admin" } ] }, "code": 200 "_revision": 0 }, { "resource_type": "SpoofGuardSwitchingProfile", "id": "ff45644f-9dda-4970-b1e3-30ac11ff0582", "display_name": "spoof-guard-lswitch-bindings", "white_list_providers": [ "LSWITCH_BINDINGS" ], "_last_modified_time": 1458754361177, "_create_time": 1458754361177, "_last_modified_user": "admin", "_system_owned": false, "_create_user": "admin", "_revision": 0 }, { "resource_type": "SpoofGuardSwitchingProfile", "id": "02d866d7-495c-47f4-b945-61a8559219b9", "display_name": "spoof-guard-lswitch-bindings", "white_list_providers": [ "LSWITCH_BINDINGS" ], "_last_modified_time": 1458772318447, "_create_time": 1458772318447, "_last_modified_user": "admin", "_system_owned": false, "_create_user": "admin", "_revision": 0 }, { "resource_type": "SpoofGuardSwitchingProfile", "id": "1b53de57-0313-4f3d-b494-635c58b1d986", "display_name": "spoof-guard-lswitch-bindings", "white_list_providers": [ "LSWITCH_BINDINGS" ], "_last_modified_time": 1458754382102, "_create_time": 1458754382102, "_last_modified_user": "admin", "_system_owned": false, "_create_user": "admin", "_revision": 0 } ] } } Required Permissions: none Additional Errors:

Api Services: Task Management

Associated URIs:

Get information about all tasks

Request:
Method:
GET
URI Path:
/policy/api/v1/tasks
Request Headers:
n/a
Query Parameters:
TaskQueryParameters+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/tasks Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
TaskListResult+

Example Response: { "result_count" : 1, "results" : [ { "start_time" : 1478646470253, "async_response_available" : true, "cancelable" : false, "end_time" : 1478646470344, "progress" : 100, "id" : "59c7d6c8-7d64-4f0e-8af5-0b5e92bc3330", "user" : "admin", "status" : "SUCCESS" } ] } Required Permissions: read Additional Errors:

Get information about the specified task

Request:
Method:
GET
URI Path:
/policy/api/v1/tasks/<task-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/tasks/ab265781-c826-4da7-9487-48a5c713a481 Successful Response:
Response Code:
200 OK, 303 See Other
Response Headers:
Content-type: application/json
Response Body:
TaskProperties+

Example Response: { "progress" : 100, "id" : "ab265781-c826-4da7-9487-48a5c713a481", "end_time" : 1416959364977, "status" : "success", "async_response_available" : false, "cancelable" : false, "start_time" : 1416959362874 } Required Permissions: read Additional Errors:

Get the response of a task

Request:
Method:
GET
URI Path:
/policy/api/v1/tasks/<task-id>/response
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/tasks59c7d6c8-7d64-4f0e-8af5-0b5e92bc3330/response Successful Response:
Response Code:
200 OK, 303 See Other
Response Headers:
Content-type: application/json
Response Body:
object

Example Response: { "cursor" : "", "sort_ascending" : true, "sort_by" : "displayName", "result_count" : 0, "results" : [ ] } Required Permissions: read Additional Errors:

Error Resolver

Associated URIs:

Fetches a list of metadata for all the registered error resolvers

Returns a list of metadata for all the error resolvers registered.
Request:
Method:
GET
URI Path:
/policy/api/v1/error-resolver
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/error-resolver Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ErrorResolverInfoList+

Example Response: { "results": [ { "user_metadata": { "user_input_list": [ { "property_value": "1000", "property_name": "connectTimeout", "data_type": "NUMBER" } ] }, "error_id": 1002, "resolver_present": true }, { "user_metadata": {}, "error_id": 1001, "resolver_present": true } ] } Required Permissions: read Additional Errors:

Fetches metadata about the given error_id

Returns some metadata about the given error_id. This includes
information of whether there is a resolver present for the
given error_id and its associated user input data
Request:
Method:
GET
URI Path:
/policy/api/v1/error-resolver/<error_id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/error-resolver/1002 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ErrorResolverInfo+

Example Response: { "user_metadata": { "user_input_list": [ { "property_value": "1000", "property_name": "connectTimeout", "data_type": "NUMBER" } ] }, "error_id": 1002, "resolver_present": true } Required Permissions: read Additional Errors:

Resolves the error

Invokes the corresponding error resolver for the
given error(s) present in the payload
Request:
Method:
POST
URI Path:
/policy/api/v1/error-resolver?action=resolve_error
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
ErrorResolverMetadataList+

Example Request: POST https://<nsx-mgr>/api/v1/error-resolver?action=resolve_error { "errors": [ { "user_metadata": { "user_input_list": [ { "property_value": "default", "property_name": "password", "data_type": "PASSWORD" }, { } ] }, "error_id": 1001, "entity_id": "a123-b234-c355-d3333" } ] } Successful Response:
Response Code:
204 No Content
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Licensing

Associated URIs:

Accept end user license agreement

Accept end user license agreement
Request:
Method:
POST
URI Path:
/policy/api/v1/eula/accept
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
n/a

Required Permissions: execute Feature: system_eula Additional Errors:

Return the acceptance status of end user license agreement

Return the acceptance status of end user license agreement
Request:
Method:
GET
URI Path:
/policy/api/v1/eula/acceptance
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/eula/acceptance Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
EULAAcceptance+

Example Response: { "acceptance": false } Required Permissions: read Feature: system_eula Additional Errors:

Return the content of end user license agreement

Return the content of end user license agreement in the specified format.
By default, it's pure string without line break
Request:
Method:
GET
URI Path:
/policy/api/v1/eula/content
Request Headers:
n/a
Query Parameters:
EULAOutputFormatRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/eula/content?format=html Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
EULAContent+

Example Response: { "content": "End User License Agreement
" }
Required Permissions: read Feature: system_eula Additional Errors:

Deprecated. Return the Enterprise License (Deprecated)

Deprecated. Use the GET /licenses API instead.
Request:
Method:
GET
URI Path:
/policy/api/v1/license
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/license Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
License+

Example Response: { "capacity_type": "VM", "is_expired": false, "quantity": 5, "is_eval": false, "description": "NSX for vSphere - Enterprise", "expiry": 0, "license_key": "00000-00000-00000-00000-00000" } Required Permissions: read Feature: system_configuration_license Additional Errors:

Deprecated. Assign an Updated Enterprise License Key (Deprecated)

Deprecated. Use the POST /licenses API instead
Request:
Method:
PUT
URI Path:
/policy/api/v1/license
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
License+

Example Request: PUT https://<nsx-mgr>/api/v1/license { "license_key": "00000-00000-00000-00000-00000" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
License+

Example Response: { "capacity_type": "CPU", "is_expired": false, "quantity": 4, "is_eval": false, "description": "NSX for vSphere - Standard", "expiry": 0, "license_key": "00000-00000-00000-00000-00000" } Required Permissions: crud Feature: system_configuration_license Additional Errors:

Get all licenses

Returns all licenses.
Request:
Method:
GET
URI Path:
/policy/api/v1/licenses
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/licenses Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
LicensesListResult+

Example Response: { "result_count": 2, "results": [ { "capacity_type": "VM", "is_expired": false, "quantity": 5, "is_eval": false, "description": "NSX for vSphere - Enterprise", "expiry": 0, "license_key": "00000-00000-00000-00000-00000" }, { "capacity_type": "CPU", "is_expired": false, "quantity": 4, "is_eval": false, "description": "NSX for vSphere - Standard", "expiry": 0, "license_key": "00000-00000-00000-00000-00000" } ] } Required Permissions: read Feature: system_configuration_license Additional Errors:

Add a new license key

This will add a license key to the system.
The API supports adding only one license key for each license edition
type - Standard, Advanced or Enterprise. If a new license key is tried
to add for an edition for which the license key already exists,
then this API will return an error.
Request:
Method:
POST
URI Path:
/policy/api/v1/licenses
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
License+

Example Request: POST https://<nsx-mgr>/api/v1/licenses { "license_key": "11111-22222-33333-44444-55555" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
License+

Example Response: { "capacity_type": "VM" "quantity": 1, "is_eval": false, "description" : "NSX for vSphere - Standard" "expiry": 1458688231359, "license_key": "11111-22222-33333-44444-55555" } Required Permissions: crud Feature: system_configuration_license Additional Errors:

Deprecated. Get license properties for license identified by the license-key (Deprecated)

Deprecated. Use GET /licenses API instead. Request:
Method:
GET
URI Path:
/policy/api/v1/licenses/<license-key>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/licenses/11111-22222-33333-44444-55555 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
License+

Example Response: { "capacity_type": "VM", "is_expired": false, "quantity": 5, "is_eval": false, "description": "NSX for vSphere - Enterprise", "expiry": 0, "license_key": "11111-22222-33333-44444-55555" } Required Permissions: read Feature: system_configuration_license Additional Errors:

Deprecated. Remove a license identified by the license-key (Deprecated)

Deprecated. Use POST /licenses?action=delete API instead.
Request:
Method:
DELETE
URI Path:
/policy/api/v1/licenses/<license-key>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-mgr>/api/v1/licenses/11111-22222-33333-44444-55555 Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: system_configuration_license Additional Errors:

Get usage report of all registered modules

Returns usage report of all registered modules
Request:
Method:
GET
URI Path:
/policy/api/v1/licenses/licenses-usage
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/licenses/licenses-usage Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
FeatureUsageList+

Example Response: { "feature_usage_info": [{ "capacity_usage": [{ "capacity_type": "VM", "usage_count": 10 }, { "capacity_type": "CPU", "usage_count": 10 }], "feature": "VxLAN" }, { "capacity_usage": [{ "capacity_type": "VM", "usage_count": 10 }, { "capacity_type": "CPU", "usage_count": 10 }], "feature": "DFW" }] } Required Permissions: read Feature: system_configuration_license Additional Errors:

Get usage report of all registred modules in CSV format

Returns usage report of all registered modules in CSV format
Request:
Method:
GET
URI Path:
/policy/api/v1/licenses/licenses-usage?format=csv
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/licenses/licenses-usage?format=csv Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: text/csv
Response Body:
FeatureUsageListInCsvFormat+

Example Response: feature,vm_usage_count,cpu_usage_count DFW,10,8 VXLAN,10,10 Required Permissions: read Feature: system_configuration_license Additional Errors:

Remove a license

This will delete the license key identified in the request body
by "license_key" and its properties from the system.
Attempting to delete the last license key will result in an error.
Request:
Method:
POST
URI Path:
/policy/api/v1/licenses?action=delete
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
License+

Example Request: POST https://<nsx-mgr>/api/v1/licenses?action=delete { "license_key": "11111-22222-33333-44444-55555" } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: system_configuration_license Additional Errors:

Nsx Component Administration: Backup Restore Management

Nsx Component Administration: Backup Restore Management: Backup

Associated URIs:

Configure backup

Configure file server and timers for automated backup.
If secret fields are omitted (password, passphrase)
then use the previously set value.
Request:
Method:
PUT
URI Path:
/policy/api/v1/cluster/backups/config
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
BackupConfiguration+

Example Request: PUT https://<nsx-mgr>/api/v1/cluster/backups/config { "backup_enabled" : true, "backup_schedule":{ "resource_type": "WeeklyBackupSchedule", "days_of_week":[ 1, 3, 5 ], "hour_of_day":0, "minute_of_day":0 }, "remote_file_server":{ "server":"10.1.2.3", "port":22, "protocol":{ "protocol_name":"sftp", "ssh_fingerprint":"SHA256:w2NgXhG2Nm76q9PL/bXWKkLbDS31uMLYttUe9eajPaA", "authentication_scheme":{ "scheme_name":"PASSWORD", "username":"admin", "password":"default" } }, "directory_path":"/nsx-backups" }, "passphrase":"swordfish", "inventory_summary_interval":300 }| PUT https://<nsx-mgr>/api/v1/cluster/backups/config { "backup_enabled" : true, "backup_schedule":{ "resource_type": "IntervalBackupSchedule", "seconds_between_backups":3600 }, "remote_file_server":{ "server":"10.1.2.3", "port":22, "protocol":{ "protocol_name":"sftp", "ssh_fingerprint":"SHA256:w2NgXhG2Nm76q9PL/bXWKkLbDS31uMLYttUe9eajPaA", "authentication_scheme":{ "scheme_name":"PASSWORD", "username":"admin", "password":"default" } }, "directory_path":"/nsx-backups" }, "passphrase":"swordfish", "inventory_summary_interval":300 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
BackupConfiguration+

Required Permissions: crud Feature: utilities_backup Additional Errors:

Get backup configuration

Get a configuration of a file server and timers for automated backup.
Fields that contain secrets (password, passphrase) are not returned.
Request:
Method:
GET
URI Path:
/policy/api/v1/cluster/backups/config
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
BackupConfiguration+

Example Response: { "backup_enabled" : true; "backup_schedule":{ "resource_type": "WeeklyBackupSchedule", "days_of_week":[ 1, 3, 5 ], "hour_of_day":0, "minute_of_day":0 }, "remote_file_server":{ "server":"10.1.2.3", "port":22, "protocol":{ "protocol_name":"sftp", "ssh_fingerprint":"SHA256:w2NgXhG2Nm76q9PL/bXWKkLbDS31uMLYttUe9eajPaA", "authentication_scheme":{ "scheme_name":"PASSWORD", "username":"admin" } }, "directory_path":"/nsx-backups" }, "inventory_summary_interval":300 } Required Permissions: read Feature: utilities_backup Additional Errors:

Get backup history

Get history of previous backup operations
Request:
Method:
GET
URI Path:
/policy/api/v1/cluster/backups/history
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
BackupOperationHistory+

Example Response: { "cluster_backup_statuses": [ { "backup_id" : "2128af2d-d763-4a27-80e0-4933af7e4824-1462221358", "start_time": 1523334840897, "end_time": 1523334916419, "success": true } ], "node_backup_statuses": [ { "backup_id" : "3128af2d-d763-4a27-80e0-4933af7e4824-1462221359", "start_time": 1523411768398, "end_time": 1523411844682, "success": false, "error_code": "BACKUP_SERVER_TIMEOUT", "error_message": "File server is not reachable, please check connectivity to file server" } ], "inventory_backup_statuses": [ { "backup_id" : "4128af2d-d763-4a27-80e0-4933af7e4824-1462221360", "start_time": 1523411625510, "end_time": 1523411701163, "success": true } ] } Required Permissions: read Feature: utilities_backup Additional Errors:

Get backup status

Get status of active backup operations
Request:
Method:
GET
URI Path:
/policy/api/v1/cluster/backups/status
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CurrentBackupOperationStatus+

Example Response: { "operation_type": "backup", "backup_id": "fec18cee-ccf7-4d7c-bcc2-8634b08195cd-1523411326", "start_time": 1523411326952, "end_time": 1523411628558, "current_step": "BACKUP_CREATING_CLUSTER_BACKUP" } Required Permissions: read Feature: utilities_backup Additional Errors:

Get ssh fingerprint of remote(backup) server

Get SHA256 fingerprint of ECDSA key of remote server. The caller should
independently verify that the key is trusted.
Request:
Method:
POST
URI Path:
/policy/api/v1/cluster/backups?action=retrieve_ssh_fingerprint
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
RemoteServerFingerprintRequest+

Example Request: POST https:///api/v1/cluster/backups?action=retrieve_ssh_fingerprint { "server":"10.1.2.3", "port":22 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
RemoteServerFingerprint+

Example Response: { "server":"10.1.2.3", "port":22, "ssh_fingerprint":"SHA256:Apqs2qIrQ5r6U8xyv2czZjTniNsipz6SlCONf4kR/Gw" } Required Permissions: read Feature: utilities_backup Additional Errors:

Request one-time backup

Request one-time backup. The backup will be uploaded using the
same server configuration as for automatic backup.
Request:
Method:
POST
URI Path:
/policy/api/v1/cluster?action=backup_to_remote
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: POST https://<nsx-mgr>/api/v1/cluster?action=backup_to_remote Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: utilities_backup Additional Errors:

Request one-time inventory summary.

Request one-time inventory summary. The backup will be uploaded using the
same server configuration as for an automatic backup.
Request:
Method:
POST
URI Path:
/policy/api/v1/cluster?action=summarize_inventory_to_remote
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: POST https://<nsx-mgr>/api/v1/cluster?action=summarize_inventory_to_remote Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: utilities_backup Additional Errors:

Nsx Component Administration: Backup Restore Management: Restore

Associated URIs:

List timestamps of all available Cluster Backups.

Returns timestamps for all backup files that are available
on the SFTP server.
Request:
Method:
GET
URI Path:
/policy/api/v1/cluster/restore/backuptimestamps
Request Headers:
n/a
Query Parameters:
ListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/cluster/restore/backuptimestamps Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClusterBackupInfoListResult+

Example Response: { "results": [ { "timestamp": 1482253939013, "ip_address": "64.233.187.105", "node_id": "21EA6850-217F-41A2-B3CF-F322A882C54E" }, { "timestamp": 1482081398404, "ip_address": "64.233.187.105", "node_id": "21EA6850-217F-41A2-B3CF-F322A882C54E" }, { "timestamp": 1481908598404, "ip_address": "64.233.187.105", "node_id": "21EA6850-217F-41A2-B3CF-F322A882C54E" }, { "timestamp": 1481735798404, "ip_address": "64.233.187.105", "node_id": "21EA6850-217F-41A2-B3CF-F322A882C54E" } ] } Required Permissions: read Feature: utilities_backup Additional Errors:

Configure Restore SFTP server credentials

Configure file server where the backed-up files used for the Restore
operation are available.
Request:
Method:
PUT
URI Path:
/policy/api/v1/cluster/restore/config
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
RestoreConfiguration+

Example Request: PUT https://<nsx-mgr>/api/v1/cluster/restore/config { "remote_file_server":{ "server":"10.1.2.3", "port":22, "protocol":{ "protocol_name":"sftp", "ssh_fingerprint":"SHA256:w2NgXhG2Nm76q9PL/bXWKkLbDS31uMLYttUe9eajPaA", "authentication_scheme":{ "scheme_name":"PASSWORD", "username":"admin", "password":"default" } }, "directory_path":"/nsx-backups" }, "passphrase":"swordfish" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
RestoreConfiguration+

Required Permissions: crud Feature: utilities_backup Additional Errors:

Get Restore configuration

Get configuration information for the file server used to store backed-up files.
Fields that contain secrets (password, passphrase) are not returned.
Request:
Method:
GET
URI Path:
/policy/api/v1/cluster/restore/config
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
RestoreConfiguration+

Example Response: { "remote_file_server":{ "server":"10.1.2.3", "port":22, "protocol":{ "protocol_name":"sftp", "ssh_fingerprint":"SHA256:w2NgXhG2Nm76q9PL/bXWKkLbDS31uMLYttUe9eajPaA", "authentication_scheme":{ "scheme_name":"PASSWORD", "username":"admin" } }, "directory_path":"/nsx-backups" } } Required Permissions: read Feature: utilities_backup Additional Errors:

List resources for a given instruction, to be shown to/executed by users.

For restore operations requiring user input e.g. performing an action,
accepting/rejecting an action, etc. the information to be conveyed to users
is provided in this call.
Request:
Method:
GET
URI Path:
/policy/api/v1/cluster/restore/instruction-resources
Request Headers:
n/a
Query Parameters:
ActionableResourceListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/cluster/restore/instruction-resources ?instruction_id=48F45150-038C-4664-B468-36FFE1B356F9 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ActionableResourceListResult+

Example Response: { "result_count": 2, "cursor": "00361b9f1d54-2f05-441e-9851-c42518cc8b1dasdfds", "results": [ { "id": "4630aadd-25d7-4c73-b03c-227ac314dfc4", "display_name": "db-server", "resource_type": "FabricNode", "ip_address": "10.23.12.77" }, { "id": "3cc5e971-0329-4f35-966a-7cd879171688", "display_name": "app-server", "resource_type": "FabricNode", "ip_address": "10.23.12.78" } ] } Required Permissions: read Feature: utilities_backup Additional Errors:

Advance any suspended restore operation

Advance any currently suspended restore operation. The operation might
have been suspended because (1) the user had suspended it previously, or
(2) the operation is waiting for user input, to be provided as a
part of the POST request body. This operation is only valid
when a GET cluster/restore/status returns a status with value SUSPENDED.
Otherwise, a 409 response is returned.
Request:
Method:
POST
URI Path:
/policy/api/v1/cluster/restore?action=advance
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AdvanceClusterRestoreRequest+

Example Request: POST https://<nsx-mgr>/api/v1/cluster/restore?action=advance { "data": [ { "id": "423F4EBE-7D65-D782-4B7B-BD3EDEF111A4", "resoures": [ { "target_type": "LogicalSwitch", "target_display_name": "zone3LS", "is_valid": true, "target_id": "983B5FB6-C4E9-4FC9-81DC-1B27D5D09EC9" }, { "target_type": "LogicalSwitch", "target_display_name": "zone4LS", "is_valid": true, "target_id": "86f2b632-2d0e-46f2-9527-5baea8e273cd" } ] }, { "id": "52113C04-489E-4D47-B3FB-F3573155B24E", "resoures": [ { "target_type": "TransportNode", "target_display_name": "zone3TN", "is_valid": true, "target_id": "86f2b632-2d0e-46f2-9527-5baea8e273cd" } ] } ] } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClusterRestoreStatus+

Example Response: { "id": "86e81e05-bc3c-4216-a0a2-3bf46ece68a3", "backup_timestamp": 1435298084391, "restore_start_time": 1483463180963, "restore_end_time": null, "step": { "step_number": 4, "value": "SFTP_COPY_START", "description": "Starting sftp copy" "status": { "value": "RUNNING", "description": "Sftp copy starting" } }, "status": { "value": "RUNNING", "description": "The operation is currently running" } "total_steps": 11, "endpoints": [ { action: POST, href: '/cluster/restore?action=suspend', rel: "self" }, { action: POST, href: '/cluster/restore?action=cancel', rel: "self" } ], "instructions": [] } Required Permissions: crud Feature: utilities_backup Additional Errors:

Cancel any running restore operation

Cancel any currently running restore operation. If there exists a currently
running step, it is allowed to finish. The system is not rolled back to the
pre-restore state. This operation is only valid when a
GET cluster/restore/status returns a status with value RUNNING or SUSPENDED.
Otherwise, a 409 response is returned.
Request:
Method:
POST
URI Path:
/policy/api/v1/cluster/restore?action=cancel
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: POST https://<nsx-mgr>/api/v1/cluster/restore?action=cancel Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClusterRestoreStatus+

Example Response: { "id": "86e81e05-bc3c-4216-a0a2-3bf46ece68a3", "backup_timestamp": 1435298084391, "restore_start_time": 1483463180963, "restore_end_time": null, "step": { "step_number": 1, "value": "RESTORE_INITIATED", "description": "Starting cluster restore" "status": { "value": "RUNNING", "description": "Cluster restore initiated" } }, "status": { "value": "SUSPENDING", "description": "A suspend request is being processed" } "total_steps": 11, "endpoints": [ { action: POST, href: '/cluster/restore?action=resume', rel: "self" }, { action: POST, href: '/cluster/restore?action=cancel', rel: "self" } ], "instructions": [] } Required Permissions: crud Feature: utilities_backup Additional Errors:

Retry any failed restore operation

Retry any currently in-progress, failed restore operation. Only the last
step of the multi-step restore operation would have failed,and only that
step is retried. This operation is only valid when a
GET cluster/restore/status returns a status with value FAILED. Otherwise,
a 409 response is returned.
Request:
Method:
POST
URI Path:
/policy/api/v1/cluster/restore?action=retry
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: POST https://<nsx-mgr>/api/v1/cluster/restore?action=retry Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClusterRestoreStatus+

Example Response: { "id": "86e81e05-bc3c-4216-a0a2-3bf46ece68a3", "backup_timestamp": 1435298084391, "restore_start_time": 1483463180963, "restore_end_time": null, "step": { "step_number": 4, "value": "SFTP_COPY_START", "description": "Starting sftp copy" "status": { "value": "RUNNING", "description": "Sftp copy starting" } }, "status": { "value": "RUNNING", "description": "The operation is currently running" } "total_steps": 11, "endpoints": [ { action: POST, href: '/cluster/restore?action=suspend', rel: "self" }, { action: POST, href: '/cluster/restore?action=cancel', rel: "self" } ], "instructions": [] } Required Permissions: crud Feature: utilities_backup Additional Errors:

Initiate a restore operation

Start the restore of an NSX cluster, from some previously
backed-up configuration. This operation is only valid
when a GET cluster/restore/status returns a status with value NOT_STARTED.
Otherwise, a 409 response is returned.
Request:
Method:
POST
URI Path:
/policy/api/v1/cluster/restore?action=start
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
InitiateClusterRestoreRequest+

Example Request: POST https://<nsx-mgr>/api/v1/cluster/restore?action=start { "node_id": "2128af2d-d763-4a27-80e0-4933af7e4824", "timestamp" : 1435298084391 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClusterRestoreStatus+

Example Response: { "id": "86e81e05-bc3c-4216-a0a2-3bf46ece68a3", "backup_timestamp": 1435298084391, "restore_start_time": 1483463180963, "restore_end_time": null, "step": { "step_number": 1, "value": "RESTORE_INITIATED", "description": "Starting cluster restore" "status": { "value": "RUNNING", "description": "The operation is currently running" } }, "status": { "value": "RUNNING", "description": "The operation is currently running" } "total_steps": 11, "endpoints": [ { action: POST, href: '/cluster/restore?action=suspend', rel: "self" }, { action: POST, href: '/cluster/restore?action=cancel', rel: "self" } ], "instructions": [] } Required Permissions: crud Feature: utilities_backup Additional Errors:

Suspend any running restore operation

Suspend any currently running restore operation. The restore operation is
made up of a number of steps. When this call is issued, any currently
running step is allowed to finish (successfully or with errors), and the
next step (and therefore the entire restore operation) is suspended until
a subsequent resume or cancel call is issued. This operation is only valid
when a GET cluster/restore/status returns a status with value RUNNING.
Otherwise, a 409 response is returned.
Request:
Method:
POST
URI Path:
/policy/api/v1/cluster/restore?action=suspend
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: POST https://<nsx-mgr>/api/v1/cluster/restore?action=suspend Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClusterRestoreStatus+

Example Response: { "id": "86e81e05-bc3c-4216-a0a2-3bf46ece68a3", "backup_timestamp": 1435298084391, "restore_start_time": 1483463180963, "restore_end_time": null, "step": { "step_number": 1, "value": "RESTORE_INITIATED", "description": "Starting cluster restore" "status": { "value": "RUNNING", "description": "Cluster restore initiated" } }, "status": { "value": "SUSPENDING", "description": "A suspend request is being processed" } "total_steps": 11, "endpoints": [ { action: POST, href: '/cluster/restore?action=resume', rel: "self" }, { action: POST, href: '/cluster/restore?action=cancel', rel: "self" } ], "instructions": [] } Required Permissions: crud Feature: utilities_backup Additional Errors:

Nsx Component Administration

Nsx Component Administration: Cluster Management

Associated URIs:

Read Cluster Configuration

Returns information about the NSX cluster configuration. An NSX cluster has
two functions or purposes, commonly referred to as "roles." These two roles
are control and management. Each NSX installation has a single cluster.
Separate NSX clusters do not share data. In other words, a given data-plane
node is attached to only one cluster, not to multiple clusters.
Request:
Method:
GET
URI Path:
/policy/api/v1/cluster
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/cluster Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClusterConfig+

Example Response: { "cluster_id": "bc72f9d5-976d-4856-bf15-7480307146bb", "mgmt_cluster_changes_allowed": true, "control_cluster_changes_allowed": true, "_revision": 0 } Required Permissions: read Additional Errors:

Update Cluster Configuration

Modifies the NSX cluster configuration. Request:
Method:
PUT
URI Path:
/policy/api/v1/cluster
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
ClusterConfig+

Example Request: PUT https://<nsx-mgr>/api/v1/cluster/bc72f9d5-976d-4856-bf15-7480307146bb { "cluster_id": "bc72f9d5-976d-4856-bf15-7480307146bb", "mgmt_cluster_changes_allowed": true, "control_cluster_changes_allowed": false, "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClusterConfig+

Example Response: { "cluster_id": "bc72f9d5-976d-4856-bf15-7480307146bb", "mgmt_cluster_changes_allowed": true, "control_cluster_changes_allowed": false, "_revision": 1 } Required Permissions: crud Additional Errors:

Add a Node to the Cluster

Adds a new management node or controller node to the NSX cluster. A single
node can perform one role, either management or control, not both.
Request:
Method:
POST
URI Path:
/policy/api/v1/cluster/nodes
Request Headers:
n/a
Query Parameters:
AddClusterNodeAction+
Request Body:
AddClusterNodeSpec+

Example Request: Controller Node POST https://<nsx-mgr>/api/v1/cluster/nodes?action=add_cluster_node { "external_id": "4c539859-1451-439a-a920-f64492863b16", "controller_role_config": { "type": "AddControllerNodeSpec", "host_msg_client_info": { "shared_secret": "secret1" }, "mpa_msg_client_info": { "shared_secret": "secret1" } } } Successful Response:
Response Code:
201 Created
Response Headers:
Content-type: application/json
Response Body:
ClusterNodeConfig+

Example Response: Controller Node { "_revision": 0, "id": "7e36956a-85c4-4c3e-a883-8d26592146f1", "resource_type": "ClusterNodeConfig", "external_id": "4c539859-1451-439a-a920-f64492863b16", "controller_role": { "type": "ControllerClusterRoleConfig", "host_msg_client_info": { "account_name": "cvn-ccp-7e36956a-85c4-4c3e-a883-8d26592146f1" }, "mpa_msg_client_info": { "account_name": "cvn-ccp-mpa-abcdef12-85c4-4c3e-a883-8d26592146f1" }, "control_cluster_listen_addr": { "port": 0 }, "control_plane_listen_addr": { "port": 0 } }, "_create_time": 1416221408704, "_create_user": "system", "_last_modified_user": "system", "_last_modified_time": 1416221408704 } Required Permissions: crud Additional Errors:

List Cluster Node Configurations

Returns information about all NSX cluster nodes. Request:
Method:
GET
URI Path:
/policy/api/v1/cluster/nodes
Request Headers:
n/a
Query Parameters:
ListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/cluster/nodes Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClusterNodeConfigListResult+

Example Response: { "result_count": 3, "results": [ { "resource_type": "ClusterNodeConfig", "id": "4206C988-8227-CEE9-D9AF-1C581AD84A03", "display_name": "4206C988-8227-CEE9-D9AF-1C581AD84A03", "manager_role": { "type": "ManagementClusterRoleConfig", "mgmt_cluster_listen_addr": { "port": 9090, "certificate_sha256_thumbprint": "64b99fac51f5b8996b158fc8c18af8d9379f6faa9b127a933446c701df809d24", "certificate": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----", "ip_address": "192.168.110.48" }, "mpa_msg_client_info": { "account_name": "cvn-mp-mpa-5d1212b4-6e1e-47d4-b9e7-2e38e018b8f2" }, "api_listen_addr": { "port": 443, "certificate_sha256_thumbprint": "e4c359bfb8f7ca827173effe52a726cf1df0209b7035a98a773a827a5b3365bd", "certificate": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----", "ip_address": "192.168.110.48" }, "mgmt_plane_listen_addr": { "port": 5671, "certificate_sha256_thumbprint": "7eda54d0dcee4463573f40b1869552f0e248dd47b9d6b47b727459b0ab0c40ba", "certificate": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----", "ip_address": "192.168.110.48" } }, "appliance_mgmt_listen_addr": "192.168.110.48", "external_id": "4206C988-8227-CEE9-D9AF-1C581AD84A03", "_create_time": 1445540755333, "_last_modified_user": "node-mgmt", "_system_owned": false, "_last_modified_time": 1445540868201, "_create_user": "admin", "_revision": 5 }, { "resource_type": "ClusterNodeConfig", "id": "4206A8C8-36D0-F37E-54F0-76D206541B9C", "display_name": "4206A8C8-36D0-F37E-54F0-76D206541B9C", "manager_role": { "type": "ManagementClusterRoleConfig", "mgmt_cluster_listen_addr": { "port": 9090, "certificate_sha256_thumbprint": "f082b28c306c045f8663f9cf759fc047410e465c3403c05682f4fb2cafb961f8", "certificate": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----", "ip_address": "192.168.110.49" }, "mpa_msg_client_info": { "account_name": "cvn-mp-mpa-318813d1-e23f-4906-b5e3-ebb30f6f93ea" }, "api_listen_addr": { "port": 443, "certificate_sha256_thumbprint": "8fda7907ed769628887ccc55d4fc9391febad9ce8556ca78dc7abe0025e5571a", "certificate": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----", "ip_address": "192.168.110.49" }, "mgmt_plane_listen_addr": { "port": 5671, "certificate_sha256_thumbprint": "e93e093fe7e25d11eb4b5b0799d90e1285f7d87f333b2bcac3a32b65cd9ae6c8", "certificate": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----", "ip_address": "192.168.110.49" } }, "appliance_mgmt_listen_addr": "192.168.110.49", "external_id": "4206A8C8-36D0-F37E-54F0-76D206541B9C", "_create_time": 1445473397114, "_last_modified_user": "node-mgmt", "_system_owned": false, "_last_modified_time": 1445473423066, "_create_user": "system", "_revision": 1 }, { "resource_type": "ClusterNodeConfig", "id": "4206D639-8620-96DB-2A5A-F3DFEB4C03C0", "display_name": "4206D639-8620-96DB-2A5A-F3DFEB4C03C0", "manager_role": { "type": "ManagementClusterRoleConfig", "mgmt_cluster_listen_addr": { "port": 9090, "certificate_sha256_thumbprint": "923314e232c29ba15aef12c8e9df44a5ddfb206479d66ac13f9a47f78b7fcc02", "certificate": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----", "ip_address": "192.168.110.50" }, "mpa_msg_client_info": { "account_name": "cvn-mp-mpa-7deeae7c-b52c-49ce-b9da-4b05e46ba0d7" }, "api_listen_addr": { "port": 443, "certificate_sha256_thumbprint": "a5778682201f1256f385372fd803ceef1913b54617d442d311d17559bd13620e", "certificate": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----", "ip_address": "192.168.110.50" }, "mgmt_plane_listen_addr": { "port": 5671, "certificate_sha256_thumbprint": "f99a8263bae620ca0f4bd0e97398ddeb0456412d491a6f5c204fa01cd81febf6", "certificate": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----", "ip_address": "192.168.110.50" } }, "appliance_mgmt_listen_addr": "192.168.110.50", "external_id": "4206D639-8620-96DB-2A5A-F3DFEB4C03C0", "_create_time": 1445540972020, "_last_modified_user": "node-mgmt", "_system_owned": false, "_last_modified_time": 1445541093369, "_create_user": "admin", "_revision": 3 } ] } Required Permissions: read Additional Errors:

Remove a Node from the Cluster

Removes the specified manager or control node from the NSX cluster.
Before you can remove a node from the cluster, you must shut down the manager
or controller service with the "stop service manager" or the "stop service controller"
command.
Request:
Method:
DELETE
URI Path:
/policy/api/v1/cluster/nodes/<node-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-mgr>/api/v1/cluster/nodes/4845ae38-af61-4205-9998-5b0a026bb27e Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Read Cluster Node Configuration

Returns information about the specified NSX cluster node. Request:
Method:
GET
URI Path:
/policy/api/v1/cluster/nodes/<node-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/cluster/nodes/4206C988-8227-CEE9-D9AF-1C581AD84A03 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClusterNodeConfig+

Example Response: { "resource_type": "ClusterNodeConfig", "id": "4206C988-8227-CEE9-D9AF-1C581AD84A03", "display_name": "4206C988-8227-CEE9-D9AF-1C581AD84A03", "manager_role": { "type": "ManagementClusterRoleConfig", "mgmt_cluster_listen_addr": { "port": 9090, "certificate_sha256_thumbprint": "64b99fac51f5b8996b158fc8c18af8d9379f6faa9b127a933446c701df809d24", "certificate": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----", "ip_address": "192.168.110.48" }, "mpa_msg_client_info": { "account_name": "cvn-mp-mpa-5d1212b4-6e1e-47d4-b9e7-2e38e018b8f2" }, "api_listen_addr": { "port": 443, "certificate_sha256_thumbprint": "e4c359bfb8f7ca827173effe52a726cf1df0209b7035a98a773a827a5b3365bd", "certificate": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----", "ip_address": "192.168.110.48" }, "mgmt_plane_listen_addr": { "port": 5671, "certificate_sha256_thumbprint": "7eda54d0dcee4463573f40b1869552f0e248dd47b9d6b47b727459b0ab0c40ba", "certificate": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----", "ip_address": "192.168.110.48" } }, "appliance_mgmt_listen_addr": "192.168.110.48", "external_id": "4206C988-8227-CEE9-D9AF-1C581AD84A03", "_create_time": 1445540755333, "_last_modified_user": "node-mgmt", "_system_owned": false, "_last_modified_time": 1445540868201, "_create_user": "admin", "_revision": 5 } Required Permissions: read Additional Errors:

Read Cluster Node Status

Request:
Method:
GET
URI Path:
/policy/api/v1/cluster/nodes/<node-id>/status
Request Headers:
n/a
Query Parameters:
DataSourceParameters+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/cluster/nodes/<node-id>/status Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClusterNodeStatus+

Example Response: { "system_status": { "mem_used": 2498348, "system_time": 1445560337000, "file_systems": [ { "file_system": "/dev/sda2", "total": 4790588, "used": 1652564, "type": "ext4", "mount": "/" }, { "file_system": "none", "total": 4, "used": 0, "type": "tmpfs", "mount": "/sys/fs/cgroup" }, { "file_system": "udev", "total": 8206636, "used": 4, "type": "devtmpfs", "mount": "/dev" }, { "file_system": "tmpfs", "total": 1643052, "used": 716, "type": "tmpfs", "mount": "/run" }, { "file_system": "none", "total": 5120, "used": 0, "type": "tmpfs", "mount": "/run/lock" }, { "file_system": "none", "total": 8215252, "used": 0, "type": "tmpfs", "mount": "/run/shm" }, { "file_system": "none", "total": 102400, "used": 0, "type": "tmpfs", "mount": "/run/user" }, { "file_system": "/dev/sda1", "total": 967320, "used": 32672, "type": "ext4", "mount": "/boot" }, { "file_system": "/dev/sda3", "total": 4790588, "used": 9784, "type": "ext4", "mount": "/os_bak" }, { "file_system": "/dev/mapper/nsx-config", "total": 3869352, "used": 7808, "type": "ext4", "mount": "/config" }, { "file_system": "/dev/mapper/nsx-config__bak", "total": 3869352, "used": 7800, "type": "ext4", "mount": "/config_bak" }, { "file_system": "/dev/mapper/nsx-tmp", "total": 3869352, "used": 7944, "type": "ext4", "mount": "/tmp" }, { "file_system": "/dev/mapper/nsx-image", "total": 9710112, "used": 21988, "type": "ext4", "mount": "/image" }, { "file_system": "/dev/mapper/nsx-repository", "total": 24473988, "used": 180108, "type": "ext4", "mount": "/repository" }, { "file_system": "/dev/mapper/nsx-var", "total": 9710112, "used": 163268, "type": "ext4", "mount": "/var" } ], "load_average": [ 0.07000000029802322, 0.3700000047683716, 0.3499999940395355 ], "swap_total": 3997692, "mem_cache": 381336, "cpu_cores": 4, "source": "cached", "mem_total": 16430504, "swap_used": 0, "uptime": 91774000 }, "mgmt_cluster_status": { "mgmt_cluster_status": "CONNECTED" }, "version": "1.0.0.0.0.3154214" } Required Permissions: read Additional Errors:

Read Cluster Status

Request:
Method:
GET
URI Path:
/policy/api/v1/cluster/nodes/status
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClustersAggregateInfo+

Required Permissions: read Additional Errors:

Revoke Missing Nodes from the Cluster

Request:
Method:
POST
URI Path:
/policy/api/v1/cluster/nodes?action=revoke_missing_nodes
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
RevokeNodeRequest+

Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Read Cluster Status

Returns status information for the NSX cluster control role and management
role.
Request:
Method:
GET
URI Path:
/policy/api/v1/cluster/status
Request Headers:
n/a
Query Parameters:
DataSourceParameters+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/cluster/status Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ClusterStatus+

Example Response: { "control_cluster_status": { "status": "STABLE" }, "mgmt_cluster_status": { "online_nodes": [ { "mgmt_cluster_listen_ip_address": "192.168.110.31", "uuid": "42311EA1-D13F-C347-A2E4-7821B20F31BE" } ], "status": "STABLE" } } Required Permissions: read Additional Errors:

Nsx Component Administration: Nsx Administration

Associated URIs:

Read NSX Management nodes global configuration.

Returns the NSX Management nodes global configuration.
Request:
Method:
GET
URI Path:
/policy/api/v1/configs/management
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/configs/management Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ManagementConfig+

Example Response: { "publish_fqdns": true, "_revision": 0 } Required Permissions: read Additional Errors:

Update NSX Management nodes global configuration

Modifies the NSX Management nodes global configuration. Request:
Method:
PUT
URI Path:
/policy/api/v1/configs/management
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
ManagementConfig+

Example Request: PUT https://<nsx-mgr>/api/v1/configs/management { "publish_fqdns": true, "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ManagementConfig+

Example Response: { "publish_fqdns": true, "_revision": 1 } Required Permissions: crud Additional Errors:

Nsx Component Administration: Trust Management

Associated URIs:

Return the Properties of a Trust Manager

Returns information about the supported algorithms and key sizes. Request:
Method:
GET
URI Path:
/policy/api/v1/trust-management
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/trust-management Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
TrustManagementData+

Example Response: { "supported_algorithms": [ { "key_size": [ 2048, 3072 ], "name": "RSA" }, { "key_size": [ 2048 ], "name": "DSA" } ] } Required Permissions: read Feature: trust_certificates Additional Errors:

Return the list of principal identities

Returns the list of principals registered with a certificate. Request:
Method:
GET
URI Path:
/policy/api/v1/trust-management/principal-identities
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/trust-management/principal-identities Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
PrincipalIdentityList+

Example Response: { [ { "id": "ebd3032d-728e-44d4-9914-d4f81c9972cb", "name": "web-ui", "node_id": "node-1", "permission_group": "read_write_api_users", "role": "enterprise_admin", "is_protected": "true", "certificate_id" : "bbd3032d-728e-44d4-9914-d4f81c9972cc" }, { "id" : "ebd3032d-728e-44d4-9914-d4f81c6783ed", "name": "open-stack", "node_id": "node-2", "permission_group": "undefined", "role": "enterprise_admin", "is_protected": "true", "certificate_id" : "cbd3032d-728e-44d4-9914-d4f81c9972cc" } ] } Required Permissions: read Feature: trust_principal_identities Additional Errors:

Register a name-certificate combination.

Associates a principal's name with a certificate that is used to authenticate.
Request:
Method:
POST
URI Path:
/policy/api/v1/trust-management/principal-identities
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
PrincipalIdentity+

Example Request: POST https://<nsx-mgr>/api/v1/trust-management/principal-identities { "name": "open-stack", "node_id": "node-2", "role": "enterprise_admin", "is_protected": "true", "certificate_id" : "abd3032d-728e-44d4-9914-d4f81c9972cc" } Successful Response:
Response Code:
201 Created
Response Headers:
Content-type: application/json
Response Body:
PrincipalIdentity+

Example Response: { "id": "ebd3032d-728e-44d4-9914-d4f81c9972cb", "name": "open-stack", "node_id": "node-2", "permission_group": "undefined", "role": "enterprise_admin", "is_protected": "true", "certificate_id" : "abd3032d-728e-44d4-9914-d4f81c9972cc" } Required Permissions: crud Feature: trust_principal_identities Additional Errors:

Get a Principal Identity

Get a stored principal identity
Request:
Method:
GET
URI Path:
/policy/api/v1/trust-management/principal-identities/<principal-identity-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/trust-management/principal-identities/ebd3032d-728e-44d4-9914-d4f81c9972cb Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
PrincipalIdentity+

Example Response: { "id": "ebd3032d-728e-44d4-9914-d4f81c9972cb", "name": "open-stack", "node_id": "node-2", "permission_group": "undefined", "role": "network_engineer", "is_protected": "false", "certificate_id" : "abd3032d-728e-44d4-9914-d4f81c9972cc" } Required Permissions: read Feature: trust_principal_identities Additional Errors:

Delete a principal identity

Delete a principal identity. It does not delete the certificate.
Request:
Method:
DELETE
URI Path:
/policy/api/v1/trust-management/principal-identities/<principal-identity-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-mgr>/api/v1/trust-management/principal-identities/ebd3032d-728e-44d4-9914-d4f81c9972cb Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: trust_principal_identities Additional Errors:

Update a Principal Identity's certificate

Update a principal identity's certificate
Request:
Method:
POST
URI Path:
/policy/api/v1/trust-management/principal-identities?action=update_certificate
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
UpdatePrincipalIdentityCertificateRequest+

Example Request: POST https://<nsx-mgr>/api/v1/trust-management/principal-identities?action=update_certificate { "principal_identity_id": "ebd3032d-728e-44d4-9914-d4f81c9972cb", "certificate_id" : "abd3032d-728e-44d4-9914-d4f81c9972cc" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
PrincipalIdentity+

Example Response: { "id": "ebd3032d-728e-44d4-9914-d4f81c9972cb", "name": "open-stack", "node_id": "node-2", "permission_group": "undefined", "role": "network_engineer", "is_protected": "false", "certificate_id" : "abd3032d-728e-44d4-9914-d4f81c9972cc" } Required Permissions: crud Feature: trust_principal_identities Additional Errors:

Nsx Component Administration: Trust Management: Certificate

Associated URIs:

Return All the User-Facing Components' Certificates

Returns all certificate information viewable by the user, including each
certificate's UUID; resource_type (for example, certificate_self_signed,
certificate_ca, or certificate_signed); pem_encoded data; and history of the
certificate (who created or modified it and when). For additional
information, include the ?details=true modifier at the end of the request
URI.
Request:
Method:
GET
URI Path:
/policy/api/v1/trust-management/certificates
Request Headers:
n/a
Query Parameters:
ListCertParameter+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/trust-management/certificates Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CertificateList+

Example Response: { "cursor": "0036506d00d6-bfd5-4ebe-8b7f-0236f8de4792nnuullll", "result_count": 2, "results": [ { "id": "2e15955d-acd1-4f49-abae-0c6ea65bf437", "resource_type": "certificate_ca", "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "_last_modified_time": 1413369285797, "_create_time": 1413369285797, "_create_user": "admin", "_last_modified_user": "admin" }, { "id": "506d00d6-bfd5-4ebe-8b7f-0236f8de4792", "resource_type": "certificate_signed", "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "_last_modified_time": 1413369285811, "_create_time": 1413369285811, "_create_user": "admin", "_last_modified_user": "admin" } ] } Required Permissions: read Feature: trust_certificates Additional Errors:

Delete Certificate for the Given Certificate ID

Removes the specified certificate. The private key associated with the
certificate is also deleted.
Request:
Method:
DELETE
URI Path:
/policy/api/v1/trust-management/certificates/<cert-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-mgr>/api/v1/trust-management/certificates/7ded7754-a2fb-48cd-b534-f1f4a980d827 Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: trust_certificates Additional Errors:

Show Certificate Data for the Given Certificate ID

Returns information for the specified certificate ID, including the
certificate's UUID; resource_type (for example, certificate_self_signed,
certificate_ca, or certificate_signed); pem_encoded data; and history of the
certificate (who created or modified it and when). For additional
information, include the ?details=true modifier at the end of the request
URI.
Request:
Method:
GET
URI Path:
/policy/api/v1/trust-management/certificates/<cert-id>
Request Headers:
n/a
Query Parameters:
GetCertParameter+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/trust-management/certificates/506d00d6-bfd5-4ebe-8b7f-0236f8de4792 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Certificate+

Example Response: { "id": "506d00d6-bfd5-4ebe-8b7f-0236f8de4792", "resource_type": "certificate_signed", "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "_last_modified_time": 1413369285811, "_create_time": 1413369285811, "_create_user": "admin", "_last_modified_user": "admin" } Required Permissions: read Feature: trust_certificates Additional Errors:

Add a New Certificate

Adds a new private-public certificate or a chain of certificates (CAs) and,
optionally, a private key that can be applied to one of the user-facing
components (appliance management or edge). The certificate and the key
should be stored in PEM format. If no private key is provided, the
certificate is used as a client certificate in the trust store.
Request:
Method:
POST
URI Path:
/policy/api/v1/trust-management/certificates?action=import
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
TrustObjectData+

Example Request: POST https://<nsx-mgr>/api/v1/trust-management/certificates?action=import { "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "private_key": "-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----\n", "passphrase": "1234" } Successful Response:
Response Code:
201 Created
Response Headers:
Content-type: application/json
Response Body:
CertificateList+

Example Response: { "results": [ { "id": "2e15955d-acd1-4f49-abae-0c6ea65bf437", "resource_type": "certificate_ca", "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "_last_modified_time": 1413369285797, "_create_time": 1413369285797, "_create_user": "admin", "_last_modified_user": "admin" }, { "id": "506d00d6-bfd5-4ebe-8b7f-0236f8de4792", "resource_type": "certificate_signed", "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "_last_modified_time": 1413369285811, "_create_time": 1413369285811, "_create_user": "admin", "_last_modified_user": "admin" } ] } Required Permissions: crud Feature: trust_certificates Additional Errors:

Nsx Component Administration: Trust Management: Crl

Associated URIs:

Return All Added CRLs

Returns information about all CRLs. For additional information, include the
?details=true modifier at the end of the request URI.
Request:
Method:
GET
URI Path:
/policy/api/v1/trust-management/crls
Request Headers:
n/a
Query Parameters:
ListCertParameter+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/trust-management/crls Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CrlList+

Example Response: { "cursor": "0036ebd3032d-728e-44d4-9914-d4f81c9972cbigloo Certificate Authority", "result_count": 1, "results": [ { "id": "ebd3032d-728e-44d4-9914-d4f81c9972cb", "display_name": "igloo Certificate Authority", "resource_type": "crl", "pem_encoded": "-----BEGIN X509 CRL----------END X509 CRL-----\n", "_last_modified_time": 1413387436438, "_create_time": 1413386249116, "_create_user": "admin", "_last_modified_user": "admin" } ] } Required Permissions: read Feature: trust_crls Additional Errors:

Update CRL for the Given CRL ID

Updates an existing CRL. Request:
Method:
PUT
URI Path:
/policy/api/v1/trust-management/crls/<crl-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Crl+

Example Request: PUT https://<nsx-mgr>/api/v1/trust-management/crls/ebd3032d-728e-44d4-9914-d4f81c9972cb { "id": "ebd3032d-728e-44d4-9914-d4f81c9972cb", "display_name": "igloo Certificate Authority", "pem_encoded": "-----BEGIN X509 CRL----------END X509 CRL-----\n" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Crl+

Example Response: { "id": "ebd3032d-728e-44d4-9914-d4f81c9972cb", "display_name": "igloo Certificate Authority", "resource_type": "crl", "pem_encoded": "-----BEGIN X509 CRL----------END X509 CRL-----\n", "_last_modified_time": 1413387436438, "_create_time": 1413386249116, "_create_user": "admin", "_last_modified_user": "admin" } Required Permissions: crud Feature: trust_crls Additional Errors:

Show CRL Data for the Given CRL ID

Returns information about the specified CRL. For additional information,
include the ?details=true modifier at the end of the request URI.
Request:
Method:
GET
URI Path:
/policy/api/v1/trust-management/crls/<crl-id>
Request Headers:
n/a
Query Parameters:
GetCertParameter+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/trust-management/crls/ebd3032d-728e-44d4-9914-d4f81c9972cb?details=true Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Crl+

Example Response: { "id": "ebd3032d-728e-44d4-9914-d4f81c9972cb", "display_name": "igloo Certificate Authority", "resource_type": "crl", "pem_encoded": "-----BEGIN X509 CRL----------END X509 CRL-----\n", "details": { "next_update": "945220365000", "issuer": "1.2.840.113549.1.9.1=#161d726f6f744069676c6f6f2e6974732e756e696d656c622e6564752e6175,CN=igloo Certificate Authority,OU=Certificates Administration,O=igloo CA,L=Melbourne,ST=Victoria,C=AU", "version": "1" }, "_last_modified_user": "admin", "_last_modified_time": 1413387436438, "_create_time": 1413386249116, "_create_user": "admin" } Required Permissions: read Feature: trust_crls Additional Errors:

Delete a CRL

Deletes an existing CRL. Request:
Method:
DELETE
URI Path:
/policy/api/v1/trust-management/crls/<crl-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-mgr>/api/v1/trust-management/crls/ebd3032d-728e-44d4-9914-d4f81c9972cb Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: trust_crls Additional Errors:

Add a New Certificate Revocation List

Adds a new certificate revocation list (CRL). The CRL is used to verify the
client certificate status against the revocation lists published by the CA.
For this reason, the administrator needs to add the CRL in certificate
repository as well.
Request:
Method:
POST
URI Path:
/policy/api/v1/trust-management/crls?action=import
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
CrlObjectData+

Example Request: POST https://<nsx-mgr>/api/v1/trust-management/crls?action=import { "pem_encoded": "-----BEGIN X509 CRL----------END X509 CRL-----\n" } Successful Response:
Response Code:
201 Created
Response Headers:
Content-type: application/json
Response Body:
CrlList+

Example Response: { "results": [ { "id": "ebd3032d-728e-44d4-9914-d4f81c9972cb", "resource_type": "crl", "pem_encoded": "-----BEGIN X509 CRL----------END X509 CRL-----\n", "_last_modified_time": 1413386249116, "_create_time": 1413386249116, "_create_user": "admin", "_last_modified_user": "admin" } ] } Required Permissions: crud Feature: trust_crls Additional Errors:

Nsx Component Administration: Trust Management: Csr

Associated URIs:

Return All the Generated CSRs

Returns information about all of the CSRs that have been created. Request:
Method:
GET
URI Path:
/policy/api/v1/trust-management/csrs
Request Headers:
n/a
Query Parameters:
ListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/trust-management/csrs Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CsrList+

Example Response: { "cursor": "0036351bf766-dcd3-477a-87bb-e72139f77396nnuullll", "result_count": 2, "results": [ { "id": "f1a858e1-fe70-41d0-a53b-32c43cec280f", "resource_type": "csr", "pem_encoded": "-----BEGIN CERTIFICATE REQUEST----------END CERTIFICATE REQUEST-----\n", "key_size": 2048, "subject": { "attributes": [ { "value": "Jane", "key": "CN" }, { "value": "VMware", "key": "O" }, { "value": "NSBU", "key": "OU" }, { "value": "US", "key": "C" }, { "value": "CA", "key": "ST" }, { "value": "PA", "key": "L" } ] }, "algorithm": "RSA", "_last_modified_time": 1413371717767, "_create_time": 1413371717767, "_create_user": "admin", "_last_modified_user": "admin" }, { "id": "351bf766-dcd3-477a-87bb-e72139f77396", "resource_type": "csr", "pem_encoded": "-----BEGIN CERTIFICATE REQUEST----------END CERTIFICATE REQUEST-----\n", "key_size": 2048, "subject": { "attributes": [ { "value": "Joe", "key": "CN" }, { "value": "VMware", "key": "O" }, { "value": "NSBU", "key": "OU" }, { "value": "US", "key": "C" }, { "value": "CA", "key": "ST" }, { "value": "PA", "key": "L" } ] }, "algorithm": "DSA", "_last_modified_time": 1413384517993, "_create_time": 1413384517993, "_create_user": "admin", "_last_modified_user": "admin" } ] } Required Permissions: read Feature: trust_csrs Additional Errors:

Generate a New Certificate Signing Request

Creates a new certificate signing request (CSR). A CSR is encrypted text that
contains information about your organization (organization name, country,
and so on) and your Web server's public key, which is a public certificate
the is generated on the server that can be used to forward this request to a
certificate authority (CA). A private key is also usually created at the
same time as the CSR.
Request:
Method:
POST
URI Path:
/policy/api/v1/trust-management/csrs
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Csr+

Example Request: POST https://<nsx-mgr>/api/v1/trust-management/csrs { "subject": { "attributes": [ {"key":"CN","value":"Jane"}, {"key":"O","value":"VMware"}, {"key":"OU","value":"NSBU"}, {"key":"C","value":"US"}, {"key":"ST","value":"CA"}, {"key":"L","value":"PA"} ] }, "key_size": "2048", "algorithm": "RSA" } Successful Response:
Response Code:
201 Created
Response Headers:
Content-type: application/json
Response Body:
Csr+

Example Response: { "id": "f1a858e1-fe70-41d0-a53b-32c43cec280f", "resource_type": "csr", "pem_encoded": "-----BEGIN CERTIFICATE REQUEST----------END CERTIFICATE REQUEST-----\n", "key_size": 2048, "subject": { "attributes": [ { "value": "Jane", "key": "CN" }, { "value": "VMware", "key": "O" }, { "value": "NSBU", "key": "OU" }, { "value": "US", "key": "C" }, { "value": "CA", "key": "ST" }, { "value": "PA", "key": "L" } ] }, "algorithm": "RSA", "_last_modified_time": 1413371717767, "_create_time": 1413371717767, "_create_user": "admin", "_last_modified_user": "admin" } Required Permissions: crud Feature: trust_csrs Additional Errors:

Show CSR Data for the Given CSR ID

Returns information about the specified CSR. Request:
Method:
GET
URI Path:
/policy/api/v1/trust-management/csrs/<csr-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/trust-management/csrs/170b0f6c-653b-4dcc-92bf-0ab8f3a00b08 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Csr+

Example Response: { "id": "170b0f6c-653b-4dcc-92bf-0ab8f3a00b08", "resource_type": "csr", "pem_encoded": "-----BEGIN CERTIFICATE REQUEST----------END CERTIFICATE REQUEST-----\n", "key_size": 2048, "subject": { "attributes": [ { "value": "Jane", "key": "CN" }, { "value": "VMware", "key": "O" }, { "value": "NSBU", "key": "OU" }, { "value": "US", "key": "C" }, { "value": "CA", "key": "ST" }, { "value": "PA", "key": "L" } ] }, "algorithm": "RSA", "_last_modified_time": 1413382501591, "_create_time": 1413382501591, "_create_user": "admin", "_last_modified_user": "admin" } Required Permissions: read Feature: trust_csrs Additional Errors:

Delete a CSR

Removes a specified CSR. If a CSR is not used for verification, you can
delete it. Note that the CSR import and upload POST actions automatically
delete the associated CSR.
Request:
Method:
DELETE
URI Path:
/policy/api/v1/trust-management/csrs/<csr-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-mgr>/api/v1/trust-management/csrs/351bf766-dcd3-477a-87bb-e72139f77396 Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: trust_csrs Additional Errors:

Get CSR PEM File for the Given CSR ID

Downloads the CSR PEM file for a specified CSR. Clients must include an Accept: text/plain request header. Request:
Method:
GET
URI Path:
/policy/api/v1/trust-management/csrs/<csr-id>/pem-file
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/trust-management/csrs/f1a858e1-fe70-41d0-a53b-32c43cec280f/pem-file Accept: text/plain Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: text/plain;charset=UTF-8
Response Body:
string

Example Response: -----BEGIN CERTIFICATE REQUEST----------END CERTIFICATE REQUEST----- Required Permissions: read Feature: trust_csrs Additional Errors:

Import a Certificate Associated with an Approved CSR

Imports a certificate authority (CA)-signed certificate for a CSR. This
action links the certificate to the private key created by the CSR. The
pem_encoded string in the request body is the signed certificate provided by
your CA in response to the CSR that you provide to them. The import POST
action automatically deletes the associated CSR.
Request:
Method:
POST
URI Path:
/policy/api/v1/trust-management/csrs/<csr-id>?action=import
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
TrustObjectData+

Example Request: POST https://<nsx-mgr>/api/v1/trust-management/csrs/f1a858e1-fe70-41d0-a53b-32c43cec280f?action=import { "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n" } Successful Response:
Response Code:
201 Created
Response Headers:
Content-type: application/json
Response Body:
CertificateList+

Required Permissions: crud Feature: trust_csrs Additional Errors:

Self-Sign the CSR

Self-signs the previously generated CSR. This action is similar to the
import certificate action, but instead of using a public certificate signed
by a CA, the self_sign POST action uses a certificate that is signed with
NSX's own private key.
Request:
Method:
POST
URI Path:
/policy/api/v1/trust-management/csrs/<csr-id>?action=self_sign
Request Headers:
n/a
Query Parameters:
SelfSignedActionParameter+
Request Body:
n/a

Example Request: POST https://<nsx-mgr>/api/v1/trust-management/csrs/xxxx?action=self_sign "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n" Successful Response:
Response Code:
201 Created
Response Headers:
Content-type: application/json
Response Body:
Certificate+

Example Response: { "id": "1b522350-832b-464b-9295-dff599dd5594", "resource_type": "certificate_self_signed", "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "_last_modified_time": 1413382597133, "_create_time": 1413382597133, "_create_user": "admin", "_last_modified_user": "admin" } Required Permissions: crud Feature: trust_csrs Additional Errors:

Upload the Certificate PEM File Signed by the CA Associated with a CSR

Uploads the certificate authority (CA)-signed certificate. After you send
the certificate request to the CA of your choice, and the CA sends back the
signed certificate, you can use the upload POST action to upload the signed
certificate. The upload action is similar to the import action, but the
upload action allows you to directly upload the PEM-encoded file (signed
certificate) provided by the CA. Like the import POST action, the upload
POST action automatically deletes the associated CSR.
Request:
Method:
POST
URI Path:
/policy/api/v1/trust-management/csrs/<csr-id>?action=upload
Request Headers:
n/a
Query Parameters:
PemFile+
Request Body:
n/a

Successful Response:
Response Code:
201 Created
Response Headers:
Content-type: application/json
Response Body:
CertificateList+

Required Permissions: crud Feature: trust_csrs Additional Errors:

Policy

Associated URIs:

Update the infra including all the nested entities

Update the infra including all the nested entities This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Infra+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra { "resource_type": "Infra", "id": "infra", "display_name": "infra", "path": "/infra", "relative_path": "infra", "connectivity_strategy": "NONE", } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Read infra

Read infra. Returns only the infra related properties. Inner object
are not populated.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra
Request Headers:
n/a
Query Parameters:
ChildTypesRequestParameter+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Infra+

Example Response: { "resource_type": "Infra", "id": "infra", "display_name": "infra", "path": "/infra", "relative_path": "infra", "connectivity_strategy": "NONE", "_create_user": "system", "_create_time": 1517296394552, "_last_modified_user": "system", "_last_modified_time": 1517296394552, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Additional Errors:

Update the infra including all the nested entities

Update the infra including all the nested entities This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Infra+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra { "resource_type": "Infra", "id": "infra", "display_name": "infra", "path": "/infra", "relative_path": "infra", "connectivity_strategy": "NONE", "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Infra+

Example Response: { "resource_type": "Infra", "id": "infra", "display_name": "infra", "path": "/infra", "relative_path": "infra", "connectivity_strategy": "NONE", "_create_user": "system", "_create_time": 1517296394552, "_last_modified_user": "system", "_last_modified_time": 1517296394552, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Additional Errors:

List domains for infra

Paginated list of all domains for infra.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains
Request Headers:
n/a
Query Parameters:
DomainListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
DomainListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "Domain", "description": "VMC Domain", "id": "vmc", "display_name": "VMC domain", "path": "/infra/domains/vmc", "parent_path": "/infra/domains/vmc", "relative_path": "vmc", "_create_user": "admin", "_create_time": 1517307910473, "_last_modified_user": "admin", "_last_modified_time": 1517307910473, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Additional Errors:

Patch a domain

If a domain with the domain-id is not already present, create a new
domain. If it already exists, patch the domain
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/domains/<domain-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Domain+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc { "resource_type": "Domain", "description": "VMC Domain Patched", "display_name": "VMC domain", "_revision":0 } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Read domain

Read a domain.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Domain+

Example Response: { "resource_type": "Domain", "description": "VMC Domain", "id": "vmc", "display_name": "VMC domain", "path": "/infra/domains/vmc", "parent_path": "/infra/domains/vmc", "relative_path": "vmc", "_create_user": "admin", "_create_time": 1517307910473, "_last_modified_user": "admin", "_last_modified_time": 1517307910473, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Additional Errors:

Create or update a domain

If a domain with the domain-id is not already present, create a new
domain. If it already exists, update the domain including the nested
groups. This is a full replace
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/domains/<domain-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Domain+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc { "resource_type": "Domain", "description": "VMC Domain", "display_name": "VMC domain", "_revision":0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Domain+

Example Response: { "resource_type": "Domain", "description": "VMC Domain", "id": "vmc", "display_name": "VMC domain", "path": "/infra/domains/vmc", "parent_path": "/infra/domains/vmc", "relative_path": "vmc", "_create_user": "admin", "_create_time": 1517307910473, "_last_modified_user": "admin", "_last_modified_time": 1517307910473, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Additional Errors:

Delete Domain and all the entities contained by this domain

Delete the domain along with all the entities contained by this domain.
The groups that are a part of this domain are also deleted along with
the domain.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/domains/<domain-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

List communication maps

List all communication maps for a domain.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps
Request Headers:
n/a
Query Parameters:
CommunicationMapListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationMapListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 2, "results": [ { "resource_type": "CommunicationMap", "description": "comm map", "id": "application-section-1", "display_name": "application-section-1", "path": "/infra/domains/vmc/communication-maps/application-section-1", "parent_path": "/infra/domains/vmc", "relative_path": "application-section-1", "category": "Application", "precedence": 0, "_create_user": "admin", "_create_time": 1517317362027, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 }, { "resource_type": "CommunicationMap", "id": "communication-map", "display_name": "communication-map", "path": "/infra/domains/vmc/communication-maps/communication-map", "parent_path": "/infra/domains/vmc", "relative_path": "communication-map", "precedence": 100, "_create_user": "admin", "_create_time": 1517307910504, "_last_modified_user": "admin", "_last_modified_time": 1517307910504, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Additional Errors:

Patch communication map

Patch the communication map for a domain.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
CommunicationMap+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1 { "resource_type": "CommunicationMap", "description": "comm map patched", "display_name": "application-section-1", "category":"Application", "communication_entries": [ { "resource_type": "CommunicationEntry", "description": " comm entry", "display_name": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "action": "ALLOW" } ] } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Deletes a communication map from this domain

Deletes the communication map along with all the communication entries
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1 Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Read communication-map

Read communication-map for a domain.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationMap+

Example Response: { "resource_type": "CommunicationMap", "description": "comm map", "id": "application-section-1", "display_name": "application-section-1", "path": "/infra/domains/vmc/communication-maps/application-section-1", "parent_path": "/infra/domains/vmc", "relative_path": "application-section-1", "communication_entries": [ { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } ], "category": "Application", "precedence": 0, "_create_user": "admin", "_create_time": 1517317362027, "_last_modified_user": "admin", "_last_modified_time": 1517317362027, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Additional Errors:

Create or Update communication map

Create or Update the communication map for a domain. This is a full replace.
All the CommunicationEntries are replaced.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
CommunicationMap+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1 { "resource_type": "CommunicationMap", "description": "comm map", "display_name": "application-section-1", "_revision":0, "category":"Application", "communication_entries": [ { "resource_type": "CommunicationEntry", "description": " comm entry", "display_name": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "action": "ALLOW" } ] } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationMap+

Example Response: { "resource_type": "CommunicationMap", "description": "comm map", "id": "application-section-1", "display_name": "application-section-1", "path": "/infra/domains/vmc/communication-maps/application-section-1", "parent_path": "/infra/domains/vmc", "relative_path": "application-section-1", "communication_entries": [ { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } ], "category": "Application", "precedence": 0, "_create_user": "admin", "_create_time": 1517317362027, "_last_modified_user": "admin", "_last_modified_time": 1517317362027, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Additional Errors:

List CommunicationEntries

List CommunicationEntries This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries
Request Headers:
n/a
Query Parameters:
CommunicationEntryListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1/communication-entries Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationEntryListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } ] } Required Permissions: read Additional Errors:

Read CommunicationEntry

Read CommunicationEntry This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationEntry+

Example Response: { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } Required Permissions: read Additional Errors:

Patch a CommunicationEntry

Patch the CommunicationEntry.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
CommunicationEntry+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1 { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc_domain/groups/webgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc_domain/groups/dbgroup" ], "scope": [ "ANY" ], "action": "DROP", "services": [ "ANY" ], "_create_user": "admin", "_create_time": 1516000243757, "_last_modified_user": "admin", "_last_modified_time": 1516000593340, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Create or update a CommunicationEntry

Update the CommunicationEntry. If a CommunicationEntry with the communication-entry-id
is not already present, this API fails with a 404. Creation of CommunicationEntries
is not allowed using this API.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
CommunicationEntry+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1 { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc_domain/groups/webgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc_domain/groups/dbgroup" ], "scope": [ "ANY" ], "action": "DROP", "services": [ "ANY" ], "_create_user": "admin", "_create_time": 1516000243757, "_last_modified_user": "admin", "_last_modified_time": 1516000593340, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationEntry+

Example Response: { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } Required Permissions: crud Additional Errors:

Delete CommunicationEntry

Delete CommunicationEntry This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1 Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Revise the positioning of communication entry

This is used to re-order a communictation entry within a communication map.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
POST
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id>?action=revise
Request Headers:
n/a
Query Parameters:
CommunicationEntryInsertParameters+
Request Body:
CommunicationEntry+

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/emergency-section/communication-entries/ce-1?action=revise&anchor_path=/infra/domains/vmc/communication-maps/emergency-section/communication-entries/ce-2&operation=insert_after { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc_domain/communication-maps/emergency-section/communication-entries/ce-1", "parent_path": "/infra/domains/vmc_domain/communication-maps/emergency-section", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc_domain/groups/webgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc_domain/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/AD_Server", "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1515675021964, "_last_modified_user": "admin", "_last_modified_time": 1515675021973, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationEntry+

Example Response: { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } Required Permissions: crud Additional Errors:

Revise the positioning of communication maps

This is used to set a precedence of a communication map w.r.t others.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
POST
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>?action=revise
Request Headers:
n/a
Query Parameters:
CommunicationMapInsertParameters+
Request Body:
CommunicationMap+

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1?action=revise&anchor_path=/infra/domains/vmc/communication-maps/emergency-section&operation=insert_before { "resource_type": "CommunicationMap", "description": "comm map revised", "display_name": "application-section-1", "category":"Application", "communication_entries": [ { "resource_type": "CommunicationEntry", "description": " comm entry", "display_name": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "action": "ALLOW" } ] } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationMap+

Example Response: { "resource_type": "CommunicationMap", "description": "comm map", "id": "application-section-1", "display_name": "application-section-1", "path": "/infra/domains/vmc/communication-maps/application-section-1", "parent_path": "/infra/domains/vmc", "relative_path": "application-section-1", "communication_entries": [ { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } ], "category": "Application", "precedence": 0, "_create_user": "admin", "_create_time": 1517317362027, "_last_modified_user": "admin", "_last_modified_time": 1517317362027, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Additional Errors:

List Groups for a domain

List Groups for a domain This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups
Request Headers:
n/a
Query Parameters:
GroupListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
GroupListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "Group", "description": "web group", "id": "webgroup", "display_name": "web group", "path": "/infra/domains/vmc/groups/webgroup", "parent_path": "/infra/domains/vmc", "relative_path": "webgroup", "expression": [ { "resource_type": "Condition", "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "_protection": "NOT_PROTECTED" } ], "_create_user": "admin", "_create_time": 1517308749250, "_last_modified_user": "admin", "_last_modified_time": 1517308749250, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Additional Errors:

Create or update a group

If a group with the group-id is not already present, create a new group.
If it already exists, update the group.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Group+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup { "expression": [ { "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "resource_type": "Condition" } ], "description": "web group", "display_name": "web group", "_revision":0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Group+

Example Response: { "resource_type": "Group", "description": "web group", "id": "webgroup", "display_name": "web group", "path": "/infra/domains/vmc/groups/webgroup", "parent_path": "/infra/domains/vmc", "relative_path": "webgroup", "expression": [ { "resource_type": "Condition", "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "_protection": "NOT_PROTECTED" } ], "_create_user": "admin", "_create_time": 1517308749250, "_last_modified_user": "admin", "_last_modified_time": 1517308749250, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Additional Errors:

Patch a group

If a group with the group-id is not already present, create a new group.
If it already exists, patch the group.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Group+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup { "expression": [ { "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "resource_type": "Condition" } ], "description": "web group", "display_name": "web group" } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Delete Group

Delete Group This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
Request Headers:
n/a
Query Parameters:
GroupDeleteRequestParameters+
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Read group

Read group This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Group+

Example Response: { "resource_type": "Group", "description": "web group", "id": "webgroup", "display_name": "web group", "path": "/infra/domains/vmc/groups/webgroup", "parent_path": "/infra/domains/vmc", "relative_path": "webgroup", "expression": [ { "resource_type": "Condition", "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "_protection": "NOT_PROTECTED" } ], "_create_user": "admin", "_create_time": 1517308749250, "_last_modified_user": "admin", "_last_modified_time": 1517308749250, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Additional Errors:

List Services for infra

Paginated list of Services for infra.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/services
Request Headers:
n/a
Query Parameters:
ServiceListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/services Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ServiceListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 402, "results": [ { "resource_type": "Service", "description": "AD Server", "id": "AD_Server", "display_name": "AD Server", "path": "/infra/services/AD_Server", "parent_path": "/infra/services/AD_Server", "relative_path": "AD_Server", "service_entries": [ { "resource_type": "L4PortSetServiceEntry", "id": "AD_Server", "display_name": "AD Server", "path": "/infra/services/AD_Server/service-entries/AD_Server", "parent_path": "/infra/services/AD_Server", "relative_path": "AD_Server", "destination_ports": [ "1024" ], "l4_protocol": "TCP", "_create_user": "system", "_create_time": 1517296380484, "_last_modified_user": "system", "_last_modified_time": 1517296380484, "_system_owned": true, "_protection": "NOT_PROTECTED", "_revision": 0 } ], "_create_user": "system", "_create_time": 1517296380468, "_last_modified_user": "system", "_last_modified_time": 1517296380468, "_system_owned": true, "_protection": "NOT_PROTECTED", "_revision": 0 } } Required Permissions: read Additional Errors:

Delete Service

Delete Service This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/services/<service-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/services/my-http Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Read a service

Read a service This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/services/<service-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/services/my-http Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Service+

Example Response: { "resource_type": "Service", "description": "My HTTP", "id": "my-http", "display_name": "My HTTP", "path": "/infra/services/my-http", "parent_path": "/infra/services/my-http", "relative_path": "my-http", "service_entries": [ { "resource_type": "L4PortSetServiceEntry", "id": "MyHttpEntry", "display_name": "MyHttpEntry", "path": "/infra/services/my-http/service-entries/MyHttpEntry", "parent_path": "/infra/services/my-http", "relative_path": "MyHttpEntry", "destination_ports": [ "8080" ], "l4_protocol": "TCP", "_create_user": "admin", "_create_time": 1517310677617, "_last_modified_user": "admin", "_last_modified_time": 1517310677617, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ], "_create_user": "admin", "_create_time": 1517310677604, "_last_modified_user": "admin", "_last_modified_time": 1517310677604, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Additional Errors:

Patch a Service

Create a new service if a service with the given ID does not already
exist. Creates new service entries if populated in the service.
If a service with the given ID already exists, patch the service
including the nested service entries.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/services/<service-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Service+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/services/my-http { "description": "My HTTP Patched", "display_name": "My HTTP", "service_entries": [ { "resource_type": "L4PortSetServiceEntry", "display_name": "MyHttpEntry", "destination_ports": [ "8080" ], "l4_protocol": "TCP" } ] } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Additional Errors:

Create or update a Service

Create a new service if a service with the given ID does not already
exist. Creates new service entries if populated in the service.
If a service with the given ID already exists, update the service
including the nested service entries. This is a full replace.
This API is only available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/services/<service-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Service+