NSX-T Data Center REST API
Associated URIs:
| API Description | API Path |
|---|---|
Read infraRead infra. Returns only the infra related properties. Inner object are not populated. |
GET /policy/api/v1/infra
GET /policy/api/v1/global-infra GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra |
Update the infra including all the nested entitiesPatch API at infra level can be used in two flavours 1. Like a regular API to update Infra object 2. Hierarchical API: To create/update/delete entire or part of intent hierarchy Hierarchical API: Provides users a way to create entire or part of intent in single API invocation. Input is expressed in a tree format. Each node in tree can have multiple children of different types. System will resolve the dependencies of nodes within the intent tree and will create the model. Children for any node can be specified using ChildResourceReference or ChildPolicyConfigResource. If a resource is specified using ChildResourceReference then it will not be updated only its children will be updated. If Object is specified using ChildPolicyConfigResource, object along with its children will be updated. Hierarchical API can also be used to delete any sub-branch of entire tree. Hierarchical API supports up to 5000 intent creation on LM and 1000 on GM. |
PATCH /policy/api/v1/infra
PATCH /policy/api/v1/global-infra PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra |
Update the infra objectUpdates only the single infra object. This does not allow hierarchical updates of entities. |
PUT /policy/api/v1/infra
|
Returns information about all the CA bundlesReturns information about all the bundles of trusted CA certificates. |
GET /policy/api/v1/infra/cabundles
|
Deletes CA bundleDeletes the specified bundle of trusted CA certificates. |
DELETE /policy/api/v1/infra/cabundles/{cabundle-id}
|
Returns information about a CA bundleReturns information about the specified bundle of trusted CA certificates. |
GET /policy/api/v1/infra/cabundles/{cabundle-id}
|
Adds or updates a CA bundleAdds or updates a new bundle of trusted CA certificates. The bundle must be a concatenation of one or more PEM-encoded certificates. The PEM-encoded bundle is replaced with the one provided in the request. |
PATCH /policy/api/v1/infra/cabundles/{cabundle-id}
|
Adds or replaces a CA bundleAdds or replaces a new bundle of trusted CA certificates. The multipart-uploaded file must be a concatenation of one or more PEM-encoded certificates. |
POST /policy/api/v1/infra/cabundles/{cabundle-id}
|
Adds or replaces a CA bundleAdds or replaces a new bundle of trusted CA certificates. The bundle must be a concatenation of one or more PEM-encoded certificates. |
PUT /policy/api/v1/infra/cabundles/{cabundle-id}
|
Downloads a CA bundleDownloads the specified PEM-encoded bundle of trusted CA certificates. |
GET /policy/api/v1/infra/cabundles/{cabundle-id}/pem-file
|
Return All the User-Facing Components' CertificatesReturns all certificate information viewable by the user, including each certificate's id; pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. |
GET /policy/api/v1/infra/certificates
GET /policy/api/v1/global-infra/certificates GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates |
Delete Certificate for the Given Certificate IDRemoves the specified certificate. The private key associated with the certificate is also deleted. |
DELETE /policy/api/v1/infra/certificates/{certificate-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates/{certificate-id} |
Show Certificate Data for the Given Certificate IDReturns information for the specified certificate ID, including the certificate's id; pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. |
GET /policy/api/v1/infra/certificates/{certificate-id}
GET /policy/api/v1/global-infra/certificates/{certificate-id} GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates/{certificate-id} |
Add a New CertificateAdds a new private-public certificate and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. A private key can be uploaded for a CA certificate only if the "purpose" parameter is set to "signing-ca". A certificate chain will not be expanded into separate certificate instances for reference, but would be pushed to the enforcement point as a single certificate. This patch method does not modify an existing certificate. |
PATCH /policy/api/v1/infra/certificates/{certificate-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates/{certificate-id} |
Add a New CertificateAdds a new private-public certificate and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. A private key can be uploaded for a CA certificate only if the "purpose" parameter is set to "signing-ca". A certificate chain will not be expanded into separate certificate instances for reference, but would be pushed to the enforcement point as a single certificate. This PUT method does not modify an existing certificate. |
PUT /policy/api/v1/infra/certificates/{certificate-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates/{certificate-id} |
List tenant Constraints.List tenant constraints. |
GET /policy/api/v1/infra/constraints
GET /policy/api/v1/global-infra/constraints GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/constraints |
Delete tenant Constraint.Delete tenant constraint. |
DELETE /policy/api/v1/infra/constraints/{constraint-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/constraints/{constraint-id} |
Read tenant Constraint.Read tenant constraint. |
GET /policy/api/v1/infra/constraints/{constraint-id}
GET /policy/api/v1/global-infra/constraints/{constraint-id} GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/constraints/{constraint-id} |
Create or update tenant ConstraintCreate tenant constraint if not exists, otherwise update the existing constraint. |
PATCH /policy/api/v1/infra/constraints/{constraint-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/constraints/{constraint-id} |
Create or update tenant ConstraintCreate tenant constraint if it does not exist, otherwise replace the existing constraint. |
PUT /policy/api/v1/infra/constraints/{constraint-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/constraints/{constraint-id} |
Return All Added CRLsReturns information about all CRLs. For additional information, include the ?details=true modifier at the end of the request URI. |
GET /policy/api/v1/infra/crls
GET /policy/api/v1/global-infra/crls GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls |
Delete a CRLDeletes an existing CRL. |
DELETE /policy/api/v1/infra/crls/{crl-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id} |
Show CRL Data for the Given CRL id.Returns information about the specified CRL. For additional information, include the ?details=true modifier at the end of the request URI. |
GET /policy/api/v1/infra/crls/{crl-id}
GET /policy/api/v1/global-infra/crls/{crl-id} GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id} |
Create or patch a Certificate Revocation ListCreate or patch a Certificate Revocation List for the given id. The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL must contain PEM data for a single CRL. A CRL can be in the PEM X.509 format (crl_type=X509) or JSON OneCRL (crl_type=OneCRL). If crl_type is not specified, it is auto-detected based on the presence of fields pem_encoded or one_crl. |
PATCH /policy/api/v1/infra/crls/{crl-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id} |
Create a new Certificate Revocation ListAdds a new certificate revocation list (CRLs). The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. A CRL can be in the PEM X.509 format (crl_type=X509) or JSON OneCRL (crl_type=OneCRL). If crl_type is not specified, it is auto-detected based on the presence of fields pem_encoded or one_crl. An X.509 CRL can contain a single CRL or multiple CRLs depending on the PEM data. - Single CRL: a single CRL is created with the given id. - Composite CRL: multiple CRLs are generated. Each of the CRL is created with an id generated based on the given id. First CRL is created with crl-id, second with crl-id-1, third with crl-id-2, etc. |
POST /policy/api/v1/infra/crls/{crl-id}?action=import
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}?action=import |
Upload a new or updated Certificate Revocation ListAdds or replaces a certificate revocation list (CRLs). The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. A CRL can be in the PEM X.509 format (crl_type=X509) or JSON OneCRL (crl_type=OneCRL). If crl_type is not specified, it is auto-detected based on the upload content. An X.509 CRL can contain a single CRL or multiple CRLs depending on the PEM data. - Single CRL: a single CRL is created with the given id. - Composite CRL: multiple CRLs are generated. Each of the CRL is created with an id generated based on the given id. First CRL is created with crl-id, second with crl-id-1, third with crl-id-2, etc. Differently from action=import, this method allows multi-part upload of the CRL(s). The TlsCrl resource returned in the body of the response will have an empty pem_encoded field, as it may be large. Use a GET request to retrieve the PEM-encoded CRL. |
POST /policy/api/v1/infra/crls/{crl-id}?action=upload
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}?action=upload |
Create or fully replace a Certificate Revocation ListCreate or replace a Certificate Revocation List for the given id. The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL must contain PEM data for a single CRL. Revision is required. A CRL can be in the PEM X.509 format (crl_type=X509) or JSON OneCRL (crl_type=OneCRL). If crl_type is not specified, it is auto-detected based on the presence of fields pem_encoded or one_crl. |
PUT /policy/api/v1/infra/crls/{crl-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id} |
Return All the Generated CSRsReturns information about all of the CSRs that have been created. |
GET /policy/api/v1/infra/csrs
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs |
Generate a new self-signed certificateCreates a new self-signed certificate. A private key is also created at the same time. This is convenience call that will generate a CSR and then self-sign it. The maximum validity limit for non-CA certificates is 825 days, except that values of 3,650 and 36,500 days are allowed. No limit is set for CA certificates. |
POST /policy/api/v1/infra/csrs?action=self_sign
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs?action=self_sign |
Delete a CSRRemoves a specified CSR. If a CSR is not used for verification, you can delete it. Note that the CSR import and upload POST actions automatically delete the associated CSR. |
DELETE /policy/api/v1/infra/csrs/{csr-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id} |
Show CSR Data for the Given CSR IDReturns information about the specified CSR. |
GET /policy/api/v1/infra/csrs/{csr-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id} |
Generate a New Certificate Signing RequestCreates a new certificate signing request (CSR). A CSR is encrypted text that contains information about your organization (organization name, country, and so on) and your Web server's public key, which is a public certificate the is generated on the server that can be used to forward this request to a certificate authority (CA). A private key is also usually created at the same time as the CSR. |
POST /policy/api/v1/infra/csrs/{csr-id}?action=create
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}?action=create |
Import a Certificate Associated with an Approved CSRImports a certificate authority (CA)-signed certificate for a CSR. This action links the certificate to the private key created by the CSR. The pem_encoded string in the request body is the signed certificate provided by your CA in response to the CSR that you provide to them. The import POST action automatically deletes the associated CSR. |
POST /policy/api/v1/infra/csrs/{csr-id}?action=import
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}?action=import |
Upload the Certificate PEM File Signed by the CA Associated with a CSRUploads the certificate authority (CA)-signed certificate. After you send the certificate request to the CA of your choice, and the CA sends back the signed certificate, you can use the upload POST action to upload the signed certificate. The upload action is similar to the import action, but the upload action allows you to directly upload the PEM-encoded file (signed certificate) provided by the CA. Like the import POST action, the upload POST action automatically deletes the associated CSR. |
POST /policy/api/v1/infra/csrs/{csr-id}?action=upload
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}?action=upload |
Self-Sign the CSRSelf-signs the previously generated CSR. This action is similar to the import certificate action, but instead of using a public certificate signed by a CA, the self_sign POST action uses a certificate that is signed with NSX's own private key. The maximum validity limit for non-CA certificates is 825 days, except that values of 3,650 and 36,500 days are allowed. No limit is set for CA certificates. |
POST /policy/api/v1/infra/csrs/{csr-id}?action=self_sign
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}?action=self_sign |
Get CSR PEM File for the Given CSR IDDownloads the CSR PEM file for a specified CSR. Clients must include an Accept: text/plain request header. |
GET /policy/api/v1/infra/csrs/{csr-id}/pem-file
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}/pem-file |
List Deployment Zones for infraPaginated list of all Deployment zones for infra. |
GET /policy/api/v1/infra/deployment-zones
(Deprecated)
|
Read a DeploymentZoneRead a Deployment Zone. |
GET /policy/api/v1/infra/deployment-zones/{deployment-zone-id}
(Deprecated)
|
List enforcementpoints for infraPaginated list of all enforcementpoints for infra. |
GET /policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points
(Deprecated)
|
Delete EnforcementPointDelete EnforcementPoint. |
DELETE /policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points/{enforcementpoint-id}
(Deprecated)
|
Read an Enforcement PointRead an Enforcement Point. |
GET /policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points/{enforcementpoint-id}
(Deprecated)
|
Patch a new Enforcement Point under infraIf the passed Enforcement Point does not already exist, create a new Enforcement Point. If it already exists, patch it. |
PATCH /policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points/{enforcementpoint-id}
(Deprecated)
|
Create/update a new Enforcement Point under infraIf the passed Enforcement Point does not already exist, create a new Enforcement Point. If it already exists, replace it. |
PUT /policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points/{enforcementpoint-id}
(Deprecated)
|
List domains for infraPaginated list of all domains for infra. |
GET /policy/api/v1/infra/domains
GET /policy/api/v1/global-infra/domains GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains |
Delete Domain and all the entities contained by this domainDelete the domain along with all the entities contained by this domain. The groups that are a part of this domain are also deleted along with the domain. |
DELETE /policy/api/v1/infra/domains/{domain-id}
|
Read domainRead a domain. |
GET /policy/api/v1/infra/domains/{domain-id}
GET /policy/api/v1/global-infra/domains/{domain-id} GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id} |
Patch a domainIf a domain with the domain-id is not already present, create a new domain. If it already exists, patch the domain |
PATCH /policy/api/v1/infra/domains/{domain-id}
|
Create or update a domainIf a domain with the domain-id is not already present, create a new domain. If it already exists, update the domain including the nested groups. This is a full replace |
PUT /policy/api/v1/infra/domains/{domain-id}
|
List Domain Deployment maps for infraPaginated list of all Domain Deployment Entries for infra. |
GET /policy/api/v1/infra/domains/{domain-id}/domain-deployment-maps
GET /policy/api/v1/global-infra/domains/{domain-id}/domain-deployment-maps |
Delete Domain Deployment MapDelete Domain Deployment Map |
DELETE /policy/api/v1/infra/domains/{domain-id}/domain-deployment-maps/{domain-deployment-map-id}
|
Read a DomainDeploymentMapRead a Domain Deployment Map |
GET /policy/api/v1/infra/domains/{domain-id}/domain-deployment-maps/{domain-deployment-map-id}
GET /policy/api/v1/global-infra/domains/{domain-id}/domain-deployment-maps/{domain-deployment-map-id} |
Patch Domain Deployment Map under infraIf the passed Domain Deployment Map does not already exist, create a new Domain Deployment Map. If it already exist, patch it. |
PATCH /policy/api/v1/infra/domains/{domain-id}/domain-deployment-maps/{domain-deployment-map-id}
|
Create a new Domain Deployment Map under infraIf the passed Domain Deployment Map does not already exist, create a new Domain Deployment Map. If it already exist, replace it. |
PUT /policy/api/v1/infra/domains/{domain-id}/domain-deployment-maps/{domain-deployment-map-id}
|
List labels for infraPaginated list of all labels for infra. |
GET /policy/api/v1/infra/labels
GET /policy/api/v1/global-infra/labels GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/labels |
Delete PolicyLabel objectDelete PolicyLabel object |
DELETE /policy/api/v1/infra/labels/{label-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/labels/{label-id} |
Read lableRead a label. |
GET /policy/api/v1/infra/labels/{label-id}
GET /policy/api/v1/global-infra/labels/{label-id} GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/labels/{label-id} |
Patch an existing label objectCreate label if not exists, otherwise take the partial updates. Note, once the label is created type attribute can not be changed. |
PATCH /policy/api/v1/infra/labels/{label-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/labels/{label-id} |
Create or replace labelCreate label if not exists, otherwise replaces the existing label. If label already exists then type attribute cannot be changed. |
PUT /policy/api/v1/infra/labels/{label-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/labels/{label-id} |
Create an new packet capture sessionCreate an new packet capture session on given node with specified options |
POST /policy/api/v1/infra/pktcap/session
|
Delete the packet capture session by session id.Before calling this method, terminate any running capture session. |
DELETE /policy/api/v1/infra/pktcap/session/{session-id}
|
Get the status of packet capture sessionGet the packet capture status information by session id. |
GET /policy/api/v1/infra/pktcap/session/{session-id}
|
Restart the packet capture sessionRestart the packet capture session |
POST /policy/api/v1/infra/pktcap/session/{session-id}
|
Get packet capture fileYou must provide the request header "Accept:application/octet-stream" when calling this API. The capture file can only be found in MP which receives the capture request. |
GET /policy/api/v1/infra/pktcap/session/{session-id}/CapturedFile
|
Delete all the packet capture sessionsDelete all the packet capture sessions. |
DELETE /policy/api/v1/infra/pktcap/sessions
|
Get the information of all packet capture sessionsGet the information of all packet capture sessions. |
GET /policy/api/v1/infra/pktcap/sessions
|
List All alarms in the systemPaginated list of all alarms. |
GET /policy/api/v1/infra/realized-state/alarms
|
List Enforcement PointsPaginated list of all enforcement points. Returns the populated enforcement points. |
GET /policy/api/v1/infra/realized-state/enforcement-points
(Experimental)
|
Read Enforcement PointRead a Enforcement Point and the complete tree underneath. Returns the populated enforcement point object. |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}
(Experimental)
|
List Firewall SectionsPaginated list of all Firewalls. Returns populated Firewalls. |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/firewalls/firewall-sections
(Experimental)
(Deprecated)
|
Read FirewallRead a Firewall and the complete tree underneath. Returns the populated Firewall object. |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/firewalls/firewall-sections/{firewall-section-id}
(Experimental)
(Deprecated)
|
List NS GroupsPaginated list of all NSGroups. Returns populated NSGroups. |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/groups/nsgroups
(Experimental)
(Deprecated)
|
Read GroupRead a NSGroup and the complete tree underneath. Returns the populated NSgroup object. |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/groups/nsgroups/{nsgroup-name}
(Experimental)
(Deprecated)
|
List Security GroupsPaginated list of all Security Groups. Returns populated Security Groups. |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/groups/securitygroups
(Experimental)
(Deprecated)
|
Read GroupRead a Security Group and the complete tree underneath. Returns the populated Security Group object. |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/groups/securitygroups/{securitygroup-name}
(Experimental)
(Deprecated)
|
List IPSetsPaginated list of all Realized IPSets |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/ip-sets/ip-sets-nsxt
(Experimental)
(Deprecated)
|
Read IPSet Realized stateRead an IPSet |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/ip-sets/ip-sets-nsxt/{ip-set-name}
(Experimental)
(Deprecated)
|
List MACSetsPaginated list of all Realized MACSets |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/mac-sets/mac-sets-nsxt
(Experimental)
(Deprecated)
|
Read MACSet Realized stateRead an MACSet |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/mac-sets/mac-sets-nsxt/{mac-set-name}
(Experimental)
(Deprecated)
|
List Realized NSServicesPaginated list of all Realized NSService. |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/services/nsservices
(Experimental)
(Deprecated)
|
Read NSServiceRead a NSService. |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/services/nsservices/{nsservice-name}
(Experimental)
(Deprecated)
|
Listing of VIFs on the NSX ManagerThis API lists VIFs from the specified NSX Manager. |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/vifs
|
Get list of realized objects associated with intent objectGet list of realized entities associated with intent object, specified by path in query parameter |
GET /policy/api/v1/infra/realized-state/realized-entities
GET /policy/api/v1/global-infra/realized-state/realized-entities GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/realized-state/realized-entities |
Get realized entity uniquely identified by realized pathGet realized entity uniquely identified by realized path, specified by query parameter |
GET /policy/api/v1/infra/realized-state/realized-entity
|
Refresh all realized entities associated with the intent-pathRefresh the status and statistics of all realized entities associated with given intent path synchronously. The vmw-async: True HTTP header cannot be used with this API. |
POST /policy/api/v1/infra/realized-state/realized-entity?action=refresh
POST /policy/api/v1/global-infra/realized-state/realized-entity?action=refresh POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/realized-state/realized-entity?action=refresh |
Get consolidated status of an intent objectGet Consolidated Status of an intent object (with or without enforcement specific status details). The request is evaluated as follows: - <intent_path>: the request is evaluated on all enforcement points for the given intent without enforcement point specific details. - <intent_path, include_enforced_status>: the request is evaluated on all enforcement points for the given intent with enforcement point specific details. |
GET /policy/api/v1/infra/realized-state/status
GET /policy/api/v1/global-infra/realized-state/status GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/realized-state/status |
List enforcementpoints under SitePaginated list of all enforcementpoints under Site. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points |
Full sync EnforcementPoint from SiteFull sync EnforcementPoint from Site |
POST /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}?action=full-sync
|
Get datapath troubleshoot config of edge transport nodesThis API is used to fetch the control packet drop log config at enforcement Point level. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}/edge-transport-nodes/troubleshoot/datapath
(Experimental)
|
Enable or Disable the datapath troubleshoot config on edge transport nodesThis API is used to enable/disable the control packet drop log config in all edge transport nodes at the enforcement Point level. |
PATCH /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}/edge-transport-nodes/troubleshoot/datapath
(Experimental)
|
Delete EnforcementPoint from SiteDelete EnforcementPoint from Site |
DELETE /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}
|
Read an Enforcement Point under Infra/SiteRead an Enforcement Point under Infra/Site |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id} |
Patch a new Enforcement Point under SiteIf the passed Enforcement Point does not already exist, create a new Enforcement Point. If it already exists, patch it. |
PATCH /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}
|
Reload an Enforcement Point under SiteReload an Enforcement Point under Site. This will read and update fabric configs from enforcement point. |
POST /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}?action=reload
|
Create/update a new Enforcement Point under SiteIf the passed Enforcement Point does not already exist, create a new Enforcement Point. If it already exists, replace it. |
PUT /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}
|
List Policy Edge Cluster High Availability ProfilesList edge cluster high availability profiles. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-cluster-high-availability-profiles
|
Delete a Policy Edge Cluster High Availability ProfileDelete a policy edge cluster high availability profile. |
DELETE /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-cluster-high-availability-profiles/{edge-cluster-high-availability-profile-id}
|
Get a Policy Edge Cluster High Availability ProfileGet a policy edge cluster high availability profile. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-cluster-high-availability-profiles/{edge-cluster-high-availability-profile-id}
|
Patch a Policy EdgeCluster High Availability ProfilePatch a policy edge cluster high availability profile. |
PATCH /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-cluster-high-availability-profiles/{edge-cluster-high-availability-profile-id}
|
Create or Update a Policy Edge Cluster High Availability ProfileCreate or Update a policy edge cluster high availability profile. |
PUT /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-cluster-high-availability-profiles/{edge-cluster-high-availability-profile-id}
|
List Edge Clusters under an Enforcement PointPaginated list of all Edge Clusters under an Enforcement Point |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters |
Delete the specified edge cluster.Delete the specified edge cluster. |
DELETE /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}
|
Read an Edge Cluster under an Enforcement PointRead an Edge Cluster under an Enforcement Point |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id} |
Patch a Policy Edge ClusterPatch a policy edge cluster. It only supports homogeneous members. The Edge Transport Nodes are only allowed in cluster members. DeploymentType (VIRTUAL_MACHINE|PHYSICAL_MACHINE) of these Edge Nodes is recommended to be the same. Any update operation on members of edge cluster is not permitted, To replace the edge transport node for an existing member, refer /policy/api/v1/infra/sites/default/enforcement-points/default/edge-clusters/ /action/replace-policy-edge-node |
PATCH /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}
|
Create Or Update a Policy Edge ClusterEdge Cluster only supports homogeneous members. The Edge Transport Nodes are only allowed in cluster members. DeploymentType of these edge nodes can be VIRTUAL_MACHINE or PHYSICAL_MACHINE. Any update operation on members of edge cluster is not permitted, To replace the edge transport node for an existing member, refer /policy/api/v1/infra/sites/default/enforcement-points/default/edge-clusters/ /action/replace-policy-edge-node |
PUT /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}
|
Relocate service contexts from policy edge node and remove policy edge node from the edge-clusterRelocate auto allocated service contexts from policy edge node at given id. For API to perform relocate and remove action the edge node at given id must only have auto allocated service contexts. If any manually allocated service context is present on the edge cluster member, then the task will not be performed. Also, it is recommended to move the edge node for which relocate and remove action is being performed into maintenance mode,before executing the API. If edge is not moved into maintenance mode, then API will move edge node into maintenance mode before performing the actual relocate and remove task.To maintain high availability, Edge cluster should have at least two healthy edge nodes for relocation and removal. Once relocate action is performed successfully, the policy edge node will be removed from the edge cluster. |
POST /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/action/relocate-and-remove-edge-transport-node
|
Replace the policy edge node at the specified member-index in the edge-clusterReplace the Policy Edge Node present at the specified member-index in the edge-cluster. This is a disruptive action. This will move all the Interfaces(uplink and routerLink) hosted on the old Policy Edge Node to the new Policy Edge Node. The same Policy Edge Node cannot be present as a member of any edge cluster. |
POST /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/action/replace-edge-transport-node
|
Get a Policy Edge Cluster allocation status under an Enforcement PointReturns the allocation details of cluster and its members. Lists the edge node members, active and standby services of each node, utilization details of configured sub-pools. These allocation details can be monitored by customers to trigger migration of certain service contexts to different edge nodes, to balance the utilization of edge node resources. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/allocation/status
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/allocation/status |
List Edge Nodes under an Enforcement Point, Edge ClusterPaginated list of all Edge Nodes under an Enforcement Point, Edge Cluster |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes |
Read an Edge Node under an Enforcement Point, Edge ClusterRead an Edge Node under an Enforcement Point, Edge Cluster |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{edge-node-id}
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{edge-node-id} |
Get a Policy Edge Cluster State info under an Enforcement PointReturns information about the current state of the edge cluster. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/state
|
Get a Policy Edge Cluster real time status under an Enforcement PointReturns the aggregated status for the Edge cluster along with status of all edge nodes in the cluster. Query parameter "source=realtime" is the only supported source. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/status
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/status |
List Edge Transport Node under an Enforcement PointList Edge Transport Nodes under an Enforcement Point |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes
|
Delete Edge Transport NodeDelete Edge Transport Node. |
DELETE /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/{edge-transport-node-id}
|
Read an Edge Transport Node under an Enforcement PointRead an Edge Transport Node under an Enforcement Point |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/{edge-transport-node-id}
|
Patch a new LCM Edge Transport Node under Enforcement PointIf the passed Edge Transport Node does not already exist, create a new Edge Transport Node. If it already exists, patch it. |
PATCH /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/{edge-transport-node-id}
|
Create or update a LCM Edge Transport Node under Enforcement PointIf the passed Edge Transport Node does not already exist, create a new Edge Transport Node. If it already exists, update it. |
PUT /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/{edge-transport-node-id}
|
Policy Edge Transport Node Enter Maintenance Mode Action APIPut edge transport node into maintenance mode if there is no VIFs attached. When EdgeTransportNode is in maintenance mode, no configuration changes are allowed. |
POST /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/{edge-transport-node-id}/action/enter-maintenance-mode
|
Policy Edge Transport Node Exit Maintenance Mode Action APIThis APi will exit from maintenance mode |
POST /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/{edge-transport-node-id}/action/exit-maintenance-mode
|
Redeploy Edge Transport NodeRedeploys an edge transport node at NSX Manager that replaces the edge transport node with identifier <node-id>. If NSX Manager can access the specified edge node, then the node is put into maintenance mode and then the associated VM is deleted. This is a means to reset all configuration on the edge node. The communication channel between NSX Manager and edge is established after this operation. |
POST /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/{edge-transport-node-id}/action/redeploy
|
List the specified edge transport node's network interfaces.Returns the number of interfaces on the edge transport node and detailed information about each interface. Interface information includes MTU, broadcast and host IP addresses, link and admin status, MAC address, network mask, and the IP configuration method (static or DHCP). |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/{edge-transport-node-id}/network/interfaces
|
Read counters for edge transport node interfaces.This API returns the counters of the specified interface. The counters reset on reboot or redeploy of the appliance or restart of the data plane. NSX Manager polls the edge-transport-node every minute (by default) to update the data returned on this API. If you need near realtime values, use the query parameter \"?source=realtime\" to the API and it will make NSX Manager collect the statistics from the edge transport node and returns the updated counters. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/{edge-transport-node-id}/network/interfaces/{interface-id}/statistics
|
Get a Policy EdgeTransport Node's State info under an Enforcement PointReturns information about the current state of the edge transport node configuration and information about the associated edge tn switches. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/{edge-transport-node-id}/state
|
Get a Policy EdgeTransport Node's status info under an Enforcement PointReturns information about the current status of the edge transport node. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/{edge-transport-node-id}/status
|
Get a Policy EdgeTransport Node's State info under an Enforcement PointReturns information about the current state of the edge transport node configuration and information about the associated edge tn switches. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/state
|
Get high-level summary of all edge transport nodes. The service layer does not support source = realtime or cached. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-transport-nodes/status
|
List Policy Failure DomainsCreates a new Policy failure domain. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/failure-domains
|
Delete a Failure DomainDeletes an existing failure domain. You can not delete system generated default failure domain. |
DELETE /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/failure-domains/{failure-domain-id}
|
Get a Failure DomainCreates a new Policy failure domain. |
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/failure-domains/{failure-domain-id}
|
Patch a Policy FailureDomainPatch a Policy FailureDomain. |
PATCH /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/failure-domains/{failure-domain-id}
|
Update a Failure DomainCreate or Update a failure domain. Modifiable parameters are display_name, preferred_active_edge_services flag. |
PUT /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/failure-domains/{failure-domain-id}
|
Additional
Links