NSX-T Data Center REST API

Associated URIs:

API Description	API Path
Return the list of OpenID Connect end-points.	GET /api/v1/trust-management/oidc-uris
Add an OpenID Connect end-point. This request also fetches the issuer and jwks_uri meta-data from the OIDC end-point and stores it.	POST /api/v1/trust-management/oidc-uris
Update a OpenID Connect end-point's thumbprint Update a OpenID Connect end-point's thumbprint used to connect to the oidc_uri through SSL	POST /api/v1/trust-management/oidc-uris?action=update_thumbprint
Get an OpenID Connect end-point. When ?refresh=true is added to the request, the meta-data is newly fetched from the OIDC end-point.	GET /api/v1/trust-management/oidc-uris/{id}
Refresh an OpenID Connect end-point Refresh an OpenID Connect end-point by re-reading data from the OIDC URI.	POST /api/v1/trust-management/oidc-uris/{id}?action=refresh
Update an OpenID Connect end-point. Update the properties of an OpenID Connect end-point. The oidc_uri property may not be changed. If you need to update the oidc_uri, you should delete the OIDC end-point and create a new one with the correct oidc_uri. This request also re-fetches the issuer, jwks_uri, and other meta-data from the OIDC end-point and stores it.	PUT /api/v1/trust-management/oidc-uris/{id}
Check the health of an OpenID Connect end-point Connect to the OpenID Connect end-point and verify that it appears to be functioning properly.	GET /api/v1/trust-management/oidc-uris/{id}/health
Configure NSX for OIDC authentication with VIDB Configures NSX to use VMware Identity Broker (VIDB) for OIDC authentication. Using the provided client ID and secret, NSX will configure VIDB and then configure itself to use VIDB for authentication and single sign-on support.	POST /api/v1/trust-management/oidc-uris/action/configure-vidb-oidc-endpoint
Configure NSX for OIDC authentication with VC/WS1B Configures NSX to use VC/WS1B for OIDC authentication. Using the provided JWT token, NSX will create an OAuth app on VC/WS1B, creating a client ID and client secret. NSX will subsequently use that client ID/secret to authenticate user, and will support single sign-on across VMware products.	POST /api/v1/trust-management/oidc-uris/action/configure-ws1b-oidc-endpoint
Unconfigure NSX for OIDC authentication with VC/WS1B Removes the OAuth app on VC/W1B and deletes the associated OIDC endpoint from NSX.	POST /api/v1/trust-management/oidc-uris/action/remove-ws1b-oidc-endpoint
Test connection to VIDB Tests the connection to the VIDB instance carried in the API payload.	POST /api/v1/trust-management/oidc-uris/action/test-vidb-oidc-endpoint-connection
Return the list of principal identities Returns the list of principals registered with a certificate.	GET /api/v1/trust-management/principal-identities
Register a name-certificate combination. Associates a principal's name with a certificate that is used to authenticate. The combination name and node_id needs to be unique across token-based and certificate-based principal identities.	POST /api/v1/trust-management/principal-identities (Deprecated)
Update a principal identity's certificate Update a principal identity's certificate	POST /api/v1/trust-management/principal-identities?action=update_certificate
Delete a principal identity Delete a principal identity. It does not delete the certificate.	DELETE /api/v1/trust-management/principal-identities/{principal-identity-id}
Get a principal identity Get a stored principal identity	GET /api/v1/trust-management/principal-identities/{principal-identity-id}
Register a name-certificate combination. Create a principal identity with a new, unused, certificate. The combination name and node_id needs to be unique across token-based and certificate-based principal identities.	POST /api/v1/trust-management/principal-identities/with-certificate
Return the list of token-based principal identities. \| These don't have certificate or role information.	GET /api/v1/trust-management/token-principal-identities
Register a token-based principal identity. Register a principal identity that is going to be authenticated through a token. The combination name and node_id needs to be unique across token-based and certificate-based principal identities.	POST /api/v1/trust-management/token-principal-identities
Delete a token-based principal identity Delete a token-based principal identity.	DELETE /api/v1/trust-management/token-principal-identities/{principal-identity-id}
Get a token-based principal identity Get a stored token-based principal identity	GET /api/v1/trust-management/token-principal-identities/{principal-identity-id}

NSX-T Data Center REST API

Associated URIs:

Return the list of OpenID Connect end-points.

Add an OpenID Connect end-point.

Update a OpenID Connect end-point's thumbprint

Get an OpenID Connect end-point.

Refresh an OpenID Connect end-point

Update an OpenID Connect end-point.

Check the health of an OpenID Connect end-point

Configure NSX for OIDC authentication with VIDB

Configure NSX for OIDC authentication with VC/WS1B

Unconfigure NSX for OIDC authentication with VC/WS1B

Test connection to VIDB

Return the list of principal identities

Register a name-certificate combination.

Update a principal identity's certificate

Delete a principal identity

Get a principal identity

Register a name-certificate combination.

Return the list of token-based principal identities. | These don't have certificate or role information.

Register a token-based principal identity.

Delete a token-based principal identity

Get a token-based principal identity