NSX API Guide

NSX 9.1.0

Overview
API Methods
API Types
API Type Schemas
API Errors
Deprecated Types and Methods

Overview

Introduction

NSX provides a programmatic API to automate management activities. The API follows a resource-oriented Representational State Transfer (REST) architecture, using JSON object encoding. Clients interact with the API using RESTful web service calls over the HTTPS protocol.

Each API method is identified by a request method and URI. Method parameters are specified as key-value pairs appended to the URI. Unless otherwise noted, request and response bodies are encoded using JSON, and must conform to the JSON schema associated with each method. The content type of each request and reply is "application/json" unless otherwise specified. Each request that can be made is documented in the API Methods section. The associated request and response body schemas are documented in the API Schemas section.

If you provide URL-encoded UTF-8 characters in the URL of your API request, you must include the header "Content-Type:charset=UTF-8" in your request.

API Data Types and Allowed Ranges

The NSX API uses JSON to represent API request and response payloads, and uses JSONSchema to describe the schema of these payloads. The data types are:

string: a sequence of UTF-8 characters. If a particular string property has a maximum length, it is represented in the documentation with a maxLength property.

integer: a signed 64-bit value. Unless a minimum or maximum value is shown in the documentation, integer values may take on values in the range -9,223,372,036,854,775,808 to 9,223,372,036,854,775,807.

unsigned_integer: an unsigned 64-bit value. Unless a minimum or maximum value is shown in the documentation, integer values may take on values in the range 0 to 9,223,372,036,854,775,807.

int: a signed 32-bit value. Unless a minimum or maximum value is shown in the documentation, int values may take on values in the range -2,147,483,648 to 2,147,483,647.

number: a 64-bit floating point number. Unless a minimum or maximum value is shown in the documentation, number values may take on values in the range 4.9406564584124654 x 10^-324 to 1.7976931348623157 x 10³⁰⁸.

boolean: the values true or false. Do not use quotes when sending boolean values in payloads.

object: a nested JSON object.

array: an array of one of the above types.

Formats

Some API types have a required format, and payloads that do not conform to the required format will be rejected. If a property has a required format, it is listed in the "Notes" section in this API Guide. The following formats are used in NSX:

ipv4: Must be a valid Internet Protocol version 4 address, in dotted-quad notation. For example, "192.168.1.232".

ipv6: Must be a valid Internet Protocol version 6 address, as described in RFC 1924. For example, "2001:0db8:85a3:0000:0000:8a2e:0370:7334". Abbreviations are supported.

ip: Either an ipv4 or ipv6 address.

hostname: An internet hostname, as described in RFC 1123. For example, "example.com"

ipv4-cidr-block: An ipv4 Classless Inter-Domain Routing (CIDR) block, expressed as a base ipv4 address, a slash, and the number of bits in the subnet mask. For example, "10.1.0.1/24".

ipv6-cidr-block: An ipv6 Classless Inter-Domain Routing (CIDR) block, expressed as a base ipv6 address, a slash, and the number of bits in the subnet mask. For example, "2001:db8::/32".

ip-cidr-block: Either an ipv4-cidr-block or an ip-v6-cidr-block.

ipv4-address-range: A range of ipv4 addresses, expressed as a lower-bound ipv4 address, a dash, and an upper-bound ipv4 address. For example, "192.168.1.0-192.168.1.255"

ipv6-address-range: A range of ipv6 addresses, expressed as a lower-bound ipv6 address, a dash, and an upper-bound ipv6 address. For example, "fe80::0202:b3ff:fe1e:8329-fe80::0202:b3ff:fe1e:832a"

address-or-block-or-range: Either an ip address, an ip-cidr-block, an ipv4-address-range, or an ipv6-address-range.

port-or-range: A port number (an integer in the range 0 to 65535) or a range of port numbers, expressed as a lower and upper port number, separated by a dash. Examples: "80" or "997-1023".

hostname-or-ip: Either a hostname or an ip address.

hostname-or-ipv4: Either a hostname or an ipv4 address.

list-of-address-or-block-or-range: A comma-separated list address-or-block-or-range.

mac-address: A Media Access Control (MAC) address. MAC addresses are six hexadecimal numbers, separated by either colons ":" or dashes "-". Case is not significant. Examples: "20:f3:75:5e:47:f0" or "20-F3-75-5E-47-F0".

Request Failures

It is possible for any request to fail. Errors are reported using standard HTTP response codes. It should be assumed the following errors could be returned by any API method: 301 Moved Permanently, 307 Temporary Redirect, 400 Bad Request, 401 Unauthorized, 403 Forbidden, 412 Precondition Failed, 429 Too Many Requests, 500 Internal Server Error, 503 Service Unavailable. Where other errors may be returned, the type of error is indicated in the API method description. All errors are documented in the API Errors section. API requests may fail due to concurrent updates, where an API request collides with another API request, and NSX cannot reconcile the two operations. In that case, the client must re-fetch the resource, apply the changes, and re-submit the operation.

Request Authentication

Most API calls require authentication. This API supports several different authentication schemes, which are documented in this section. Multiple authentication schemes may not be used concurrently.

HTTP Basic Authentication

To authenticate a request using HTTP Basic authentication, the caller's credentials are passed using the 'Authorization' header. The header content should consist of a base64-encoded string containing the username and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.

For example, to authenticate a request using the credentials of user admin with password admin, include the following header with the request:

Authorization: Basic YWRtaW46YWRtaW4=

The following cURL command will authenticate to the manager using basic authentication and will issue a GET request for logical ports:

curl -k -u USERNAME:PASSWORD https://MANAGER/api/v1/logical-ports

where:
USERNAME is the user to authenticate as,
PASSWORD is the password to provide, and
MANAGER is the IP address or host name of the NSX manager

For example:

curl -k -u admin:secretPw99 https://MANAGER/api/v1/logical-ports

Note: the -k argument instructs cURL to skip verifying the manager's self-signed X.509 certificate. It is more secure to verify that the server's certificate is signed by a Certificate Authority (CA) that you trust. To do that, omit the -k argument and use the --cacert <ca-file> option, where <ca-file> is a PEM-formatted file containing the CA certificate to trust.

For example:

curl --cacert /home/me/certs/rootca.crt  -u admin:secretPw99 https://MANAGER/api/v1/logical-ports

Additional cURL examples below use the -k flag, but you can always substitute the --rootca <ca-file> argument for additional security.

In the above examples, USERNAME may be:

A local user name. For example, "admin".
A remote user name, of the form "user@domain", for example, "[email protected]". The domain must match a domain for a configured VIDM identity source or a configured LDAP identity source.

Note: in earlier versions of NSX, in order to authenticate to VIDM, it was required that you provide an authentication header of the form "Authorization: Remote base64-encoded-username-and-password". This is no longer required, but still functions for backward compatibility.

Session-Based Authentication

Session-based authentication is used by calling the /api/session/create authentication API to manage a session cookie. The session cookie returned in the result of a successful login must be provided in subsequent requests in order to associate those requests with the session.

Session state is local to the server responding to the API request. Idle sessions will automatically time-out, or can be terminated immediately using the POST /api/session/destroy API.

To obtain a session cookie, POST form data to the server using the application/x-ww-form-urlencoded media type, with fields "j_username" and "j_password" containing the username and password separated by an ampersand. Since an ampersand is a UNIX shell metacharacter, you may need to surround the argument with single quotes.

If the user is a remote user, append "@domain" to the username, for example, "[email protected]". The domain must match a domain for a configured VIDM identity source or a configured LDAP identity source.

The following cURL command will authenticate to the server, will deposit the session cookie in the file "cookies.txt", and will write all HTTP response headers to the file headers.txt. One of these headers is the X-XSRF-TOKEN header that you will need to provide in subsequent requests.

curl -k -c cookies.txt -D headers.txt -X POST     -d 'j_username=USERNAME&j_password=PASSWORD'     https://MANAGER/api/session/create

For example:

curl -k -c cookies.txt -D headers.txt -X POST     -d 'j_username=admin&j_password=secretPw99'     https://MANAGER/api/session/create

The manager will respond with the roles and permissions granted to the user, and cURL will deposit the session cookie into the file "cookies.txt".

In subsequent cURL requests, use the -b argument to specify the cookie file. You also need to pass the X-XSRF-TOKEN header that was saved to the headers.txt file, using cURL's -H option:

curl -k -b cookies.txt -H "`grep -i X-XSRF-TOKEN headers.txt | tr -d '\r\n'`"     https://MANAGER/api/v1/logical-ports

When the session expires, the manager will respond with a 403 Forbidden HTTP response, at which point you must obtain a new session cookie and X-XSRF-TOKEN.

Session cookies can be destroyed by using the /api/session/destroy API:

curl -k -b cookies.txt -H "`grep -i X-XSRF-TOKEN headers.txt | tr -d '\r\n'`"     -X POST https://MANAGER/api/session/destroy

Authentication using an X.509 certificate and a Principal Identity

NSX supports using an X.509 client certificate for authentication. The certificate is associated with a principal identity (a short name, similar to a username), and that principal identity can be bound to an NSX role. This is useful for automated processes or scripts that perform NSX API calls, and has the advantage that a user password does not need to be stored with the script.

For information on how to import a certificate and set up a principal identity, see the section "Add a Role Assignment or Principal Identity" in the NSX Administration Guide.

To use the client certificate to authenticate, your client must have access to the certificate and its associated private key. How to specify client authentication depends on the client you are using. For example, with curl, you use the --key argument to give the filename containing the private key and the --cert argument to give the filename containg the public certificate.

Authentication in VMware Cloud on AWS (VMC)

To make API calls to an NSX Manager in the VMware Cloud on AWS service (VMC), you need to gather a few pieces of information:

Your VMC Organization ID
Your Software Defined Data Center (SDDC) ID
Your API token

All of this information is available in the VMC web console, https://console.cloud.vmware.com

In VMC, you always exchange your API token for a limited-duration authentication token, which you then pass in a header with your API calls. This authentication token is valid for 30 minutes. After that time, you must obtain a new authentication token using your API token. If you use an expired authentication token, the API call will be rejected.

To obtain an authentication token, you issue a POST request to the URL https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize, passing your API token in a form. To do this with cURL:

curl https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize -d refresh_token=<token>

For example, if your refresh token is aB1jtC5yk2rDL6A1KPxzM0W4D7OeHFUNuXFHZidufYS3fIwn60ZRag0Y9dvX15Qv, the command will be:

curl https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize -d refresh_token=aB1jtC5yk2rDL6A1KPxzM0W4D7OeHFUNuXFHZidufYS3fIwn60ZRag0Y9dvX15Qv

You will receive a JSON response with several properties. The "access_token" property contains the token you will need to provide with your API requests. An easy way to parse this token out of the response is to use the "jq" utility. For example:

curl https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize -d refresh_token=aB1jtC5yk2rDL6A1KPxzM0W4D7OeHFUNuXFHZidufYS3fIwn60ZRag0Y9dvX15Qv | jq --raw-output '.access_token'

produces just the access token. You can set an environment variable with the correct authentication header with:

export AUTH_HDR="csp-auth-token: `curl https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize -d refresh_token=aB1jtC5yk2rDL6A1KPxzM0W4D7OeHFUNuXFHZidufYS3fIwn60ZRag0Y9dvX15Qv | jq --raw-output '.access_token'`"

The AUTH_HDR environment variable now contains the authentication header. The token itself will be a long string of characters and digits.

Once you have your authentication token, you need to determine the URL for accessing the NSX manager in your SDDC. To do that, you issue a GET request to the endpoint https://vmc.vmware.com/vmc/api/orgs/<org-id>/sddcs/<sddc-id>, where <org-id> is your organization's ID and <sddc-id> is your SDDC's ID. The URL of the NSX manager will be in the resource_config.nsx_api_public_endpoint_url property. For example, if your organizations's ID is a003c3a5-3f68-4a8c-a74f-f79a0625da17 and your SDDC is 449369c7-7936-4f7f-b46e-624cdb2a0a99:

curl -H "$AUTH_HDR" https://vmc.vmware.com/vmc/api/orgs/a003c3a5-3f68-4a8c-a74f-f79a0625da17/sddcs/449369c7-7936-4f7f-b46e-624cdb2a0a99 | jq --raw-output ".resource_config.nsx_api_public_endpoint_url"

The output will look like:

https://nsx-52-41-15-143.rp.vmwarevmc.com/vmc/reverse-proxy/api/orgs/a003c3a5-3f68-4a8c-a74f-f79a0625da17/sddcs/449369c7-7936-4f7f-b46e-624cdb2a0a99/sks-nsxt-manager

This is the URL you should use to access your NSX manager from the internet. Append the particular API's URL to this base URL. For example, to list all domains, the API is "/policy/api/v1/infra/domains", so the full request will look like the following:

curl -q -H "$AUTH_HDR" https://nsx-52-41-15-143.rp.vmwarevmc.com/vmc/reverse-proxy/api/orgs/a003c3a5-3f68-4a8c-a74f-f79a0625da17/sddcs/449369c7-7936-4f7f-b46e-624cdb2a0a99/sks-nsxt-manager/policy/api/v1/infra/domains

API Pagination

When responding to operations that return a ListResult type, NSX may limit the number of results returned. By default, the limit is 1000 results, but some APIs with large result payloads may return fewer results, even if a large number of results is requested by the client. Clients must be prepared to handle paginated results.

NSX indicates that it has returned fewer than the total number of results by including a "cursor" property in the response to the list operation. For example:

curl -k -u admin:SecretPw99 -H accept: application/json https://NSX_MANAGER/global-manager/api/v1/infra/services {

  "results" : [
    .... 1000 results omitted for clarity
  ],
  "result_count" : 1322,
  "sort_by" : "display_name",
  "sort_ascending" : true,
  "cursor" : "28de76e5-c7c2-4fa0-9a3e-0be891818d35"
}

The response indicates that there are a total of 1,322 results, but not all results are present in this response.

To get the next page of results, repeat the same list operation, but pass the returned cursor value. For example:

curl -k -u admin:SecretPw99 -H accept: application/json     https://NSX_MANAGER/global-manager/api/v1/infra/services?cursor=28de76e5-c7c2-4fa0-9a3e-0be891818d35

The response will return the next page of results. If there are more pages of results, the response will include a new cursor which can be used to get the next page of results. If this is the last page, then no cursor will be returned, as show below.

{
  "results" : [
    .... 322 results omitted for clarity
  ],
  "sort_by" : "display_name",
  "sort_ascending" : true,
}

The format of the "cursor" property is not meaningful to the client, and the client should not attempt to interpret the cursor's value. The format of the cursor may be different, depending on which API is called.

Example Requests and Responses

Example requests and responses are provided for most of the API calls below. Your actual response might differ from the example in the number of fields returned because optional empty fields are not returned when you make an API call.

Restrictions on Certain Fields in a Request

When configuring layer 2 switching, the following fields can contain any character except semicolon (;), vertical bar (|), equal sign (=), comma (,), tilde (~), and the "at" sign (@). They also have a length limitation as specified below:

Logical switch display name. Maximum length: 80 bytes.
Host switch name in TransportZone. Maximum length: 80 bytes.
Uplink name in UplinkHostSwitchProfile. Maximum length: 47 bytes.

Collection List Pagination

A call to the NSX API may return many thousands of results when the system is operating at scale. In such scenarios, the system performs pagination of response objects. All queries to the API must be capable of handling ListResults objects that contain partial results. Pagination in API works as follows:

The API will respond with a ListResult object that has at most page_size results. Note, that the client must always be ready to handle a paginated result, even if the client did not specify page_size.

The default page size is 1000. In case the result size exceeds the page size, the first page will be returned. You need to retrieve the remaining with cursor.

When doing an API call against the NSX-T API, there are a variety of objects which have limits on the number of returned items allowed. The limits themselves are different depending on the objects.

The way you can tell if pagination is being activated is by looking for an attribute called 'cursor'. For example, here is the end of a call for all firewall rule sections:

curl -k -s -X GET -u 'admin:*****' https://manager_ip/api/v1/firewall/sections

End of the results:

"section_type": "LAYER3",
"stateful": true,
"rule_count": 2,
"is_default": false,
"_create_user": "admin",
"_create_time": 1574438858340,
"_last_modified_user": ""****************",
"_last_modified_time": 1671726034024,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 96
}
],
"result_count": 1448,
"sort_by": "position",
"cursor": "0036588a382d-c679-480a-ab95-67aa0022ae04RmlyZXdhbGxTZWN0aW9u"
}

So, looking at our result attributes we can see the overall result count is 1448 and we can tell pagination was activated, because we have a 'cursor' attribute. If you have a 'cursor' attribute returned in your overall results, pagination is activating and truncating those results. You need to retrieve the remaining with cursor.

You pass the cursor attribute in standard URL options with the value specified to the exact same call until you no longer have a cursor attribute returned, for example:

curl -k -s -X GET -u 'admin:*****' https://manager_ip/api/v1/firewall/sections?cursor=0036588a382d-c679-480a-ab95-67aa0022ae04RmlyZXdhbGxTZWN0aW9u

which will return the 2nd page of results.

Optimistic Concurrency Control and the _revision property

Overview

In order to prevent one client from overwriting another client's updates, NSX employs a technique called optimistic concurrency control.

All REST payloads contain a property named "_revision". This is an integer that is incremented each time an existing resource is updated. Clients must provide this property in PUT requests and it must match the current _revision or the update will be rejected. This guards against the following situation:

Client 1 reads resource A.

Client 2 reads resource A.

Client 1 replaces the display_name property of resource A and does a PUT to replace the resource.

Client 2 replaces is different property of resource A and attempts to perform a PUT operation.

Without optimistic concurrency control, Client 2's update would overwrite Client 1's update to the display_name property. Instead, Client 2 receives a 409 Conflict error. To recover, Client 2 must fetch the resource again, apply the change, and perform a PUT.

Exceptions for /policy APIs

APIs whose URI begins with /policy have slightly different behavior. For those APIs, the _revision property must not be set when PUT is used to create a new resource. Once the resource is created, however, the _revision property must be provided with PUT operations.

PATCH and _revision for /policy APIs

APIs whose URI begins with /policy support the PATCH operation. Those APIs do not require that the _revision property be provided. A client can, however, request that the _revision property be checked when it is performing a PATCH in the /infra path. To do this, the client should pass the query parameter enforce_revision_check, e.g. PATCH /infra?enforce_revision_check=true.

Partial PATCH

Partial patching of objects is a feature supported by NSX that allows patching a subset of properties of any object. This behavior needs to be explicitly activated. When partial patching is disabled (default behavior), the entire payload of object is expected to be provided in both PUT and PATCH operations for the /policy APIs.

In order to perform partial patching of existing objects using PATCH operation, partial patching should be activated using either one of the following approach:

System-wide partial patch configuration
Partial patch can be activated/deactivated in the system by using the Partial Patch Config api (i.e. PATCH /policy/api/v1/system-config/nsx-partial-patch-config) with sample request payload.

{ "enable_partial_patch": "true" }
Default is 'false'.
Note: If the API request header has 'nsx-enable-partial-patch' parameter, then the header takes precedence over this system-wide configuration.
Header parameter (request level configuration)
Partial patch can also be activated/deactivated using API request header parameter. This will override the system-wide configuration for a particular request.
To activate partial patch, use 'nsx-enable-partial-patch=true'
To deactivate partial patch, use 'nsx-enable-partial-patch=false'
If this parameter is not passed in header, the system level configuration will be considered for Partial Patch operation. This header parameter will be considered only for PATCH requests. For other requests (e.g. PUT, POST etc.), this header parameter will be ignored.

Some important considerations/notes on Partial Patch:

Array properties will be replaced entirely in partial patch.
If PATCH api is executed on a non-existing object, a new object will be created after performing all applicable validations.
There are cases where properties of an object are inter-dependent on each other e.g. username and password, IP address and thumbprint etc. In such cases, the partial patch request expects all such inter-dependent fields to be provided (either all or none).
Partial patch is not supported for 'Infra' object.
Certain types like Labels, Security Policies (for the 'rules' attribute) and Services have special handling for certain attributes in PATCH request. This behavior will not be overridden by Partial Patch.
For instance, specifying rules on Security policies as a part of the PATCH invocation merges the specified rules with the existing rules. For full replacement of rules, PUT operation needs to be performed on the Security Policy.
Partial patch will not work for properties accepting polymorphic types if the specified value has a type that is different from that of the existing value.

PUT Operations

NSX conforms to REST and HTTP standards regarding the operation of PUT operations. A PUT is always a full replace of a resource, and if any properties are omitted from the payload, those properties will be reset to default values. It is suggested that API clients retrieve the existing resource, apply any desired changes to the copy of the resource, and PUT the entire modified resource.

API Rate Limiting

The NSX API service has three settings that control the rate of incoming API requests:

1) A per-client rate limit, in requests per second. If a client makes more requests than this limit in one second, the API server will refuse to service the API request and will return an HTTP 429 Too Many Requests Error. By default, this limit is 100 requests per second.

2) A per-client concurrency limit. This is the maximum number of outstanding requests that a client can have. For example, a client can open multiple connections to NSX and submit operations on each connection. When this limit is exceeded, the server returns a 503 Server Unavailable error to the client. By default, this limit is 40 concurrent requests.

3) An overall maximum number of concurrent requests. This is the maximum number of API requests that can be in process on the server. If the server is at this limit, additional requests will be refused and the HTTP error 503 Service Unavailable will be returned to the client. By default, this limit is 199 concurrent requests.

The first two limits exist to provide some level of fairness across multiple clients of NSX, and are intended to prevent one greedy client from preventing other clients from making API requests.

The last limit is the server's way of protecting itself against an unintentional (or intentional) denial of service attack.

While it is possible to configure these rate limits using the /api/v1/node/services/http API, it is not recommended. Instead, you should design your API client to gracefully deal with situations where limits are exceeded.

Designing API client code to work gracefully with rate limits

One approach is to build in throttling into the client code so that it never sends more than 100 requests in a given second and that it never has more than 40 concurrent requests in flight.

However, there isn't any way to ensure that the overall concurrency limits are never hit. That is because there may be other clients calling APIs, driving up the load on the server. API clients need to check for the HTTP error 503 Service Unavailable. In the event a 503 error is received, the simplest strategy is to insert a delay, possibly with an exponential backoff in the event that server load is high.

There are open-source libraries than can help you implement this retry/backoff behavior, such as Google's Retry helper in its Python google-api-core library. For an example of using this library with the NSX APIs, see https://github.com/vmware-samples/nsx-t/blob/master/python/basics/rate-limits.py

OpenAPI Specification of NSX APIs

You can download OpenAPI specifications for the various NSX APIs at the following URLs:

NSX Manager API:
APIs for NSX administration; node and cluster management APIs and fabric management APIs for on-premise customers.

GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_api.yaml
GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_api.json

NSX Policy Manager API:
APIs for managing logical networking in NSX for on-premise customers.

GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_policy_api.yaml
GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_policy_api.json

NSX VMC Policy API:
APIs for managing logical networking in NSX for VMware Cloud customers.

GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_vmc_policy_api.yaml
GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_vmc_policy_api.json

NSX VMC AWS Integration API:
APIs for managing AWS underlay networking for VMware Cloud customers.

GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_vmc_aws_integration_api.yaml
GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_vmc_aws_integration_api.json

API Methods

Toggle all tables +

Certificates

Certificates: Ca Bundles

Associated URIs:

GET /policy/api/v1/infra/cabundles
DELETE /policy/api/v1/infra/cabundles/{cabundle-id}
GET /policy/api/v1/infra/cabundles/{cabundle-id}
PATCH /policy/api/v1/infra/cabundles/{cabundle-id}
POST /policy/api/v1/infra/cabundles/{cabundle-id}
PUT /policy/api/v1/infra/cabundles/{cabundle-id}
GET /policy/api/v1/infra/cabundles/{cabundle-id}/pem-file
GET /policy/api/v1/infra/certificates
GET /policy/api/v1/global-infra/certificates
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates
DELETE /policy/api/v1/infra/certificates/{certificate-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates/{certificate-id}
GET /policy/api/v1/infra/certificates/{certificate-id}
GET /policy/api/v1/global-infra/certificates/{certificate-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates/{certificate-id}
PATCH /policy/api/v1/infra/certificates/{certificate-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates/{certificate-id}
PUT /policy/api/v1/infra/certificates/{certificate-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates/{certificate-id}

Returns information about all the CA bundles

Returns information about all the bundles of trusted CA certificates.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/cabundles

Request Headers:

n/a

Query Parameters:

ListCertParameter+

ListCertParameter (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
details	whether to expand the pem data and show all its details	boolean	Default: "False"
fmt		CertificateFormatParameter
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
node_id	Node ID of certificate to return Provide this parameter to limit the list of returned certificates to those matching a particular node ID.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
type	Type of certificate to return Provide this parameter to limit the list of returned certificates to those matching a particular usage. Passing cluster_certificate will return the certificate used for the cluster wide API service.	string	Enum: cluster_api_certificate, api_certificate

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/cabundles Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

CaBundleListResult+

Example Response: { "result_count": 2, "results": [ { "_create_time": 0, "_create_user": "unknown", "_last_modified_time": 0, "_last_modified_user": "unknown", "_protection": "NOT_PROTECTED", "_revision": 0, "_system_owned": false, "display_name": "example-cabundle-id", "earliest_not_after": 1688688782000, "id": "example-cabundle-id", "marked_for_delete": false, "not_after_list": [1688688782000, ...], "overridden": false, "parent_path": "/infra", "path": "/infra/cabundles/example-cabundle-id", "relative_path": "example-cabundle-id", "resource_type": "CaBundle", "unique_id": "b829537a-fcdb-4349-b5e1-53fb40f69a8c" }, { "_create_time": 1611941474997, "_create_user": "unknown", "_last_modified_time": 1611941474997, "_last_modified_user": "unknown", "_protection": "NOT_PROTECTED", "_revision": 0, "_system_owned": true, "display_name": "default_trusted_public_ca_bundle", "earliest_not_after": 1616006013000, "id": "default_trusted_public_ca_bundle", "marked_for_delete": false, "not_after_list": [2289338164000, ...], "overridden": false, "parent_path": "/infra", "path": "/infra/cabundles/default_trusted_public_ca_bundle", "relative_path": "default_trusted_public_ca_bundle", "resource_type": "CaBundle", "unique_id": "293185d4-07e5-4a5e-b7b8-bd3a86fa270e"}], } ] } Required Permissions: read Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Adds or replaces a CA bundle

Adds or replaces a new bundle of trusted CA certificates.
The bundle must be a concatenation of one or more
PEM-encoded certificates.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/cabundles/{cabundle-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

CaBundle+

CaBundle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificates	X509Certificates in the bundle	array of X509Certificate	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
earliest_not_after	The earliest time in epoch milliseconds at which a certificate becomes invalid.	EpochMsTimestamp	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
not_after_list	Times for each certificate in the bundle at which the certificate becomes invalid.	array of EpochMsTimestamp	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM-encoded CA bundle certificates.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CaBundle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/cabundles/example-cabundle-id { "pem_encoded": "-----BEGIN CERTIFICATE-----\n[...]\n-----END CERTIFICATE-----", } Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

CaBundle+

CaBundle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificates	X509Certificates in the bundle	array of X509Certificate	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
earliest_not_after	The earliest time in epoch milliseconds at which a certificate becomes invalid.	EpochMsTimestamp	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
not_after_list	Times for each certificate in the bundle at which the certificate becomes invalid.	array of EpochMsTimestamp	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM-encoded CA bundle certificates.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CaBundle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

CaBundle+

CaBundle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificates	X509Certificates in the bundle	array of X509Certificate	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
earliest_not_after	The earliest time in epoch milliseconds at which a certificate becomes invalid.	EpochMsTimestamp	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
not_after_list	Times for each certificate in the bundle at which the certificate becomes invalid.	array of EpochMsTimestamp	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM-encoded CA bundle certificates.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CaBundle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "_create_time": 0, "_create_user": "unknown", "_last_modified_time": 0, "_last_modified_user": "unknown", "_protection": "NOT_PROTECTED", "_revision": 0, "_system_owned": false, "display_name": "example-cabundle-id", "earliest_not_after": 1688688782000, "id": "example-cabundle-id", "marked_for_delete": false, "not_after_list": [1688688782000, ...], "overridden": false, "parent_path": "/infra", "path": "/infra/cabundles/example-cabundle-id", "relative_path": "example-cabundle-id", "resource_type": "CaBundle", "unique_id": "b829537a-fcdb-4349-b5e1-53fb40f69a8c" } Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Adds or updates a CA bundle

Adds or updates a new bundle of trusted CA certificates.
The bundle must be a concatenation of one or more
PEM-encoded certificates. The PEM-encoded bundle is replaced
with the one provided in the request.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/cabundles/{cabundle-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

CaBundle+

CaBundle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificates	X509Certificates in the bundle	array of X509Certificate	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
earliest_not_after	The earliest time in epoch milliseconds at which a certificate becomes invalid.	EpochMsTimestamp	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
not_after_list	Times for each certificate in the bundle at which the certificate becomes invalid.	array of EpochMsTimestamp	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM-encoded CA bundle certificates.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CaBundle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/cabundles/example-cabundle-id { "pem_encoded": "-----BEGIN CERTIFICATE-----\n[...]\n-----END CERTIFICATE-----", } Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

CaBundle+

CaBundle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificates	X509Certificates in the bundle	array of X509Certificate	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
earliest_not_after	The earliest time in epoch milliseconds at which a certificate becomes invalid.	EpochMsTimestamp	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
not_after_list	Times for each certificate in the bundle at which the certificate becomes invalid.	array of EpochMsTimestamp	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM-encoded CA bundle certificates.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CaBundle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

CaBundle+

CaBundle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificates	X509Certificates in the bundle	array of X509Certificate	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
earliest_not_after	The earliest time in epoch milliseconds at which a certificate becomes invalid.	EpochMsTimestamp	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
not_after_list	Times for each certificate in the bundle at which the certificate becomes invalid.	array of EpochMsTimestamp	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM-encoded CA bundle certificates.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CaBundle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "_create_time": 0, "_create_user": "unknown", "_last_modified_time": 0, "_last_modified_user": "unknown", "_protection": "NOT_PROTECTED", "_revision": 1, "_system_owned": false, "display_name": "example-cabundle-id", "earliest_not_after": 1688688782000, "id": "example-cabundle-id", "marked_for_delete": false, "not_after_list": [1688688782000, ...], "overridden": false, "parent_path": "/infra", "path": "/infra/cabundles/example-cabundle-id", "relative_path": "example-cabundle-id", "resource_type": "CaBundle", "unique_id": "b829537a-fcdb-4349-b5e1-53fb40f69a8c" } Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Adds or replaces a CA bundle

Adds or replaces a new bundle of trusted CA certificates.
The multipart-uploaded file must be a concatenation of one or more
PEM-encoded certificates.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/cabundles/{cabundle-id}

Request Headers:

n/a

Query Parameters:

UploadFileRequestParameters+

Request Body:

n/a

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/cabundles/example-cabundle-id Content-Type: multipart/form-data; boundary=243332e4709e58a3bd679ef3c7b1259a --243332e4709e58a3bd679ef3c7b1259a Content-Disposition: form-data; name="file"; filename="example-cabundle.pem" -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- [...] --243332e4709e58a3bd679ef3c7b1259a-- Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

CaBundle+

CaBundle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificates	X509Certificates in the bundle	array of X509Certificate	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
earliest_not_after	The earliest time in epoch milliseconds at which a certificate becomes invalid.	EpochMsTimestamp	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
not_after_list	Times for each certificate in the bundle at which the certificate becomes invalid.	array of EpochMsTimestamp	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM-encoded CA bundle certificates.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CaBundle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

CaBundle+

CaBundle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificates	X509Certificates in the bundle	array of X509Certificate	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
earliest_not_after	The earliest time in epoch milliseconds at which a certificate becomes invalid.	EpochMsTimestamp	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
not_after_list	Times for each certificate in the bundle at which the certificate becomes invalid.	array of EpochMsTimestamp	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM-encoded CA bundle certificates.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CaBundle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "_create_time": 0, "_create_user": "unknown", "_last_modified_time": 0, "_last_modified_user": "unknown", "_protection": "NOT_PROTECTED", "_revision": 0, "_system_owned": false, "display_name": "example-cabundle-id", "earliest_not_after": 1688688782000, "id": "example-cabundle-id", "marked_for_delete": false, "not_after_list": [1688688782000, ...], "overridden": false, "parent_path": "/infra", "path": "/infra/cabundles/example-cabundle-id", "relative_path": "example-cabundle-id", "resource_type": "CaBundle", "unique_id": "b829537a-fcdb-4349-b5e1-53fb40f69a8c" } Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Deletes CA bundle

Deletes the specified bundle of trusted CA certificates.
Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/cabundles/{cabundle-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/cabundles/example-cabundle-id Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Returns information about a CA bundle

Returns information about the specified bundle of trusted CA
certificates.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/cabundles/{cabundle-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/cabundles/example-cabundle-id Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

CaBundle+

CaBundle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificates	X509Certificates in the bundle	array of X509Certificate	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
earliest_not_after	The earliest time in epoch milliseconds at which a certificate becomes invalid.	EpochMsTimestamp	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
not_after_list	Times for each certificate in the bundle at which the certificate becomes invalid.	array of EpochMsTimestamp	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM-encoded CA bundle certificates.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CaBundle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "_create_time": 0, "_create_user": "unknown", "_last_modified_time": 0, "_last_modified_user": "unknown", "_protection": "NOT_PROTECTED", "_revision": 0, "_system_owned": false, "certificates": [ { "is_ca": true, "is_valid": true, "issuer": "CN=test.local,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU", "issuer_cn": "test.local", "not_after": 1688688782000, "not_before": 1602202382000, "public_key_algo": "RSA", "public_key_length": 2048, "rsa_public_key_exponent": "10001", "rsa_public_key_modulus": "00 cf ...", "serial_number": "abffbac5ca0a1934357be127156f6615cc14400", "signature": "1e 81 ...", "signature_algorithm": "SHA256WITHRSA", "subject": "CN=test.local,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU", "subject_cn": "test.local", "version": "3", }, ... ], "display_name": "example-cabundle-id", "earliest_not_after": 1688688782000, "id": "example-cabundle-id", "marked_for_delete": false, "not_after_list": [1688688782000, ...], "overridden": false, "parent_path": "/infra", "path": "/infra/cabundles/example-cabundle-id", "relative_path": "example-cabundle-id", "resource_type": "CaBundle", "unique_id": "b829537a-fcdb-4349-b5e1-53fb40f69a8c" } Required Permissions: read Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Downloads a CA bundle

Downloads the specified PEM-encoded bundle of trusted CA certificates.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/cabundles/{cabundle-id}/pem-file

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/cabundles/example-cabundle-id Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: text/plain;charset=UTF-8

Response Body:

string

Example Response: -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- [...] Required Permissions: read Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Return All the User-Facing Components' Certificates

Returns all certificate information viewable by the user, including each
certificate's id; pem_encoded data; and history of the
certificate (who created or modified it and when). For additional
information, include the ?details=true modifier at the end of the request
URI.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/certificates

/policy/api/v1/global-infra/certificates

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates

Request Headers:

n/a

Query Parameters:

ListCertParameter+

ListCertParameter (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
details	whether to expand the pem data and show all its details	boolean	Default: "False"
fmt		CertificateFormatParameter
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
node_id	Node ID of certificate to return Provide this parameter to limit the list of returned certificates to those matching a particular node ID.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
type	Type of certificate to return Provide this parameter to limit the list of returned certificates to those matching a particular usage. Passing cluster_certificate will return the certificate used for the cluster wide API service.	string	Enum: cluster_api_certificate, api_certificate

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/certificates Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TlsCertificateList+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 2, "results": [ { "resource_type": "TlsCertificate", "id": "caCert", "display_name": "caCert", "path": "/infra/certificates/caCert", "parent_path": "/infra", "relative_path": "caCert", "details": [ ... ], "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "has_private_key": false, "tls_certificate_type": "CERTIFICATE_CA", "_create_user": "admin", "_create_time": 1516329725649, "_last_modified_user": "admin", "_last_modified_time": 1516329725649, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "resource_type": "TlsCertificate", "id": "selfSignedCert", "display_name": "selfSignedCert", "path": "/infra/certificates/selfSignedCert", "parent_path": "/infra", "relative_path": "selfSignedCert", "details": [ { "issuer_cn": "vSM Test Certificate", "public_key_length": 1024, "signature": "4e cf ff 36 ac a1", "not_before": 1323772715000, "subject": "1.2.840.113549.1.9.1=#16076140622e636f6d,CN=vSM Test Certificate,OU=vShield,O=VMware,L=Pune,ST=Maharashtra,C=IN", "serial_number": "ca55f5e21a0b2dd2", "public_key_algo": "RSA", "version": "1", "issuer": "1.2.840.113549.1.9.1=#16076140622e636f6d,CN=vSM Test Certificate,OU=vShield,O=VMware,L=Pune,ST=Maharashtra,C=IN", "is_ca": false, "subject_cn": "vSM Test Certificate", "not_after": 1355308715000, "is_valid": false, "rsa_public_key_exponent": "10001", "signature_algorithm": "SHA1WITHRSA", "rsa_public_key_modulus": "00 b7 8f 79 e4" } ], "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "has_private_key": true, "tls_certificate_type": "CERTIFICATE_SELF_SIGNED", "unique_id": "e523b4c0-c3c5-4656-80a1-36dd0fab38cb", "realization_id": "e523b4c0-c3c5-4656-80a1-36dd0fab38cb", "marked_for_delete": false, "overridden": false, "_create_user": "admin", "_create_time": 1516338671237, "_last_modified_user": "admin", "_last_modified_time": 1516338671237, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Add a New Certificate

Adds a new private-public certificate and, optionally, a private key that
can be applied to one of the user-facing components (appliance management
or edge). The certificate and the key should be stored in PEM format. If
no private key is provided, the certificate is used as a client
certificate in the trust store.
A private key can be uploaded for a CA certificate only if the "purpose"
parameter is set to "signing-ca".
A certificate chain will not be expanded
into separate certificate instances for reference, but would be pushed to
the enforcement point as a single certificate. This PUT method does
not modify an existing certificate.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/certificates/{certificate-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates/{certificate-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

TlsTrustData+

TlsTrustData (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
key_algo	Key algorithm contained in this certificate.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
passphrase	Password for private key encryption.	secure_string
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	pem encoded certificate data.	string	Required
private_key	private key data	secure_string
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Enum: signing-ca
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsTrustData	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/certificates/selfSignedCert { "_revision":"0", "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "private_key": "-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----\n", "passphrase": "1234" } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TlsCertificate+

TlsCertificate (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	Category Category of certificate. This certificate is used to connect to services only.	string	Readonly Enum: SERVICE_CERTIFICATE
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
details	list of X509Certificates.	array of X509Certificate	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
has_private_key	whether we have the private key for this certificate.	boolean	Required Readonly Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	pem encoded certificate data.	string	Required
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Readonly Enum: signing-ca
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCertificate	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tls_certificate_type	Classification of the TlsCertificate helps differentiate how a TlsCertificate could be used for various components either as a client trust certificate; CERTIFICATE_CA, or as a server identity certificate; CERTIFICATE_SIGNED,or CERTIFICATE_SELF_SIGNED.	string	Readonly Enum: CERTIFICATE_CA, CERTIFICATE_SIGNED, CERTIFICATE_SELF_SIGNED
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "TlsCertificate", "id": "selfSignedCert", "display_name": "selfSignedCert", "path": "/infra/certificates/selfSignedCert", "parent_path": "/infra", "relative_path": "selfSignedCert", "details": [ { "issuer_cn": "vSM Test Certificate", "public_key_length": 1024, "signature": "4e cf ff 36 ac a1", "not_before": 1323772715000, "subject": "1.2.840.113549.1.9.1=#16076140622e636f6d,CN=vSM Test Certificate,OU=vShield,O=VMware,L=Pune,ST=Maharashtra,C=IN", "serial_number": "ca55f5e21a0b2dd2", "public_key_algo": "RSA", "version": "1", "issuer": "1.2.840.113549.1.9.1=#16076140622e636f6d,CN=vSM Test Certificate,OU=vShield,O=VMware,L=Pune,ST=Maharashtra,C=IN", "is_ca": false, "subject_cn": "vSM Test Certificate", "not_after": 1355308715000, "is_valid": false, "rsa_public_key_exponent": "10001", "signature_algorithm": "SHA1WITHRSA", "rsa_public_key_modulus": "00 b7 8f 79 e4" } ], "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "has_private_key": true, "tls_certificate_type": "CERTIFICATE_SELF_SIGNED", "unique_id": "e523b4c0-c3c5-4656-80a1-36dd0fab38cb", "realization_id": "e523b4c0-c3c5-4656-80a1-36dd0fab38cb", "marked_for_delete": false, "overridden": false, "_create_user": "admin", "_create_time": 1516338671237, "_last_modified_user": "admin", "_last_modified_time": 1516338671237, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Add a New Certificate

Adds a new private-public certificate and, optionally, a private key that
can be applied to one of the user-facing components (appliance management
or edge). The certificate and the key should be stored in PEM format. If
no private key is provided, the certificate is used as a client
certificate in the trust store.
A private key can be uploaded for a CA certificate only if the "purpose"
parameter is set to "signing-ca".
A certificate chain will not be expanded
into separate certificate instances for reference, but would be pushed to
the enforcement point as a single certificate. This patch method does
not modify an existing certificate.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/certificates/{certificate-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates/{certificate-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

TlsTrustData+

TlsTrustData (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
key_algo	Key algorithm contained in this certificate.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
passphrase	Password for private key encryption.	secure_string
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	pem encoded certificate data.	string	Required
private_key	private key data	secure_string
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Enum: signing-ca
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsTrustData	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/certificates/certificate-1 { "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "private_key": "-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----\n", "passphrase": "1234" } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Show Certificate Data for the Given Certificate ID

Returns information for the specified certificate ID, including the
certificate's id; pem_encoded data; and history of the
certificate (who created or modified it and when). For additional
information, include the ?details=true modifier at the end of the request
URI.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/certificates/{certificate-id}

/policy/api/v1/global-infra/certificates/{certificate-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates/{certificate-id}

Request Headers:

n/a

Query Parameters:

GetCertParameter+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/certificates/selfSignedCertificate Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TlsCertificate+

TlsCertificate (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	Category Category of certificate. This certificate is used to connect to services only.	string	Readonly Enum: SERVICE_CERTIFICATE
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
details	list of X509Certificates.	array of X509Certificate	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
has_private_key	whether we have the private key for this certificate.	boolean	Required Readonly Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	pem encoded certificate data.	string	Required
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Readonly Enum: signing-ca
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCertificate	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tls_certificate_type	Classification of the TlsCertificate helps differentiate how a TlsCertificate could be used for various components either as a client trust certificate; CERTIFICATE_CA, or as a server identity certificate; CERTIFICATE_SIGNED,or CERTIFICATE_SELF_SIGNED.	string	Readonly Enum: CERTIFICATE_CA, CERTIFICATE_SIGNED, CERTIFICATE_SELF_SIGNED
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "TlsCertificate", "id": "selfSignedCert", "display_name": "selfSignedCert", "path": "/infra/certificates/selfSignedCert", "parent_path": "/infra", "relative_path": "selfSignedCert", "details": [ { "issuer_cn": "vSM Test Certificate", "public_key_length": 1024, "signature": "4e cf ff 36 ac a1", "not_before": 1323772715000, "subject": "1.2.840.113549.1.9.1=#16076140622e636f6d,CN=vSM Test Certificate,OU=vShield,O=VMware,L=Pune,ST=Maharashtra,C=IN", "serial_number": "ca55f5e21a0b2dd2", "public_key_algo": "RSA", "version": "1", "issuer": "1.2.840.113549.1.9.1=#16076140622e636f6d,CN=vSM Test Certificate,OU=vShield,O=VMware,L=Pune,ST=Maharashtra,C=IN", "is_ca": false, "subject_cn": "vSM Test Certificate", "not_after": 1355308715000, "is_valid": false, "rsa_public_key_exponent": "10001", "signature_algorithm": "SHA1WITHRSA", "rsa_public_key_modulus": "00 b7 8f 79 e4" } ], "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "has_private_key": true, "tls_certificate_type": "CERTIFICATE_SELF_SIGNED", "unique_id": "e523b4c0-c3c5-4656-80a1-36dd0fab38cb", "realization_id": "e523b4c0-c3c5-4656-80a1-36dd0fab38cb", "marked_for_delete": false, "overridden": false, "_create_user": "admin", "_create_time": 1516338671237, "_last_modified_user": "admin", "_last_modified_time": 1516338671237, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete Certificate for the Given Certificate ID

Removes the specified certificate. The private key associated with the
certificate is also deleted.
Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/certificates/{certificate-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/certificates/{certificate-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/certificates/signedDigitalCert Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Certificates: Crls

Associated URIs:

GET /policy/api/v1/infra/crls
GET /policy/api/v1/global-infra/crls
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls
DELETE /policy/api/v1/infra/crls/{crl-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}
GET /policy/api/v1/infra/crls/{crl-id}
GET /policy/api/v1/global-infra/crls/{crl-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}
PATCH /policy/api/v1/infra/crls/{crl-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}
POST /policy/api/v1/infra/crls/{crl-id}?action=import
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}?action=import
POST /policy/api/v1/infra/crls/{crl-id}?action=upload
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}?action=upload
PUT /policy/api/v1/infra/crls/{crl-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}

Return All Added CRLs

Returns information about all CRLs. For additional information, include the
?details=true modifier at the end of the request URI.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/crls

/policy/api/v1/global-infra/crls

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls

Request Headers:

n/a

Query Parameters:

ListCertParameter+

ListCertParameter (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
details	whether to expand the pem data and show all its details	boolean	Default: "False"
fmt		CertificateFormatParameter
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
node_id	Node ID of certificate to return Provide this parameter to limit the list of returned certificates to those matching a particular node ID.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
type	Type of certificate to return Provide this parameter to limit the list of returned certificates to those matching a particular usage. Passing cluster_certificate will return the certificate used for the cluster wide API service.	string	Enum: cluster_api_certificate, api_certificate

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/crls?details=true Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TlsCrlListResult+

Example Response: { "result_count": 1, "results": [ { "resource_type": "TlsCrl", "display_name": "revoked certificates", "path": "/infra/crls/revokedCerts", "parent_path": "/infra", "relative_path": "revokedCerts", "pem_encoded": "-----BEGIN X509 CRL----------END X509 CRL-----\n", "details": { "next_update": "945220365000", "issuer": "1.2.840.113549.1.9.1=#161d726f6f744069676c6f6f2e6974732e756e696d656c622e6564752e6175,CN=igloo Certificate Authority,OU=Certificates Administration,O=igloo CA,L=Melbourne,ST=Victoria,C=AU", "version": "1" }, "crl_type": "X509", "unique_id": "511cf9cd-448b-4fa5-9bdf-a24a9dcba853", "realization_id": "511cf9cd-448b-4fa5-9bdf-a24a9dcba853", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1, "_last_modified_user": "admin", "_last_modified_time": 1413387436438, "_create_time": 1413386249116, "_create_user": "admin" }, { "crl_type": "OneCRL", "one_crl": "{\"data\":[ <...> ]}", "details_revoked_by_issuer_and_serial_number": [ <...> ], "details_revoked_by_subject_and_public_key_hash": [ <...> ], "resource_type": "TlsCrl", "id": "default_public_crl", "display_name": "default_public_crl", "path": "/infra/crls/default_public_crl", "relative_path": "default_public_crl", "parent_path": "/infra", "unique_id": "91503436-5215-4d13-93e0-094c7473e30d", "realization_id": "91503436-5215-4d13-93e0-094c7473e30d", "marked_for_delete": false, "overridden": false, "_system_owned": true, "_create_user": "system", "_create_time": 1630097138768, "_last_modified_user": "admin", "_last_modified_time": 1630107914252, "_protection": "NOT_PROTECTED", "_revision": 1 }, ] } Required Permissions: read Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or patch a Certificate Revocation List

Create or patch a Certificate Revocation List for the given id. The CRL is used to
verify the client certificate status against the revocation lists published by the CA.
For this reason, the administrator needs to add the CRL in certificate repository as well.
The CRL must contain PEM data for a single CRL.
A CRL can be in the PEM X.509 format (crl_type=X509) or JSON OneCRL
(crl_type=OneCRL).
If crl_type is not specified, it is auto-detected based on the presence of
fields pem_encoded or one_crl.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/crls/{crl-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

TlsCrl+

TlsCrl (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
crl_type	Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default).	string	Enum: OneCRL, X509 Default: "X509"
description	Description of this resource	string	Maximum length: 1024 Sortable
details	Details of the X509Crl object Details of the X509Crl object.	X509Crl	Readonly
details_revoked_by_issuer_and_serial_number	Certificates revoked by issuer and serial number	array of IssuerSerialNumber	Readonly
details_revoked_by_subject_and_public_key_hash	Certificates revoked by subject and public key hash	array of SubjectPublicKeyHash	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
one_crl	JSON-encoded OneCRL-like object	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	Pem encoded crl data Pem encoded crl data.	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCrl	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/crls/revokedCertsb { "display_name": "Revoked Certificates", "pem_encoded": "-----BEGIN X509 CRL----------END X509 CRL-----\n", "crl_type": "X509" } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: 200 Ok Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or fully replace a Certificate Revocation List

Create or replace a Certificate Revocation List for the given id. The CRL is used to
verify the client certificate status against the revocation lists published by the CA.
For this reason, the administrator needs to add the CRL in certificate repository as well.
The CRL must contain PEM data for a single CRL. Revision is required.
A CRL can be in the PEM X.509 format (crl_type=X509) or JSON OneCRL
(crl_type=OneCRL).
If crl_type is not specified, it is auto-detected based on the presence of
fields pem_encoded or one_crl.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/crls/{crl-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

TlsCrl+

TlsCrl (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
crl_type	Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default).	string	Enum: OneCRL, X509 Default: "X509"
description	Description of this resource	string	Maximum length: 1024 Sortable
details	Details of the X509Crl object Details of the X509Crl object.	X509Crl	Readonly
details_revoked_by_issuer_and_serial_number	Certificates revoked by issuer and serial number	array of IssuerSerialNumber	Readonly
details_revoked_by_subject_and_public_key_hash	Certificates revoked by subject and public key hash	array of SubjectPublicKeyHash	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
one_crl	JSON-encoded OneCRL-like object	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	Pem encoded crl data Pem encoded crl data.	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCrl	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/crls/revokedCerts { "display_name": "Revoked Certificates", "pem_encoded": "-----BEGIN X509 CRL----------END X509 CRL-----\n", "_revision": 1, "crl_type": "X509" } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TlsCrl+

TlsCrl (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
crl_type	Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default).	string	Enum: OneCRL, X509 Default: "X509"
description	Description of this resource	string	Maximum length: 1024 Sortable
details	Details of the X509Crl object Details of the X509Crl object.	X509Crl	Readonly
details_revoked_by_issuer_and_serial_number	Certificates revoked by issuer and serial number	array of IssuerSerialNumber	Readonly
details_revoked_by_subject_and_public_key_hash	Certificates revoked by subject and public key hash	array of SubjectPublicKeyHash	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
one_crl	JSON-encoded OneCRL-like object	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	Pem encoded crl data Pem encoded crl data.	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCrl	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "TlsCrl", "display_name": "revoked certificates", "path": "/infra/crls/revokedCerts", "parent_path": "/infra", "relative_path": "revokedCerts", "pem_encoded": "-----BEGIN X509 CRL----------END X509 CRL-----\n", "details": { "next_update": "945220365000", "issuer": "1.2.840.113549.1.9.1=#161d726f6f744069676c6f6f2e6974732e756e696d656c622e6564752e6175,CN=igloo Certificate Authority,OU=Certificates Administration,O=igloo CA,L=Melbourne,ST=Victoria,C=AU", "version": "1" }, "crl_type": "X509", "unique_id": "511cf9cd-448b-4fa5-9bdf-a24a9dcba853", "realization_id": "511cf9cd-448b-4fa5-9bdf-a24a9dcba853", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1, "_last_modified_time": 1413386249116, "_create_time": 1413386249116, "_create_user": "admin", "_last_modified_user": "admin" } Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete a CRL

Deletes an existing CRL. Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/crls/{crl-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/crls/revokedCerts Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Show CRL Data for the Given CRL id.

Returns information about the specified CRL. For additional information,
include the ?details=true modifier at the end of the request URI.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/crls/{crl-id}

/policy/api/v1/global-infra/crls/{crl-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}

Request Headers:

n/a

Query Parameters:

GetCertParameter+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/crls/revokedCerts?details=true Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TlsCrl+

TlsCrl (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
crl_type	Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default).	string	Enum: OneCRL, X509 Default: "X509"
description	Description of this resource	string	Maximum length: 1024 Sortable
details	Details of the X509Crl object Details of the X509Crl object.	X509Crl	Readonly
details_revoked_by_issuer_and_serial_number	Certificates revoked by issuer and serial number	array of IssuerSerialNumber	Readonly
details_revoked_by_subject_and_public_key_hash	Certificates revoked by subject and public key hash	array of SubjectPublicKeyHash	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
one_crl	JSON-encoded OneCRL-like object	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	Pem encoded crl data Pem encoded crl data.	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCrl	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "TlsCrl", "display_name": "revoked certificates", "path": "/infra/crls/revokedCerts", "parent_path": "/infra", "relative_path": "revokedCerts", "pem_encoded": "-----BEGIN X509 CRL----------END X509 CRL-----\n", "details": { "next_update": "945220365000", "issuer": "1.2.840.113549.1.9.1=#161d726f6f744069676c6f6f2e6974732e756e696d656c622e6564752e6175,CN=igloo Certificate Authority,OU=Certificates Administration,O=igloo CA,L=Melbourne,ST=Victoria,C=AU", "version": "1" }, "crl_type": "X509", "unique_id": "511cf9cd-448b-4fa5-9bdf-a24a9dcba853", "realization_id": "511cf9cd-448b-4fa5-9bdf-a24a9dcba853", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1, "_last_modified_user": "admin", "_last_modified_time": 1413387436438, "_create_time": 1413386249116, "_create_user": "admin" } Required Permissions: read Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create a new Certificate Revocation List

Adds a new certificate revocation list (CRLs). The CRL is used to verify the client
certificate status against the revocation lists published by the CA. For this reason,
the administrator needs to add the CRL in certificate repository as well.
A CRL can be in the PEM X.509 format (crl_type=X509) or JSON OneCRL
(crl_type=OneCRL).
If crl_type is not specified, it is auto-detected based on the presence of
fields pem_encoded or one_crl.
An X.509 CRL can contain a single CRL or multiple CRLs depending on the PEM data.
- Single CRL: a single CRL is created with the given id.
- Composite CRL: multiple CRLs are generated. Each of the CRL is created with an id
generated based on the given id. First CRL is created with crl-id, second with crl-id-1,
third with crl-id-2, etc.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/crls/{crl-id}?action=import

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}?action=import

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

TlsCrl+

TlsCrl (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
crl_type	Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default).	string	Enum: OneCRL, X509 Default: "X509"
description	Description of this resource	string	Maximum length: 1024 Sortable
details	Details of the X509Crl object Details of the X509Crl object.	X509Crl	Readonly
details_revoked_by_issuer_and_serial_number	Certificates revoked by issuer and serial number	array of IssuerSerialNumber	Readonly
details_revoked_by_subject_and_public_key_hash	Certificates revoked by subject and public key hash	array of SubjectPublicKeyHash	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
one_crl	JSON-encoded OneCRL-like object	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	Pem encoded crl data Pem encoded crl data.	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCrl	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

TlsCrlListResult+

Example Response: { "results": [{ "resource_type": "TlsCrl", "display_name": "revoked certificates", "path": "/infra/crls/revokedCerts", "parent_path": "/infra", "relative_path": "revokedCerts", "pem_encoded": "-----BEGIN X509 CRL----------END X509 CRL-----\n", "crl_type": "X509", "unique_id": "511cf9cd-448b-4fa5-9bdf-a24a9dcba853", "realization_id": "511cf9cd-448b-4fa5-9bdf-a24a9dcba853", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0, "_last_modified_user": "admin", "_last_modified_time": 1413387436438, "_create_time": 1413386249116, "_create_user": "admin" }] } Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Upload a new or updated Certificate Revocation List

Adds or replaces a certificate revocation list (CRLs). The CRL is used to verify the client
certificate status against the revocation lists published by the CA. For this reason,
the administrator needs to add the CRL in certificate repository as well.
A CRL can be in the PEM X.509 format (crl_type=X509) or JSON OneCRL
(crl_type=OneCRL).
If crl_type is not specified, it is auto-detected based on the upload content.
An X.509 CRL can contain a single CRL or multiple CRLs depending on the PEM data.
- Single CRL: a single CRL is created with the given id.
- Composite CRL: multiple CRLs are generated. Each of the CRL is created with an id
generated based on the given id. First CRL is created with crl-id, second with crl-id-1,
third with crl-id-2, etc.
Differently from action=import, this method allows multi-part upload of the CRL(s).
The TlsCrl resource returned in the body of the response will have an empty pem_encoded
field, as it may be large. Use a GET request to retrieve the PEM-encoded CRL.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/crls/{crl-id}?action=upload

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/crls/{crl-id}?action=upload

Request Headers:

n/a

Query Parameters:

UploadTlsCrlRequestParameters+

Request Body:

n/a

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/crls/revokedCerts?action=import Content-Type: multipart/form-data; boundary=2a8ae6ad-f4ad-4d9a-a92c-6d217011fe0f --2a8ae6ad-f4ad-4d9a-a92c-6d217011fe0f Content-Disposition: form-data; name="file"; filename="mycrl.pem" -----BEGIN X509 CRL----- -----END X509 CRL----- Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

TlsCrl+

TlsCrl (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
crl_type	Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default).	string	Enum: OneCRL, X509 Default: "X509"
description	Description of this resource	string	Maximum length: 1024 Sortable
details	Details of the X509Crl object Details of the X509Crl object.	X509Crl	Readonly
details_revoked_by_issuer_and_serial_number	Certificates revoked by issuer and serial number	array of IssuerSerialNumber	Readonly
details_revoked_by_subject_and_public_key_hash	Certificates revoked by subject and public key hash	array of SubjectPublicKeyHash	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
one_crl	JSON-encoded OneCRL-like object	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	Pem encoded crl data Pem encoded crl data.	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCrl	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TlsCrl+

TlsCrl (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
crl_type	Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default).	string	Enum: OneCRL, X509 Default: "X509"
description	Description of this resource	string	Maximum length: 1024 Sortable
details	Details of the X509Crl object Details of the X509Crl object.	X509Crl	Readonly
details_revoked_by_issuer_and_serial_number	Certificates revoked by issuer and serial number	array of IssuerSerialNumber	Readonly
details_revoked_by_subject_and_public_key_hash	Certificates revoked by subject and public key hash	array of SubjectPublicKeyHash	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
one_crl	JSON-encoded OneCRL-like object	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	Pem encoded crl data Pem encoded crl data.	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCrl	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Certificates: Csrs

Associated URIs:

GET /policy/api/v1/infra/csrs
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs
POST /policy/api/v1/infra/csrs?action=self_sign
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs?action=self_sign
DELETE /policy/api/v1/infra/csrs/{csr-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}
GET /policy/api/v1/infra/csrs/{csr-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}
POST /policy/api/v1/infra/csrs/{csr-id}?action=create
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}?action=create
POST /policy/api/v1/infra/csrs/{csr-id}?action=import
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}?action=import
POST /policy/api/v1/infra/csrs/{csr-id}?action=upload
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}?action=upload
POST /policy/api/v1/infra/csrs/{csr-id}?action=self_sign
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}?action=self_sign
GET /policy/api/v1/infra/csrs/{csr-id}/pem-file
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}/pem-file

Return All the Generated CSRs

Returns information about all of the CSRs that have been created. Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/csrs

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs

Request Headers:

n/a

Query Parameters:

ListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/csrs Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TlsCsrListResult+

Example Response: { "result_count": 1, "results": [ { "resource_type": "Csr", "id": "example-csr-id", "display_name": "example-csr-id", "path": "/infra/csrs/example-csr-id", "parent_path": "/infra/csrs/example-csr-id", "relative_path": "example-csr-id", "pem_encoded": "-----BEGIN CERTIFICATE REQUEST----------END CERTIFICATE REQUEST-----\n", "key_size": 2048, "subject": { "attributes": [ { "value": "Jane", "key": "CN" }, { "value": "VMware", "key": "O" }, { "value": "NSBU", "key": "OU" }, { "value": "US", "key": "C" }, { "value": "CA", "key": "ST" }, { "value": "PA", "key": "L" } ] }, "algorithm": "RSA", "is_ca": false, "marked_for_delete": false, "overridden": false, "_create_user": "admin", "_create_time": 1516338671237, "_last_modified_user": "admin", "_last_modified_time": 1516338671237, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Show CSR Data for the Given CSR ID

Returns information about the specified CSR. Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/csrs/{csr-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/csrs/example-csr-id Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TlsCsr+

TlsCsr (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
algorithm	Cryptographic algorithm (asymmetric) used by the public key for data encryption.	string	Enum: RSA, EC Default: "RSA"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
extensions	X509 extensions to add X509 v3 extensions to be added to a CSR.	CsrExtensions	Readonly
id	Unique identifier of this resource	string	Sortable
is_ca	Whether the CSR is for a CA certificate.	boolean	Default: "False"
key_size	Size measured in bits of the public key used in a cryptographic algorithm.	integer	Default: "4096"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM encoded certificate data.	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCsr	string
subject	The certificate owner's information. (CN, O, OU, C, ST, L)	Principal	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "Csr", "id": "example-csr-id", "display_name": "example-csr-id", "path": "/infra/csrs/example-csr-id", "parent_path": "/infra/csrs/example-csr-id", "relative_path": "example-csr-id", "pem_encoded": "-----BEGIN CERTIFICATE REQUEST----------END CERTIFICATE REQUEST-----\n", "key_size": 2048, "subject": { "attributes": [ { "value": "Jane", "key": "CN" }, { "value": "VMware", "key": "O" }, { "value": "NSBU", "key": "OU" }, { "value": "US", "key": "C" }, { "value": "CA", "key": "ST" }, { "value": "PA", "key": "L" } ] }, "algorithm": "RSA", "is_ca": false, "extensions": { "subject_alt_names": { "dns_names": [ "www.vmware.com", "*.vmware.com" ] } }, "marked_for_delete": false, "overridden": false, "_create_user": "admin", "_create_time": 1516338671237, "_last_modified_user": "admin", "_last_modified_time": 1516338671237, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete a CSR

Removes a specified CSR. If a CSR is not used for verification, you can
delete it. Note that the CSR import and upload POST actions automatically
delete the associated CSR.
Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/csrs/{csr-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/csrs/example-csr-id Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get CSR PEM File for the Given CSR ID

Downloads the CSR PEM file for a specified CSR. Clients must include an Accept: text/plain request header. Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/csrs/{csr-id}/pem-file

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}/pem-file

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/csrs/example-csr-id/pem-file Accept: text/plain Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: text/plain;charset=UTF-8

Response Body:

string

Example Response: -----BEGIN CERTIFICATE REQUEST----------END CERTIFICATE REQUEST----- Required Permissions: read Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Generate a New Certificate Signing Request

Creates a new certificate signing request (CSR). A CSR is encrypted text that
contains information about your organization (organization name, country,
and so on) and your Web server's public key, which is a public certificate
the is generated on the server that can be used to forward this request to a
certificate authority (CA). A private key is also usually created at the
same time as the CSR.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/csrs/{csr-id}?action=create

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}?action=create

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

TlsCsr+

TlsCsr (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
algorithm	Cryptographic algorithm (asymmetric) used by the public key for data encryption.	string	Enum: RSA, EC Default: "RSA"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
extensions	X509 extensions to add X509 v3 extensions to be added to a CSR.	CsrExtensions	Readonly
id	Unique identifier of this resource	string	Sortable
is_ca	Whether the CSR is for a CA certificate.	boolean	Default: "False"
key_size	Size measured in bits of the public key used in a cryptographic algorithm.	integer	Default: "4096"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM encoded certificate data.	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCsr	string
subject	The certificate owner's information. (CN, O, OU, C, ST, L)	Principal	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/csrs/example-csr-id?action=create { "subject": { "attributes": [ {"key":"CN","value":"Jane"}, {"key":"O","value":"VMware"}, {"key":"OU","value":"NSBU"}, {"key":"C","value":"US"}, {"key":"ST","value":"CA"}, {"key":"L","value":"PA"} ] }, "key_size": "2048", "algorithm": "RSA", "is_ca": false } Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

TlsCsr+

TlsCsr (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
algorithm	Cryptographic algorithm (asymmetric) used by the public key for data encryption.	string	Enum: RSA, EC Default: "RSA"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
extensions	X509 extensions to add X509 v3 extensions to be added to a CSR.	CsrExtensions	Readonly
id	Unique identifier of this resource	string	Sortable
is_ca	Whether the CSR is for a CA certificate.	boolean	Default: "False"
key_size	Size measured in bits of the public key used in a cryptographic algorithm.	integer	Default: "4096"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM encoded certificate data.	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCsr	string
subject	The certificate owner's information. (CN, O, OU, C, ST, L)	Principal	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "TlsCsr", "id": "example-csr-id", "display_name": "example-csr-id", "path": "/infra/csrs/example-csr-id", "parent_path": "/infra/csrs", "relative_path": "example-csr-id", "pem_encoded": "-----BEGIN CERTIFICATE REQUEST----------END CERTIFICATE REQUEST-----\n", "key_size": 2048, "subject": { "attributes": [ { "value": "Jane", "key": "CN" }, { "value": "VMware", "key": "O" }, { "value": "NSBU", "key": "OU" }, { "value": "US", "key": "C" }, { "value": "CA", "key": "ST" }, { "value": "PA", "key": "L" } ] }, "algorithm": "RSA", "is_ca": false, "marked_for_delete": false, "overridden": false, "_create_user": "admin", "_create_time": 1516338671237, "_last_modified_user": "admin", "_last_modified_time": 1516338671237, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Import a Certificate Associated with an Approved CSR

Imports a certificate authority (CA)-signed certificate for a CSR. This
action links the certificate to the private key created by the CSR. The
pem_encoded string in the request body is the signed certificate provided by
your CA in response to the CSR that you provide to them. The import POST
action automatically deletes the associated CSR.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/csrs/{csr-id}?action=import

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}?action=import

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

TlsTrustData+

TlsTrustData (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
key_algo	Key algorithm contained in this certificate.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
passphrase	Password for private key encryption.	secure_string
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	pem encoded certificate data.	string	Required
private_key	private key data	secure_string
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Enum: signing-ca
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsTrustData	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/csrs/example-csr-id?action=import { "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n" } Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

TlsCertificate+

TlsCertificate (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	Category Category of certificate. This certificate is used to connect to services only.	string	Readonly Enum: SERVICE_CERTIFICATE
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
details	list of X509Certificates.	array of X509Certificate	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
has_private_key	whether we have the private key for this certificate.	boolean	Required Readonly Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	pem encoded certificate data.	string	Required
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Readonly Enum: signing-ca
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCertificate	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tls_certificate_type	Classification of the TlsCertificate helps differentiate how a TlsCertificate could be used for various components either as a client trust certificate; CERTIFICATE_CA, or as a server identity certificate; CERTIFICATE_SIGNED,or CERTIFICATE_SELF_SIGNED.	string	Readonly Enum: CERTIFICATE_CA, CERTIFICATE_SIGNED, CERTIFICATE_SELF_SIGNED
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "TlsCertificate", "id": "669f4e8f-061e-4c73-8cfb-1044181eb365", "display_name": "example-csr-id", "path": "/infra/certificates/669f4e8f-061e-4c73-8cfb-1044181eb365", "parent_path": "/infra", "relative_path": "example-csr-id", "details": [ { "issuer_cn": "vSM Test Certificate", "public_key_length": 1024, "signature": "4e cf ff 36 ac a1", "not_before": 1323772715000, "subject": "CN=Jane,O=VMware,OU=NSBU,ST=CA,C=US,PA=L", "serial_number": "ca55f5e21a0b2dd2", "public_key_algo": "RSA", "version": "1", "issuer": "1.2.840.113549.1.9.1=#16076140622e636f6d,CN=vSM Test Certificate,OU=vShield,O=VMware,L=Pune,ST=Maharashtra,C=IN", "is_ca": false, "subject_cn": "Jane", "not_after": 1355308715000, "is_valid": false, "rsa_public_key_exponent": "10001", "signature_algorithm": "SHA1WITHRSA", "rsa_public_key_modulus": "00 b7 8f 79 e4" } ], "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "tls_certificate_type": "CERTIFICATE_SELF_SIGNED", "unique_id": "669f4e8f-061e-4c73-8cfb-1044181eb365", "realization_id": "669f4e8f-061e-4c73-8cfb-1044181eb365", "marked_for_delete": false, "overridden": false, "has_private_key": true, "_create_user": "admin", "_create_time": 1516338671237, "_last_modified_user": "admin", "_last_modified_time": 1516338671237, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Self-Sign the CSR

Self-signs the previously generated CSR. This action is similar to the
import certificate action, but instead of using a public certificate signed
by a CA, the self_sign POST action uses a certificate that is signed with
NSX's own private key. The maximum validity limit for non-CA certificates
is 825 days, except that values of 3,650 and 36,500 days are allowed.
No limit is set for CA certificates.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/csrs/{csr-id}?action=self_sign

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}?action=self_sign

Request Headers:

n/a

Query Parameters:

SelfSignedActionParameter+

Request Body:

n/a

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/csrs/example-csr-id?action=self_sign&days_valid=365 Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

TlsCertificate+

TlsCertificate (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	Category Category of certificate. This certificate is used to connect to services only.	string	Readonly Enum: SERVICE_CERTIFICATE
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
details	list of X509Certificates.	array of X509Certificate	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
has_private_key	whether we have the private key for this certificate.	boolean	Required Readonly Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	pem encoded certificate data.	string	Required
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Readonly Enum: signing-ca
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCertificate	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tls_certificate_type	Classification of the TlsCertificate helps differentiate how a TlsCertificate could be used for various components either as a client trust certificate; CERTIFICATE_CA, or as a server identity certificate; CERTIFICATE_SIGNED,or CERTIFICATE_SELF_SIGNED.	string	Readonly Enum: CERTIFICATE_CA, CERTIFICATE_SIGNED, CERTIFICATE_SELF_SIGNED
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "TlsCertificate", "id": "669f4e8f-061e-4c73-8cfb-1044181eb365", "display_name": "example-csr-id", "path": "/infra/certificates/669f4e8f-061e-4c73-8cfb-1044181eb365", "parent_path": "/infra", "relative_path": "669f4e8f-061e-4c73-8cfb-1044181eb365", "details": [ { "issuer_cn": "Jane", "public_key_length": 1024, "signature": "4e cf ff 36 ac a1", "not_before": 1323772715000, "subject": "CN=Jane,O=VMware,OU=NSBU,ST=CA,C=US,PA=L", "serial_number": "ca55f5e21a0b2dd2", "public_key_algo": "RSA", "version": "1", "issuer": "CN=Jane,O=VMware,OU=NSBU,ST=CA,C=US,PA=L", "is_ca": false, "subject_cn": "Jane", "not_after": 1355308715000, "is_valid": false, "rsa_public_key_exponent": "10001", "signature_algorithm": "SHA1WITHRSA", "rsa_public_key_modulus": "00 b7 8f 79 e4" } ], "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "has_private_key": true, "tls_certificate_type": "CERTIFICATE_SELF_SIGNED", "unique_id": "669f4e8f-061e-4c73-8cfb-1044181eb365", "realization_id": "669f4e8f-061e-4c73-8cfb-1044181eb365", "marked_for_delete": false, "overridden": false, "_create_user": "admin", "_create_time": 1516338671237, "_last_modified_user": "admin", "_last_modified_time": 1516338671237, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Upload the Certificate PEM File Signed by the CA Associated with a CSR

Uploads the certificate authority (CA)-signed certificate. After you send
the certificate request to the CA of your choice, and the CA sends back the
signed certificate, you can use the upload POST action to upload the signed
certificate. The upload action is similar to the import action, but the
upload action allows you to directly upload the PEM-encoded file (signed
certificate) provided by the CA. Like the import POST action, the upload
POST action automatically deletes the associated CSR.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/csrs/{csr-id}?action=upload

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs/{csr-id}?action=upload

Request Headers:

n/a

Query Parameters:

UploadFileRequestParameters+

Request Body:

n/a

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/csrs/example-csr-id?action=upload Content-Type: multipart/form-data; boundary=2a8ae6ad-f4ad-4d9a-a92c-6d217011fe0f --2a8ae6ad-f4ad-4d9a-a92c-6d217011fe0f Content-Disposition: form-data; name="file"; filename="mycert.pem" -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

TlsCertificate+

TlsCertificate (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	Category Category of certificate. This certificate is used to connect to services only.	string	Readonly Enum: SERVICE_CERTIFICATE
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
details	list of X509Certificates.	array of X509Certificate	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
has_private_key	whether we have the private key for this certificate.	boolean	Required Readonly Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	pem encoded certificate data.	string	Required
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Readonly Enum: signing-ca
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCertificate	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tls_certificate_type	Classification of the TlsCertificate helps differentiate how a TlsCertificate could be used for various components either as a client trust certificate; CERTIFICATE_CA, or as a server identity certificate; CERTIFICATE_SIGNED,or CERTIFICATE_SELF_SIGNED.	string	Readonly Enum: CERTIFICATE_CA, CERTIFICATE_SIGNED, CERTIFICATE_SELF_SIGNED
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Generate a new self-signed certificate

Creates a new self-signed certificate. A private key is also created at the
same time. This is convenience call that will generate a CSR and then self-sign it.
The maximum validity limit for non-CA certificates is 825 days, except that values
of 3,650 and 36,500 days are allowed. No limit is set for CA certificates.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/csrs?action=self_sign

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/csrs?action=self_sign

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

TlsCsrWithDaysValid+

TlsCsrWithDaysValid (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
algorithm	Cryptographic algorithm (asymmetric) used by the public key for data encryption.	string	Enum: RSA, EC Default: "RSA"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
days_valid	Number of days the certificate will be valid, default 825 days	integer	Default: "825"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
extensions	X509 extensions to add X509 v3 extensions to be added to a CSR.	CsrExtensions	Readonly
id	Unique identifier of this resource	string	Sortable
is_ca	Whether the CSR is for a CA certificate.	boolean	Default: "False"
key_size	Size measured in bits of the public key used in a cryptographic algorithm.	integer	Default: "4096"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM encoded certificate data.	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCsrWithDaysValid	string
subject	The certificate owner's information. (CN, O, OU, C, ST, L)	Principal	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/csrs?action=self_sign { "subject": { "attributes": [ {"key":"CN","value":"Jane"}, {"key":"O","value":"VMware"}, {"key":"OU","value":"NSBU"}, {"key":"C","value":"US"}, {"key":"ST","value":"CA"}, {"key":"L","value":"PA"} ] }, "key_size": "2048", "algorithm": "RSA", "days_valid": 365, } Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

TlsCertificate+

TlsCertificate (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	Category Category of certificate. This certificate is used to connect to services only.	string	Readonly Enum: SERVICE_CERTIFICATE
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
details	list of X509Certificates.	array of X509Certificate	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
has_private_key	whether we have the private key for this certificate.	boolean	Required Readonly Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	pem encoded certificate data.	string	Required
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Readonly Enum: signing-ca
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCertificate	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tls_certificate_type	Classification of the TlsCertificate helps differentiate how a TlsCertificate could be used for various components either as a client trust certificate; CERTIFICATE_CA, or as a server identity certificate; CERTIFICATE_SIGNED,or CERTIFICATE_SELF_SIGNED.	string	Readonly Enum: CERTIFICATE_CA, CERTIFICATE_SIGNED, CERTIFICATE_SELF_SIGNED
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "TlsCertificate", "id": "669f4e8f-061e-4c73-8cfb-1044181eb365", "display_name": "example-csr-id", "path": "/infra/certificates/669f4e8f-061e-4c73-8cfb-1044181eb365", "parent_path": "/infra", "relative_path": "669f4e8f-061e-4c73-8cfb-1044181eb365", "details": [ { "issuer_cn": "Jane", "public_key_length": 1024, "signature": "4e cf ff 36 ac a1", "not_before": 1323772715000, "subject": "CN=Jane,O=VMware,OU=NSBU,ST=CA,C=US,PA=L", "serial_number": "ca55f5e21a0b2dd2", "public_key_algo": "RSA", "version": "1", "issuer": "CN=Jane,O=VMware,OU=NSBU,ST=CA,C=US,PA=L", "is_ca": false, "subject_cn": "Jane", "not_after": 1355308715000, "is_valid": false, "rsa_public_key_exponent": "10001", "signature_algorithm": "SHA1WITHRSA", "rsa_public_key_modulus": "00 b7 8f 79 e4" } ], "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "has_private_key": true, "tls_certificate_type": "CERTIFICATE_SELF_SIGNED", "unique_id": "669f4e8f-061e-4c73-8cfb-1044181eb365", "realization_id": "669f4e8f-061e-4c73-8cfb-1044181eb365", "marked_for_delete": false, "overridden": false, "_create_user": "admin", "_create_time": 1516338671237, "_last_modified_user": "admin", "_last_modified_time": 1516338671237, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_certificate Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Enforcement Points

Enforcement Points: Edge Clusters

Associated URIs:

GET /policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points (Deprecated)
DELETE /policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points/{enforcementpoint-id} (Deprecated)
GET /policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points/{enforcementpoint-id} (Deprecated)
PATCH /policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points/{enforcementpoint-id} (Deprecated)
PUT /policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points/{enforcementpoint-id} (Deprecated)
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points
POST /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}?action=full-sync
DELETE /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}
PATCH /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}
POST /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}?action=reload
PUT /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}

List enforcementpoints for infra (Deprecated)

Paginated list of all enforcementpoints for infra.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points

Request Headers:

n/a

Query Parameters:

EnforcementPointListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/deployment-zones/default/enforcement-points Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

EnforcementPointListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "EnforcementPoint", "id": "nsxt-ep", "display_name": "/infra/deployment-zones/default/enforcement-points/nsxt-ep", "path": "/infra/deployment-zones/default/enforcement-points/nsxt-ep", "parent_path": "/infra/deployment-zones/default", "relative_path": "nsxt-ep", "connection_info": { "resource_type": "NSXTConnectionInfo", "enforcement_point_address": "10.192.201.163", "transport_zone_ids": [ "992759f9-434a-45ea-9347-2ff45fba1f31" ], "edge_cluster_ids": [ "ad79b022-69bd-4bd9-969a-273627690bd9" ], "thumbprint": "f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4" }, "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262753660, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } ] } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create/update a new Enforcement Point under infra (Deprecated)

If the passed Enforcement Point does not already exist, create a new Enforcement Point.
If it already exists, replace it.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points/{enforcementpoint-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

EnforcementPoint+

EnforcementPoint (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_enforce	Auto Enforce Flag Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps.	boolean	Default: "True"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildClusterControlPlane ChildHostTransportNode ChildHostTransportNodeCollection ChildPolicyEdgeCluster ChildPolicyEdgeHighAvailabilityProfile ChildPolicyEdgeTransportNode ChildPolicyFailureDomain ChildPolicyTransportZone ChildSubCluster ChildVirtualNetworkApplianceCluster
connection_info	Enforcement Point Connection Info Connection Info of the Enforcement Point.	EnforcementPointConnectionInfo (Abstract type: pass one of the following concrete types) AviConnectionInfo CvxConnectionInfo NSXTConnectionInfo NSXVConnectionInfo	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EnforcementPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
version	Enforcement point Version Version of the Enforcement point.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/deployment-zones/default/enforcement-points/nsxt-ep { "connection_info": { "enforcement_point_address":"10.192.201.163", "resource_type":"NSXTConnectionInfo", "username":"admin", "password":"Admin!23Admin", "thumbprint":"f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4", "transport_zone_ids": [ "992759f9-434a-45ea-9347-2ff45fba1f31" ], "edge_cluster_ids": [ "ad79b022-69bd-4bd9-969a-273627690bd9" ] }, "_revision" : 0 } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

EnforcementPoint+

EnforcementPoint (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_enforce	Auto Enforce Flag Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps.	boolean	Default: "True"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildClusterControlPlane ChildHostTransportNode ChildHostTransportNodeCollection ChildPolicyEdgeCluster ChildPolicyEdgeHighAvailabilityProfile ChildPolicyEdgeTransportNode ChildPolicyFailureDomain ChildPolicyTransportZone ChildSubCluster ChildVirtualNetworkApplianceCluster
connection_info	Enforcement Point Connection Info Connection Info of the Enforcement Point.	EnforcementPointConnectionInfo (Abstract type: pass one of the following concrete types) AviConnectionInfo CvxConnectionInfo NSXTConnectionInfo NSXVConnectionInfo	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EnforcementPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
version	Enforcement point Version Version of the Enforcement point.	string	Readonly

Example Response: { "resource_type": "EnforcementPoint", "id": "nsxt-ep", "display_name": "/infra/deployment-zones/default/enforcement-points/nsxt-ep", "path": "/infra/deployment-zones/default/enforcement-points/nsxt-ep", "parent_path": "/infra/deployment-zones/default", "relative_path": "nsxt-ep", "connection_info": { "resource_type": "NSXTConnectionInfo", "enforcement_point_address": "10.192.201.163", "transport_zone_ids": [ "992759f9-434a-45ea-9347-2ff45fba1f31" ], "edge_cluster_ids": [ "ad79b022-69bd-4bd9-969a-273627690bd9" ], "thumbprint": "f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4" }, "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262573524, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: infra_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Patch a new Enforcement Point under infra (Deprecated)

If the passed Enforcement Point does not already exist, create a new Enforcement Point.
If it already exists, patch it.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points/{enforcementpoint-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

EnforcementPoint+

EnforcementPoint (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_enforce	Auto Enforce Flag Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps.	boolean	Default: "True"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildClusterControlPlane ChildHostTransportNode ChildHostTransportNodeCollection ChildPolicyEdgeCluster ChildPolicyEdgeHighAvailabilityProfile ChildPolicyEdgeTransportNode ChildPolicyFailureDomain ChildPolicyTransportZone ChildSubCluster ChildVirtualNetworkApplianceCluster
connection_info	Enforcement Point Connection Info Connection Info of the Enforcement Point.	EnforcementPointConnectionInfo (Abstract type: pass one of the following concrete types) AviConnectionInfo CvxConnectionInfo NSXTConnectionInfo NSXVConnectionInfo	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EnforcementPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
version	Enforcement point Version Version of the Enforcement point.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/deployment-zones/default/enforcement-points/nsxt-ep { "connection_info": { "enforcement_point_address":"10.192.201.163", "resource_type":"NSXTConnectionInfo", "username":"admin", "password":"Admin!23Admin", "thumbprint":"f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4", "transport_zone_ids": [ "992759f9-434a-45ea-9347-2ff45fba1f31" ], "edge_cluster_ids": [ "ad79b022-69bd-4bd9-969a-273627690bd9" ] } } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: infra_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Read an Enforcement Point (Deprecated)

Read an Enforcement Point.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points/{enforcementpoint-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/deployment-zones/default/enforcement-points/nsxt-ep Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

EnforcementPoint+

EnforcementPoint (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_enforce	Auto Enforce Flag Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps.	boolean	Default: "True"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildClusterControlPlane ChildHostTransportNode ChildHostTransportNodeCollection ChildPolicyEdgeCluster ChildPolicyEdgeHighAvailabilityProfile ChildPolicyEdgeTransportNode ChildPolicyFailureDomain ChildPolicyTransportZone ChildSubCluster ChildVirtualNetworkApplianceCluster
connection_info	Enforcement Point Connection Info Connection Info of the Enforcement Point.	EnforcementPointConnectionInfo (Abstract type: pass one of the following concrete types) AviConnectionInfo CvxConnectionInfo NSXTConnectionInfo NSXVConnectionInfo	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EnforcementPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
version	Enforcement point Version Version of the Enforcement point.	string	Readonly

Example Response: { "resource_type": "EnforcementPoint", "id": "nsxt-ep", "display_name": "/infra/deployment-zones/default/enforcement-points/nsxt-ep", "path": "/infra/deployment-zones/default/enforcement-points/nsxt-ep", "parent_path": "/infra/deployment-zones/default", "relative_path": "nsxt-ep", "connection_info": { "resource_type": "NSXTConnectionInfo", "enforcement_point_address": "10.192.201.163", "transport_zone_ids": [ "992759f9-434a-45ea-9347-2ff45fba1f31" ], "edge_cluster_ids": [ "ad79b022-69bd-4bd9-969a-273627690bd9" ], "thumbprint": "f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4" }, "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262753660, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } Required Permissions: read Feature: infra_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete EnforcementPoint (Deprecated)

Delete EnforcementPoint.
Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/deployment-zones/{deployment-zone-id}/enforcement-points/{enforcementpoint-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/deployment-zones/default/enforcement-points/nsxt-ep Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: infra_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List enforcementpoints under Site

Paginated list of all enforcementpoints under Site.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points

/policy/api/v1/global-infra/sites/{site-id}/enforcement-points

Request Headers:

n/a

Query Parameters:

EnforcementPointListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/sites/default/enforcement-points Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

EnforcementPointListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "EnforcementPoint", "id": "nsxt-ep", "display_name": "/infra/sites/default/enforcement-points/nsxt-ep", "path": "/infra/sites/default/enforcement-points/nsxt-ep", "parent_path": "/infra/sites/default", "relative_path": "nsxt-ep", "connection_info": { "resource_type": "NSXTConnectionInfo", "enforcement_point_address": "10.192.201.163", "thumbprint": "f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4" }, "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262753660, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } ] } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Full sync EnforcementPoint from Site

Full sync EnforcementPoint from Site Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}?action=full-sync

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/sites/default/enforcement-points/external-ep?action=full-sync Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create/update a new Enforcement Point under Site

If the passed Enforcement Point does not already exist, create a new Enforcement Point.
If it already exists, replace it.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

EnforcementPoint+

EnforcementPoint (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_enforce	Auto Enforce Flag Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps.	boolean	Default: "True"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildClusterControlPlane ChildHostTransportNode ChildHostTransportNodeCollection ChildPolicyEdgeCluster ChildPolicyEdgeHighAvailabilityProfile ChildPolicyEdgeTransportNode ChildPolicyFailureDomain ChildPolicyTransportZone ChildSubCluster ChildVirtualNetworkApplianceCluster
connection_info	Enforcement Point Connection Info Connection Info of the Enforcement Point.	EnforcementPointConnectionInfo (Abstract type: pass one of the following concrete types) AviConnectionInfo CvxConnectionInfo NSXTConnectionInfo NSXVConnectionInfo	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EnforcementPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
version	Enforcement point Version Version of the Enforcement point.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/sites/default/enforcement-points/nsxt-ep { "connection_info": { "enforcement_point_address":"10.192.201.163", "resource_type":"NSXTConnectionInfo", "username":"admin", "password":"Admin!23Admin", "thumbprint":"f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4" }, "_revision" : 0 } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

EnforcementPoint+

EnforcementPoint (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_enforce	Auto Enforce Flag Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps.	boolean	Default: "True"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildClusterControlPlane ChildHostTransportNode ChildHostTransportNodeCollection ChildPolicyEdgeCluster ChildPolicyEdgeHighAvailabilityProfile ChildPolicyEdgeTransportNode ChildPolicyFailureDomain ChildPolicyTransportZone ChildSubCluster ChildVirtualNetworkApplianceCluster
connection_info	Enforcement Point Connection Info Connection Info of the Enforcement Point.	EnforcementPointConnectionInfo (Abstract type: pass one of the following concrete types) AviConnectionInfo CvxConnectionInfo NSXTConnectionInfo NSXVConnectionInfo	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EnforcementPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
version	Enforcement point Version Version of the Enforcement point.	string	Readonly

Example Response: { "resource_type": "EnforcementPoint", "id": "nsxt-ep", "display_name": "/infra/sites/default/enforcement-points/nsxt-ep", "path": "/infra/sites/default/enforcement-points/nsxt-ep", "parent_path": "/infra/sites/default", "relative_path": "nsxt-ep", "connection_info": { "resource_type": "NSXTConnectionInfo", "enforcement_point_address": "10.192.201.163", "thumbprint": "f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4" }, "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262573524, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Patch a new Enforcement Point under Site

If the passed Enforcement Point does not already exist, create a new Enforcement Point.
If it already exists, patch it.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

EnforcementPoint+

EnforcementPoint (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_enforce	Auto Enforce Flag Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps.	boolean	Default: "True"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildClusterControlPlane ChildHostTransportNode ChildHostTransportNodeCollection ChildPolicyEdgeCluster ChildPolicyEdgeHighAvailabilityProfile ChildPolicyEdgeTransportNode ChildPolicyFailureDomain ChildPolicyTransportZone ChildSubCluster ChildVirtualNetworkApplianceCluster
connection_info	Enforcement Point Connection Info Connection Info of the Enforcement Point.	EnforcementPointConnectionInfo (Abstract type: pass one of the following concrete types) AviConnectionInfo CvxConnectionInfo NSXTConnectionInfo NSXVConnectionInfo	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EnforcementPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
version	Enforcement point Version Version of the Enforcement point.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/sites/default/enforcement-points/nsxt-ep { "connection_info": { "enforcement_point_address":"10.192.201.163", "resource_type":"NSXTConnectionInfo", "username":"admin", "password":"Admin!23Admin", "thumbprint":"f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4" } } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Read an Enforcement Point under Infra/Site

Read an Enforcement Point under Infra/Site
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}

/policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/sites/default/enforcement-points/nsxt-ep Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

EnforcementPoint+

EnforcementPoint (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_enforce	Auto Enforce Flag Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps.	boolean	Default: "True"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildClusterControlPlane ChildHostTransportNode ChildHostTransportNodeCollection ChildPolicyEdgeCluster ChildPolicyEdgeHighAvailabilityProfile ChildPolicyEdgeTransportNode ChildPolicyFailureDomain ChildPolicyTransportZone ChildSubCluster ChildVirtualNetworkApplianceCluster
connection_info	Enforcement Point Connection Info Connection Info of the Enforcement Point.	EnforcementPointConnectionInfo (Abstract type: pass one of the following concrete types) AviConnectionInfo CvxConnectionInfo NSXTConnectionInfo NSXVConnectionInfo	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EnforcementPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
version	Enforcement point Version Version of the Enforcement point.	string	Readonly

Example Response: { "resource_type": "EnforcementPoint", "id": "nsxt-ep", "display_name": "/infra/sites/default/enforcement-points/nsxt-ep", "path": "/infra/sites/default/enforcement-points/nsxt-ep", "parent_path": "/infra/sites/default", "relative_path": "nsxt-ep", "connection_info": { "resource_type": "NSXTConnectionInfo", "enforcement_point_address": "10.192.201.163", "thumbprint": "f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4" }, "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262753660, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete EnforcementPoint from Site

Delete EnforcementPoint from Site Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/sites/default/enforcement-points/nsxt-ep Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List Edge Clusters under an Enforcement Point

Paginated list of all Edge Clusters under an Enforcement Point
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters

/policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters

Request Headers:

n/a

Query Parameters:

PolicyEdgeClusterListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/sites/default/enforcement-points/nsxt-ep/edge-clusters Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyEdgeClusterListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "PolicyEdgeCluster", "id": "ec", "display_name": "/infra/sites/default/enforcement-points/nsxt-ep/edge-clusters/ec", "path": "/infra/sites/default/enforcement-points/nsxt-ep/edge-clusters/ec", "parent_path": "/infra/sites/default/enforcement-points/nsxt-ep", "relative_path": "ec", "policy_edge_nodes": [ { "id": "my-policy-edge-node-id", "edge_transport_node_path": "/infra/sites/default/enforcement-points/default/edge-transport-nodes/my-policy-edge-tn-id", "member_index": 0 }, { "id": "my-policy-edge-node-id-1", "edge_transport_node_path": "/infra/sites/default/enforcement-points/default/edge-transport-nodes/my-policy-edge-tn-id-1", "member_index": 1 } ] "nsx_id": "8ce97b79-e2da-4d73-bc3b-4723ccab0600", "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262753660, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_ep_edge Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Read an Edge Cluster under an Enforcement Point

Read an Edge Cluster under an Enforcement Point
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}

/policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/sites/default/enforcement-points/nsxt-ep/edge-clusters/ec Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyEdgeCluster+

PolicyEdgeCluster (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
allocation_rules	Allocation rules for auto placement Set of allocation rules to auto-allocate nodes for Tier0/Tier1 Gateways, and DHCP on edge cluster members.	array of AllocationRule
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPolicyEdgeNode
deployment_type	Edge cluster deployment type This field is a readonly field which shows the deployment_type of members. It returns UNKNOWN if there are no members, and returns VIRTUAL_MACHINE\| PHYSICAL_MACHINE if all edge members are VIRTUAL_MACHINE\|PHYSICAL_MACHINE.	EdgeDeploymentType	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
edge_cluster_profile	Path of edge cluster high availability profile. This field is optional and if not provided, default profile path will be considered.	string
id	Unique identifier of this resource	string	Sortable
inter_site_forwarding_enabled	Inter site forwarding is enabled if true Flag indicates that edge cluster has inter-site forwarding enabled and remote tunnel points is configured for all the members. This is required to deploy stretch gateways.	boolean	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
member_node_type	Node type of the cluster members This field contains the info of type of transport nodes. Edge cluster is homogenous collection of transport nodes. Hence all transport nodes of the cluster must be of same type.	EdgeClusterNodeType	Readonly
nsx_id	Edge Cluster UUID on NSX-T Enforcement Point This field is deprecated.Refer policy edge cluster unique_id to get the policy edge cluster uuid.	string	Deprecated Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
password_managed_by_vcf	VCF managed password flag Setting to true enables VCF password management for all edge nodes in the cluster.	boolean	Default: "False"
path	Absolute path of this object Absolute path of this object	string	Readonly
policy_edge_nodes	Policy Edge Cluster Member This field contains the list of edge cluster members. Using this field, multiple members can be add and remove.	array of PolicyEdgeClusterMember
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyEdgeCluster	string
rtep_ips	Remote tunnel endpoint IP addresses. This field is deprecated, Refer the /infra/sites//enforcement-points//edge-transport-nodes//state API for rtep ips.	array of IPAddress	Deprecated Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "PolicyEdgeCluster", "id": "ec", "display_name": "/infra/sites/default/enforcement-points/nsxt-ep/edge-clusters/ec", "path": "/infra/sites/default/enforcement-points/nsxt-ep/edge-clusters/ec", "parent_path": "/infra/sites/default/enforcement-points/nsxt-ep", "policy_edge_nodes": [ { "id": "my-policy-edge-node-id", "edge_transport_node_path": "/infra/sites/default/enforcement-points/default/edge-transport-nodes/my-policy-edge-tn-id", "member_index": 0 }, { "id": "my-policy-edge-node-id-1", "edge_transport_node_path": "/infra/sites/default/enforcement-points/default/edge-transport-nodes/my-policy-edge-tn-id-1", "member_index": 1 } ] "relative_path": "ec", "nsx_id": "8ce97b79-e2da-4d73-bc3b-4723ccab0600", "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262753660, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: policy_ep_edge Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Reload an Enforcement Point under Site

Reload an Enforcement Point under Site. This will read and update
fabric configs from enforcement point.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}?action=reload

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/sites/default/enforcement-points/nsxt-ep?action=reload Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

EnforcementPoint+

EnforcementPoint (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_enforce	Auto Enforce Flag Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps.	boolean	Default: "True"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildClusterControlPlane ChildHostTransportNode ChildHostTransportNodeCollection ChildPolicyEdgeCluster ChildPolicyEdgeHighAvailabilityProfile ChildPolicyEdgeTransportNode ChildPolicyFailureDomain ChildPolicyTransportZone ChildSubCluster ChildVirtualNetworkApplianceCluster
connection_info	Enforcement Point Connection Info Connection Info of the Enforcement Point.	EnforcementPointConnectionInfo (Abstract type: pass one of the following concrete types) AviConnectionInfo CvxConnectionInfo NSXTConnectionInfo NSXVConnectionInfo	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EnforcementPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
version	Enforcement point Version Version of the Enforcement point.	string	Readonly

Example Response: { "resource_type": "EnforcementPoint", "id": "nsxt-ep", "display_name": "/infra/sites/default/enforcement-points/nsxt-ep", "path": "/infra/sites/default/enforcement-points/nsxt-ep", "parent_path": "/infra/sites/default", "relative_path": "nsxt-ep", "connection_info": { "resource_type": "NSXTConnectionInfo", "enforcement_point_address": "10.192.201.163", "thumbprint": "f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4" }, "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262753660, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Enforcement Points: Edge Clusters (Legacy Management Plane)

Associated URIs:

GET /api/v1/cluster-profiles (Deprecated)
POST /api/v1/cluster-profiles (Deprecated)
DELETE /api/v1/cluster-profiles/{cluster-profile-id} (Deprecated)
GET /api/v1/cluster-profiles/{cluster-profile-id} (Deprecated)
PUT /api/v1/cluster-profiles/{cluster-profile-id} (Deprecated)

List Cluster Profiles (Deprecated)

Returns paginated list of cluster profiles
Cluster profiles define policies for edge cluster and bridge cluster.
Request:

Method:

GET

URI Path(s):

/api/v1/cluster-profiles

Request Headers:

n/a

Query Parameters:

ClusterProfileListParameters+

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/cluster-profiles?include_system_owned=false Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ClusterProfileListResult+

Example Response: { "result_count": 1, "results": [ { "resource_type": "EdgeHighAvailabilityProfile", "description": "", "id": "a73723d4-24d5-4ea8-97a5-6c1a3853e838", "display_name": "edge-cluster-profile-West", "tags": [], "bfd_probe_interval": 2000, "bfd_declare_dead_multiple": 9, "bfd_allowed_hops": 3, "standby_relocation_config": { "standby_relocation_threshold": 40 }, "_last_modified_time": 1458585189556, "_create_time": 1458585189556, "_last_modified_user": "admin", "_system_owned": false, "_create_user": "admin", "_revision": 0 } ] } Required Permissions: read Feature: profiles_cluster_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create a Cluster Profile (Deprecated)

Create a cluster profile. The resource_type is required.
Request:

Method:

POST

URI Path(s):

/api/v1/cluster-profiles

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

BridgeHighAvailabilityClusterProfile+

BridgeHighAvailabilityClusterProfile (schema) (Deprecated)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_probe_interval	the time interval (in millisec) between probe packets for heartbeat purpose	integer	Minimum: 300 Maximum: 60000 Default: "1000"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable	whether the heartbeat is enabled	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value BridgeHighAvailabilityClusterProfile	ClusterProfileType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

EdgeHighAvailabilityProfile+

EdgeHighAvailabilityProfile (schema) (Deprecated)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_allowed_hops	BFD allowed hops	integer	Minimum: 1 Maximum: 255 Default: "255"
bfd_declare_dead_multiple	Number of times a packet is missed before BFD declares the neighbor down.	integer	Minimum: 2 Maximum: 16 Default: "3"
bfd_probe_interval	the time interval (in millisec) between probe packets for heartbeat purpose	integer	Minimum: 50 Maximum: 60000 Default: "500"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value EdgeHighAvailabilityProfile	ClusterProfileType	Required
standby_relocation_config	Standby service contexts relocation setting	StandbyRelocationConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

Example Request: POST https://<nsx-mgr>/api/v1/cluster-profiles { "resource_type": "EdgeHighAvailabilityProfile", "display_name": "edge-cluster-profile-East", "bfd_probe_interval": 1000, "bfd_declare_dead_multiple": 3, "bfd_allowed_hops": 1, "standby_relocation_config": { "standby_relocation_threshold": 40 } } Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

BridgeHighAvailabilityClusterProfile+

BridgeHighAvailabilityClusterProfile (schema) (Deprecated)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_probe_interval	the time interval (in millisec) between probe packets for heartbeat purpose	integer	Minimum: 300 Maximum: 60000 Default: "1000"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable	whether the heartbeat is enabled	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value BridgeHighAvailabilityClusterProfile	ClusterProfileType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

EdgeHighAvailabilityProfile+

EdgeHighAvailabilityProfile (schema) (Deprecated)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_allowed_hops	BFD allowed hops	integer	Minimum: 1 Maximum: 255 Default: "255"
bfd_declare_dead_multiple	Number of times a packet is missed before BFD declares the neighbor down.	integer	Minimum: 2 Maximum: 16 Default: "3"
bfd_probe_interval	the time interval (in millisec) between probe packets for heartbeat purpose	integer	Minimum: 50 Maximum: 60000 Default: "500"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value EdgeHighAvailabilityProfile	ClusterProfileType	Required
standby_relocation_config	Standby service contexts relocation setting	StandbyRelocationConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

Example Response: { "resource_type": "EdgeHighAvailabilityProfile", "id": "c5fc06d9-648e-4897-9483-21c3f1666d65", "display_name": "edge-cluster-profile-East", "bfd_probe_interval": 1000, "bfd_declare_dead_multiple": 3, "bfd_allowed_hops": 1, "standby_relocation_config": { "standby_relocation_threshold": 40 }, "_last_modified_time": 1458585978941, "_create_time": 1458585978941, "_last_modified_user": "admin", "_system_owned": false, "_create_user": "admin", "_revision": 0 } Required Permissions: crud Feature: profiles_cluster_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get cluster profile by Id (Deprecated)

Returns information about a specified cluster profile. Request:

Method:

GET

URI Path(s):

/api/v1/cluster-profiles/{cluster-profile-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/cluster-profiles/a73723d4-24d5-4ea8-97a5-6c1a3853e838 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

BridgeHighAvailabilityClusterProfile+

BridgeHighAvailabilityClusterProfile (schema) (Deprecated)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_probe_interval	the time interval (in millisec) between probe packets for heartbeat purpose	integer	Minimum: 300 Maximum: 60000 Default: "1000"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable	whether the heartbeat is enabled	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value BridgeHighAvailabilityClusterProfile	ClusterProfileType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

EdgeHighAvailabilityProfile+

EdgeHighAvailabilityProfile (schema) (Deprecated)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_allowed_hops	BFD allowed hops	integer	Minimum: 1 Maximum: 255 Default: "255"
bfd_declare_dead_multiple	Number of times a packet is missed before BFD declares the neighbor down.	integer	Minimum: 2 Maximum: 16 Default: "3"
bfd_probe_interval	the time interval (in millisec) between probe packets for heartbeat purpose	integer	Minimum: 50 Maximum: 60000 Default: "500"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value EdgeHighAvailabilityProfile	ClusterProfileType	Required
standby_relocation_config	Standby service contexts relocation setting	StandbyRelocationConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

Example Response: { "resource_type": "EdgeHighAvailabilityProfile", "description": "", "id": "a73723d4-24d5-4ea8-97a5-6c1a3853e838", "display_name": "edge-cluster-profile-West", "tags": [], "bfd_probe_interval": 2000, "bfd_declare_dead_multiple": 9, "bfd_allowed_hops": 3, "standby_relocation_config": { "standby_relocation_threshold": 40 }, "_last_modified_time": 1458585189556, "_create_time": 1458585189556, "_last_modified_user": "admin", "_system_owned": false, "_create_user": "admin", "_revision": 0 } Required Permissions: read Feature: profiles_cluster_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Update a cluster profile (Deprecated)

Modifie a specified cluster profile. The body of the PUT request must
include the resource_type.
Request:

Method:

PUT

URI Path(s):

/api/v1/cluster-profiles/{cluster-profile-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

BridgeHighAvailabilityClusterProfile+

BridgeHighAvailabilityClusterProfile (schema) (Deprecated)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_probe_interval	the time interval (in millisec) between probe packets for heartbeat purpose	integer	Minimum: 300 Maximum: 60000 Default: "1000"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable	whether the heartbeat is enabled	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value BridgeHighAvailabilityClusterProfile	ClusterProfileType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

EdgeHighAvailabilityProfile+

EdgeHighAvailabilityProfile (schema) (Deprecated)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_allowed_hops	BFD allowed hops	integer	Minimum: 1 Maximum: 255 Default: "255"
bfd_declare_dead_multiple	Number of times a packet is missed before BFD declares the neighbor down.	integer	Minimum: 2 Maximum: 16 Default: "3"
bfd_probe_interval	the time interval (in millisec) between probe packets for heartbeat purpose	integer	Minimum: 50 Maximum: 60000 Default: "500"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value EdgeHighAvailabilityProfile	ClusterProfileType	Required
standby_relocation_config	Standby service contexts relocation setting	StandbyRelocationConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

Example Request: PUT https://<nsx-mgr>/api/v1/cluster-profiles/c5fc06d9-648e-4897-9483-21c3f1666d65 { "resource_type": "EdgeHighAvailabilityProfile", "id": "c5fc06d9-648e-4897-9483-21c3f1666d65", "display_name": "edge-cluster-profile-East", "bfd_probe_interval": 1000, "bfd_declare_dead_multiple": 3, "tags": [{"scope": "home", "tag": "green"}], "bfd_allowed_hops": 1, "standby_relocation_config": { "standby_relocation_threshold": 40 }, "_revision": 0 } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

BridgeHighAvailabilityClusterProfile+

BridgeHighAvailabilityClusterProfile (schema) (Deprecated)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_probe_interval	the time interval (in millisec) between probe packets for heartbeat purpose	integer	Minimum: 300 Maximum: 60000 Default: "1000"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable	whether the heartbeat is enabled	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value BridgeHighAvailabilityClusterProfile	ClusterProfileType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

EdgeHighAvailabilityProfile+

EdgeHighAvailabilityProfile (schema) (Deprecated)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_allowed_hops	BFD allowed hops	integer	Minimum: 1 Maximum: 255 Default: "255"
bfd_declare_dead_multiple	Number of times a packet is missed before BFD declares the neighbor down.	integer	Minimum: 2 Maximum: 16 Default: "3"
bfd_probe_interval	the time interval (in millisec) between probe packets for heartbeat purpose	integer	Minimum: 50 Maximum: 60000 Default: "500"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value EdgeHighAvailabilityProfile	ClusterProfileType	Required
standby_relocation_config	Standby service contexts relocation setting	StandbyRelocationConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

Example Response: { "resource_type": "EdgeHighAvailabilityProfile", "id": "c5fc06d9-648e-4897-9483-21c3f1666d65", "display_name": "edge-cluster-profile-East", "tags": [ { "scope": "home", "tag": "green" } ], "bfd_probe_interval": 1000, "bfd_declare_dead_multiple": 3, "bfd_allowed_hops": 1, "standby_relocation_config": { "standby_relocation_threshold": 40 }, "_last_modified_time": 1458586622412, "_create_time": 1458585978941, "_last_modified_user": "admin", "_system_owned": false, "_create_user": "admin", "_revision": 1 } Required Permissions: crud Feature: profiles_cluster_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete a cluster profile (Deprecated)

Delete a specified cluster profile. Request:

Method:

DELETE

URI Path(s):

/api/v1/cluster-profiles/{cluster-profile-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<nsx-mgr>/api/v1/cluster-profiles/c5fc06d9-648e-4897-9483-21c3f1666d65 Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: profiles_cluster_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Federation

Federation: Edge Transport Node (Remote Tep)

Associated URIs:

GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/neighbors
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/neighbors
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/neighbors/{neighbor-id}/advertised-routes
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/neighbors/{neighbor-id}/advertised-routes
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/neighbors/{neighbor-id}/routes
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/neighbors/{neighbor-id}/routes
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/summary
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/summary
GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/tunnels/statistics
GET /policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/tunnels/statistics

Paginated list of BGP Neighbors on edge transport node

Paginated list of paginated BGP neighbors on the edge transport node.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/neighbors

/policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/neighbors

Request Headers:

n/a

Query Parameters:

ListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/sites/default/enforcement-points/default/edge-clusters/fa0f2e56-a09c-42f6-9417-adcce68416a4/edge-nodes/0/remote-tep-connectivity/bgp/neighbors Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyEdgeNodeBgpNeighborsListResult+

Example Response: { "results": [ { "enabled": true, "neighbor_address": "172.20.10.20", "source_address": "172.20.10.10", "source_addresses": [ "172.20.10.10" ], "maximum_hop_limit": 0, "enable_bfd": false, "remote_as": 65000, "remote_as_num": "65000", "hold_down_timer": 15, "keep_alive_timer": 5, "address_families": [ { "type": "IPV6_UNICAST", "enabled": true, "in_filter_routemap_id": "90318bdc-d9a6-426e-98fc-53e3ea1b68a9", "out_filter_routemap_id": "f1490a33-34cc-4a96-a60a-1da4289f5394" } ], "allow_as_in": false, "graceful_restart_mode": "INVALID", "resource_type": "BgpNeighbor", "id": "504684af-8b62-44c9-8333-39884203b386", "_protection": "NOT_PROTECTED", "_create_time": 1734502487340, "_create_user": "system", "_last_modified_time": 1734502487340, "_last_modified_user": "system", "_revision": 0 }, { "enabled": true, "neighbor_address": "172.20.10.21", "source_address": "172.20.10.10", "source_addresses": [ "172.20.10.10" ], "maximum_hop_limit": 0, "enable_bfd": false, "remote_as": 65000, "remote_as_num": "65000", "hold_down_timer": 15, "keep_alive_timer": 5, "address_families": [ { "type": "IPV6_UNICAST", "enabled": true, "in_filter_routemap_id": "90318bdc-d9a6-426e-98fc-53e3ea1b68a9", "out_filter_routemap_id": "f1490a33-34cc-4a96-a60a-1da4289f5394" } ], "allow_as_in": false, "graceful_restart_mode": "INVALID", "resource_type": "BgpNeighbor", "id": "6f6178a5-5766-4765-b0a0-dbd7bcefa4e9", "_protection": "NOT_PROTECTED", "_create_time": 1734502487342, "_create_user": "system", "_last_modified_time": 1734502487342, "_last_modified_user": "system", "_revision": 0 } ], "result_count": 2 } Required Permissions: read Feature: policy_ep_edge Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get BGP neighbor advertised routes on edge transport node.

Returns routes advertised by BGP neighbor from the given edge transport node. It always returns realtime response.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/neighbors/{neighbor-id}/advertised-routes

/policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/neighbors/{neighbor-id}/advertised-routes

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1//infra/sites/default/enforcement-points/default/edge-clusters/fa0f2e56-a09c-42f6-9417-adcce68416a4/edge-nodes/0/remote-tep-connectivity/bgp/neighbors/504684af-8b62-44c9-8333-39884203b386/advertised-routes Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyEdgeNodeBgpNeighborAdvertisedRoutes+

Example Response: { "neighbor_id": "504684af-8b62-44c9-8333-39884203b386", "neighbor_address": "172.20.10.20", "per_transport_node_routes": [ { "source_address": "172.20.10.10", "routes": [ { "network": "fc00::3:fcf9:23:fcf9/128", "next_hop": "::", "local_pref": 100, "weight": 32768, "med": 0, "as_path": "" }, { "network": "fc00::3:98f9:23:98f9/128", "next_hop": "::", "local_pref": 100, "weight": 32768, "med": 0, "as_path": "" }, { "network": "fc00::3:c0f9:23:c0f9/128", "next_hop": "::", "local_pref": 100, "weight": 32768, "med": 0, "as_path": "" } ] } ] } Required Permissions: read Feature: policy_ep_edge Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get BGP neighbor learned routes on edge transport node.

Returns routes learned by BGP neighbor from the given edge transport node. It always returns realtime response.
Request:

Method:

GET

URI Path(s):

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyEdgeNodeBgpNeighborRouteDetailList+

Example Response: { "neighbor_id": "504684af-8b62-44c9-8333-39884203b386", "neighbor_address": "172.20.10.20", "per_transport_node_routes": [ { "source_address": "172.20.10.10", "routes": [ { "network": "fc00::3:fcf9:43:fcf9/128", "next_hop": "fe80::1:ac14:a14", "local_pref": 100, "weight": 32768, "med": 0, "as_path": "" }, { "network": "fc00::3:98f9:43:98f9/128", "next_hop": "fe80::1:ac14:a14", "local_pref": 100, "weight": 32768, "med": 0, "as_path": "" }, { "network": "fc00::3:c0f9:43:c0f9/128", "next_hop": "fe80::1:ac14:a14", "local_pref": 100, "weight": 32768, "med": 0, "as_path": "" } ] } ] } Required Permissions: read Feature: policy_ep_edge Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get Remote TEP BGP summary of policy edge transport node.

Get Remote TEP BGP summary of policy edge transport node.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/summary

/policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/bgp/summary

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyEdgeClusterMemberInterSiteBgpSummary+

Example Response: { "policy_edge_node_path": "/infra/sites/default/enforcement-points/default/edge-clusters/fa0f2e56-a09c-42f6-9417-adcce68416a4/edge-nodes/0", "neighbor_status": [ { "source_address": "172.20.10.10", "local_port": 179, "neighbor_address": "172.20.10.20", "remote_port": 34703, "remote_as_number": "65000", "connection_state": "ESTABLISHED", "messages_received": 145809, "messages_sent": 145797, "time_since_established": 205949, "total_in_prefix_count": 3, "total_out_prefix_count": 3, "address_families": [ { "type": "IPV6_UNICAST", "in_prefix_count": 3, "out_prefix_count": 3 } ], "connection_drop_count": 6, "established_connection_count": 7, "hold_time": 15, "keep_alive_interval": 5, "graceful_restart_mode": "HELPER_ONLY", "announced_capabilities": [ "addPath IPv6 Unicast Rx", "IPv6 Unicast", "hostName advHostName", "routeRefresh", "4byteAs" ], "negotiated_capability": [ "addPath IPv6 Unicast Rx", "IPv6 Unicast", "hostName rcvHostName", "routeRefresh", "4byteAs" ], "neighbor_router_id": "172.20.10.20", "remote_site_path": "/global-infra/sites/Paris" }, { "source_address": "172.20.10.10", "local_port": 179, "neighbor_address": "172.20.10.21", "remote_port": 44337, "remote_as_number": "65000", "connection_state": "ESTABLISHED", "messages_received": 145778, "messages_sent": 145782, "time_since_established": 200713, "total_in_prefix_count": 3, "total_out_prefix_count": 3, "address_families": [ { "type": "IPV6_UNICAST", "in_prefix_count": 3, "out_prefix_count": 3 } ], "connection_drop_count": 12, "established_connection_count": 13, "hold_time": 15, "keep_alive_interval": 5, "graceful_restart_mode": "HELPER_ONLY", "announced_capabilities": [ "addPath IPv6 Unicast Rx", "IPv6 Unicast", "hostName advHostName", "routeRefresh", "4byteAs" ], "negotiated_capability": [ "addPath IPv6 Unicast Rx", "IPv6 Unicast", "hostName rcvHostName", "routeRefresh", "4byteAs" ], "neighbor_router_id": "172.20.10.21", "remote_site_path": "/global-infra/sites/Paris" } ], "last_update_timestamp": 1735231591677 } Required Permissions: read Feature: policy_ep_edge Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get cross-site tunnel statistics of policy edge transport node.

Returns RTEP to RTEP tunnel port statistics of the given edge node. It always returns realtime response.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/tunnels/statistics

/policy/api/v1/global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{policy-edge-node-id}/remote-tep-connectivity/tunnels/statistics

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyEdgeNodeRemoteTepStatistics+

Example Response: { "stats_per_site": [ { "remote_site_path": "/global-infra/sites/Paris", "stats_per_tunnel": [ { "tunnel_source_address": "172.20.10.10", "tunnel_destination_address": "172.20.10.20", "rx": { "total_bytes": 30728445, "total_packets": 405923, "dropped_packets": 17, "blocked_packets": 0 }, "tx": { "total_bytes": 48996399, "total_packets": 409618, "dropped_packets": 0, "blocked_packets": 0 } }, { "tunnel_source_address": "172.20.10.10", "tunnel_destination_address": "172.20.10.21", "rx": { "total_bytes": 30361253, "total_packets": 401876, "dropped_packets": 23, "blocked_packets": 0 }, "tx": { "total_bytes": 48280988, "total_packets": 404029, "dropped_packets": 0, "blocked_packets": 0 } } ], "rx": { "total_bytes": 61089698, "total_packets": 807799, "dropped_packets": 40, "blocked_packets": 0 }, "tx": { "total_bytes": 97277387, "total_packets": 813647, "dropped_packets": 0, "blocked_packets": 0 } } ], "last_update_timestamp": 1735233402279 } Required Permissions: read Feature: policy_ep_edge Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Federation: Federation Configuration

Associated URIs:

GET /policy/api/v1/infra/federation-config
GET /policy/api/v1/global-infra/federation-config
GET /policy/api/v1/global-infra/global-manager-config?action=show-sensitive-data

Read federation config

Read a federation config from Global Manager. Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/federation-config

/policy/api/v1/global-infra/federation-config

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/global-infra/federation-config GET https://<global-mgr>/global-manager/api/v1/global-infra/federation-config Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

FederationConfig+

Example Response: { "site_config" : [ { "site_id": "59ee0369-3d2b-4b2a-9221-594344f6ca4c", "rtep_ips": [ "10.192.201.163", "10.192.201.164" ], "site_index": 1, "site_path": "/global-infra/sites/paris" } ] } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Read Global Manager config along with sensitive data

Read a Global Manager config along with sensitive data.
For example - rtep_config.ibgp_password
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/global-manager-config?action=show-sensitive-data

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<pglobal-mgr>/global-manager/api/v1/global-infra/global-manager-config?action=show-sensitive-data GET https://<policy-mgr>/policy/api/v1/global-infra/global-manager-config?action=show-sensitive-data Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

GlobalManagerConfig+

GlobalManagerConfig (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GlobalManagerConfig	string
rtep_config	Global Manager federation RTEP configuration Global Manager federation RTEP configuration. This configuration is distributed to all Sites participating in federation.	GmRtepConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "GlobalManagerConfig", "rtep_config" : { "ibgp_password": "secureme" }, "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262573524, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } Required Permissions: crud Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Federation: Full Synchronization

Associated URIs:

POST /policy/api/v1/infra/full-sync-action
GET /policy/api/v1/infra/full-sync-states
GET /policy/api/v1/global-infra/full-sync-states
GET /policy/api/v1/infra/full-sync-states/{full-sync-id}
GET /policy/api/v1/global-infra/full-sync-states/{full-sync-id}

Performs realized object actions specified in the action.

Performs realized object actions specified in the action. Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/full-sync-action

Request Headers:

n/a

Query Parameters:

PolicyFullSyncActionParameters+

Request Body:

n/a

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/full-sync-action?action=request_full_sync POST https://policy.nsx.vmware.com/global-manager/api/v1/orgs/256d811c-168c-41b6-9c5c-e1672a84dcb7/projects/default--nsx-dev-test/infra/full-sync-action?action=request_notifications_full_sync&site=site1 Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: { "fullsync_action_response": "requested full sync", } Required Permissions: crud Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List full sync states

List full sync state. Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/full-sync-states

/policy/api/v1/global-infra/full-sync-states

Request Headers:

n/a

Query Parameters:

PolicyListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/full-sync-states Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

FullSyncStateListResult+

Example Response: { "result_count" : 1, "results" : [ "resource_type": "FullSyncState", "id": "1234", "full_sync_id": "1234", "last_completed_stage": "PROCESSED_DELTAS", "path": "/infra/fullsync-states/1234", "parent_path": "/infra", "relative_path": "1234", "_create_user": "SYSTEM", "_create_time": 1517262573524, "_last_modified_user": "SYSTEM", "_last_modified_time": 1517262573524, "_system_owned": true, "_revision": 2 ] } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get full sync state

Get full sync state. Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/full-sync-states/{full-sync-id}

/policy/api/v1/global-infra/full-sync-states/{full-sync-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/full-sync-states/1234 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

FullSyncState+

FullSyncState (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
errors	Errors occurred during full sync Errors occurred during full sync.	array of string	Readonly
full_sync_id	Full sync id Full sync id generated by Async Replicator (AR) service.	string	Readonly
id	Unique identifier of this resource	string	Sortable
last_completed_stage	Full sync stage that is last completed for this request. The current stage of full sync completion for ongoing sync. When Local Manager (LM) receives full sync data from AR, LM starts with workflow to prserve the state and restore the full sync from where it has left off in case of change of leadership of the service to different NSX node or LM is restarted. LM starts the full sync workflow with state INITIAL capturing the AR full sync id and data location details. The stage/state transition follows the order given below INITIAL - Full sync started PROCESSED_FULLSYNC_DATA - Compelted processing the full state data provided by AR PRCESSED_DELTAS - Completed processing pending delta changes provided by AR. DELETED_STALE_ENTITIES - Completed deletion of all global entities on LM that are not in GM anymore COMPLETED - Full sync handling is completed on LM ERROR - Full sync failed with errors on LM, in which case AR will re-attempt full sync later point in time for the LM ABORTED - Indicates that the full sync cancelled as per user request	string	Readonly Enum: INITIAL, PAUSE_DCNS, DELETED_STALE_ENTITIES, PROCESSED_FULLSYNC_DATA, PROCESSED_DELTAS, UNPAUSE_DCNS, COMPLETED, ERROR, ABORTED
last_upate_time	Deprecated, refer to last_update_time for the last update time stamp.	EpochMsTimestamp	Deprecated Readonly Sortable
last_update_time	Timestamp of last update, could be progress or success or error.	EpochMsTimestamp	Readonly Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value FullSyncState	string
start_time	Timestamp of Full Sync start.	EpochMsTimestamp	Readonly Sortable
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "FullSyncState", "id": "1234", "full_sync_id": "1234", "last_completed_stage": "PROCESSED_DELTAS", "path": "/infra/fullsync-states/1234", "parent_path": "/infra", "relative_path": "1234", "_create_user": "SYSTEM", "_create_time": 1517262573524, "_last_modified_user": "SYSTEM", "_last_modified_time": 1517262573524, "_system_owned": true, "_revision": 2 } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Federation: Global Managers

Associated URIs:

GET /policy/api/v1/global-infra/global-managers
GET /policy/api/v1/global-infra/global-managers/{global-manager-id}

List Global Managers

List Global Managers under Infra.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/global-managers

Request Headers:

n/a

Query Parameters:

GlobalManagerListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/global-infra/global-managers Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

GlobalManagerListResult+

Example Response: { "result_count" : 2, "results" : [ { "resource_type": "GlobalManager", "id": "london", "gm_id": "aad93dd9-ea71-41d7-be0d-1b1fca616660", "display_name": "London GM", "path": "/infra/global-managers/london", "parent_path": "/infra/global-managers/london", "relative_path": "london", "mode": "ACTIVE", "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262573524, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 }, { "resource_type": "GlobalManager", "id": "Paris", "gm_id": "dfd93dd9-ea71-41d7-be0d-1b1fca616660", "display_name": "Paris GM", "path": "/infra/global-managers/Paris", "parent_path": "/infra/global-managers/Paris", "relative_path": "Paris", "mode": "STANDBY", "connection_info": [{ "fqdn": "10.190.201.163" }], "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262573524, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } ] } Required Permissions: read Feature: standby_site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Read a Global Manager

Retrieve information about a particular configured global manager.
Global Manager id 'self' is reserved and can be used for referring to local
logged in Global Manager.
Example - /infra/global-managers/self
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/global-managers/{global-manager-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/global-infra/global-managers/london Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

GlobalManager+

GlobalManager (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
connection_info	Connection information To create a standby GM, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the GM has been successfully onboarded, the connection_info is discarded and authentication to the standby GM occurs using an X.509 client certificate.	array of SiteNodeConnectionInfo	Maximum items: 3
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fail_if_rtt_exceeded	Fail onboarding if maximum RTT exceeded Fail onboarding if maximum RTT exceeded.	boolean	Default: "True"
federation_id	Global manager federation UUID Internally generated UUID to the federation of Global Manager.	string	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
maximum_rtt	Maximum acceptable packet round trip time (RTT) If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value.	integer	Minimum: 0 Maximum: 1000 Default: "250"
mode	Mode of the global manager There can be at most one ACTIVE global manager and one STANDBY global manager. In order to add a STANDBY manager, there must be an ACTIVE manager defined.	string	Required Enum: ACTIVE, STANDBY
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GlobalManager	string
site_id	UUID of the site where Global manager is running UUID of the site where Global manager is running. This is the Site Manager generated UUID for every NSX deployment.	string	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "GlobalManager", "id": "london", "gm_id": "dfd93dd9-ea71-41d7-be0d-1b1fca616660", "display_name": "London GM", "path": "/infra/global-managers/london", "parent_path": "/infra/global-managers/london", "relative_path": "london", "mode": "ACTIVE", "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262573524, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } Required Permissions: read Feature: standby_site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Federation: Inter-Sites (Legacy Management Plane)

Associated URIs:

GET /api/v1/edge-clusters/{edge-cluster-id}/inter-site/status
GET /policy/api/v1/global-infra/segments/{segment-id}/inter-site-forwarder/site-span-info
GET /policy/api/v1/global-infra/segments/{segment-id}/inter-site-forwarder/statistics
GET /policy/api/v1/global-infra/segments/{segment-id}/inter-site-forwarder/status (Deprecated)
GET /policy/api/v1/global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}/inter-site/bgp-summary (Deprecated)
GET /policy/api/v1/global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}/inter-site/status (Deprecated)
GET /policy/api/v1/global-infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}/inter-site-forwarder/status
GET /policy/api/v1/global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/inter-site-forwarder/site-span-info
GET /policy/api/v1/global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/inter-site-forwarder/statistics
GET /policy/api/v1/global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/inter-site-forwarder/status (Deprecated)
GET /api/v1/logical-switches/{logical-switch-id}/inter-site-forwarder/site-span-info (Experimental)
GET /api/v1/logical-switches/{logical-switch-id}/inter-site-forwarder/statistics (Experimental)
GET /api/v1/logical-switches/{logical-switch-id}/inter-site-forwarder/status (Experimental) (Deprecated)
GET /api/v1/transport-nodes/{edge-node-id}/inter-site/bgp/neighbors
GET /api/v1/transport-nodes/{edge-node-id}/inter-site/bgp/neighbors/{neighbor-id}/advertised-routes
GET /api/v1/transport-nodes/{edge-node-id}/inter-site/bgp/neighbors/{neighbor-id}/routes
GET /api/v1/transport-nodes/{edge-node-id}/inter-site/bgp/summary (Deprecated)
GET /api/v1/transport-nodes/{edge-node-id}/inter-site/statistics

Get inter-site status of the edge cluster

Returns the aggregated status for the Edge cluster along with status of
all edge nodes in the cluster. It always returns cached response.
Request:

Method:

GET

URI Path(s):

/api/v1/edge-clusters/{edge-cluster-id}/inter-site/status

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/edge-clusters/875381be-a4c5-4173-8aa7-ab71695a8129/inter-site/status Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

EdgeClusterInterSiteStatus+

Example Response: { "edge_cluster_id": "875381be-a4c5-4173-8aa7-ab71695a8129", "edge_cluster_name": "Federation edge cluster", "member_status": [ { "transport_node": { "target_id": "258c50b4-c960-4005-9023-f7946e302162", "target_display_name": "Edge node 1", "is_valid": true }, "total_bgp_sessions": 2, "established_bgp_sessions": 2, "neighbor_status": [ { "source_address": "192.100.20.10", "neighbor_address": "192.200.20.10", "connection_state": "ESTABLISHED", "remote_site": { "target_id": "258c50b4-c960-4005-9023-f7946e302162", "target_display_name": "India Site", "is_valid": true } }, { "source_address": "192.300.20.10", "neighbor_address": "192.400.20.10", "connection_state": "ESTABLISHED", "remote_site": { "target_id": "235c52a2-c960-4005-4512-451dc54fa542", "target_display_name": "PA Site", "is_valid": true } } ] "status": "UP" }, { "transport_node": { "target_id": "77eead22-3bb9-4586-8de3-9412941f9116", "target_display_name": "Edge node 2", "is_valid": true }, "total_bgp_sessions": 1, "established_bgp_sessions": 0, "neighbor_status": [ { "source_address": "192.100.20.10", "neighbor_address": "192.200.20.10", "connection_state": "IDLE", "remote_site": { "target_id": "258c50b4-c960-4005-9023-f7946e302162", "target_display_name": "India Site", "is_valid": true } } ] "status": "DOWN" } ], "overall_status": "DEGRADED", "last_update_timestamp": 1457117071089 } Required Permissions: read Feature: nodes_edge_clusters Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get infra segment cross site forwarder placement and HA status

Get infra segment cross site forwarder placement and HA statuss.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/segments/{segment-id}/inter-site-forwarder/site-span-info

Request Headers:

n/a

Query Parameters:

L2L3RuntimeRequestParameters+

L2L3RuntimeRequestParameters (schema)

Name	Description	Type	Notes
bgp_neighbor_type	Bgp neighbor type Bgp neighbor type that can be used as filter for T0 bgp neighbor status filter.	string	Enum: INTER_SR, USER
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_path	Policy path of edge node Policy path of edge node. Edge should be member of enforcement point.	string
enforcement_point_path	String Path of the enforcement point Enforcement point path.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
source	Source of statistics data The data source can be either realtime or cached. If not provided, cached data is returned.	DataSourceType	Experimental
stats_type	Segment statistics type This indicates the type of statistics being requested. We support statistics from the data plane.	string	Experimental Enum: DATAPATH_STATS
transport_node_id	Transport Node Id Identifer of the transport node. This is a UUID.	string	Experimental

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/global-infra/segments/tier0-ls/inter-site-forwarder/site-span-info?enforcement_point_path=/infra/sites/default/enforcement-points/default Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SegmentL2ForwarderSiteSpanInfo+

Example Response: { "segment_path": "/global-infra/segments/tier0-ls", "remote_macs_per_site": [ { "rtep_group_id": 2001, "remote_site": { "target_id": "258c50b4-c960-4005-9023-f7946e302162", "target_display_name": "India Site", "is_valid": true }, "remote_mac_addresses": [ "02:00:17:00:12:D3", "02:00:17:00:13:13" ], "remote_active_ips": [ "10.10.10.1" ], "remote_standby_ips": [ "20.20.20.1" ] } ], "last_update_timestamp": 1457117071089 } Required Permissions: read Feature: policy_segment Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get infra segment cross site traffic statistics

Get infra segment cross site traffic statistics.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/segments/{segment-id}/inter-site-forwarder/statistics

Request Headers:

n/a

Query Parameters:

L2L3RuntimeRequestParameters+

L2L3RuntimeRequestParameters (schema)

Name	Description	Type	Notes
bgp_neighbor_type	Bgp neighbor type Bgp neighbor type that can be used as filter for T0 bgp neighbor status filter.	string	Enum: INTER_SR, USER
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_path	Policy path of edge node Policy path of edge node. Edge should be member of enforcement point.	string
enforcement_point_path	String Path of the enforcement point Enforcement point path.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
source	Source of statistics data The data source can be either realtime or cached. If not provided, cached data is returned.	DataSourceType	Experimental
stats_type	Segment statistics type This indicates the type of statistics being requested. We support statistics from the data plane.	string	Experimental Enum: DATAPATH_STATS
transport_node_id	Transport Node Id Identifer of the transport node. This is a UUID.	string	Experimental

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/global-infra/segments/tier0-ls/inter-site-forwarder/stats?enforcement_point_path=/infra/sites/default/enforcement-points/default Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SegmentCrossSiteTrafficStats+

Example Response: { "segment_path": "/global-infra/segments/tier0-ls", "rx": { "total_bytes": 56646, "total_packets": 342, "dropped_packets": 103 }, "tx": { "total_bytes": 1125548, "total_packets": 2235, "dropped_packets": 0 }, "last_update_timestamp": 1457117071089 } Required Permissions: read Feature: policy_segment Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get infra segment cross site traffic statistics (Deprecated)

Get infra segment cross site traffic statistics.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/segments/{segment-id}/inter-site-forwarder/status

Request Headers:

n/a

Query Parameters:

L2L3RuntimeRequestParameters+

L2L3RuntimeRequestParameters (schema)

Name	Description	Type	Notes
bgp_neighbor_type	Bgp neighbor type Bgp neighbor type that can be used as filter for T0 bgp neighbor status filter.	string	Enum: INTER_SR, USER
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_path	Policy path of edge node Policy path of edge node. Edge should be member of enforcement point.	string
enforcement_point_path	String Path of the enforcement point Enforcement point path.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
source	Source of statistics data The data source can be either realtime or cached. If not provided, cached data is returned.	DataSourceType	Experimental
stats_type	Segment statistics type This indicates the type of statistics being requested. We support statistics from the data plane.	string	Experimental Enum: DATAPATH_STATS
transport_node_id	Transport Node Id Identifer of the transport node. This is a UUID.	string	Experimental

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/global-infra/segments/tier0-ls/inter-site-forwarder/status?enforcement_point_path=/infra/sites/default/enforcement-points/default Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SegmentCrossSiteTrafficStats+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get RTEP span and mac address-table (Deprecated)

Get RTEP span and mac address-table.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}/inter-site/bgp-summary

Request Headers:

n/a

Query Parameters:

ListByOptionalTransportNodeParameters+

Request Body:

n/a

Example Request: GET https://policy-mgr/policy/api/v1/global-infra/tier-0s/tier0/locale-services/tier0localeservices/inter-site/bgp-summary Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyEdgeClusterInterSiteBgpSummary+

PolicyEdgeClusterInterSiteBgpSummary (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
edge_cluster_path	Edge node path Edge cluster path whose status is being reported.	string	Required Readonly
edge_nodes	Individual edge nodes status Status of all edge nodes within cluster.	array of PolicyEdgeNodeInterSiteBgpSummary	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Example Response: { "edge_cluster_path": "/infra/sites/default/enforcement-points/default/edge-clusters/b051d3f9-3ad8-4831-9d67-8ae1cd3f5a1e/edge-nodes/875381be-a4c5-4173-8aa7-ab71695a8129", "edge_nodes": [ { "edge_node_path": "/infra/sites/default/enforcement-points/default/edge-clusters/b051d3f9-3ad8-4831-9d67-8ae1cd3f5a1e/edge-nodes/875381be-a4c5-4173-8aa7-ab71695a8129", "neighbor_status": [ { "source_address": "10.1.1.1", "neighbor_address": "10.1.2.1", "remote_as_number": "1", "remote_port": 179, "local_port": 179, "connection_state": "ESTABLISHED", "time_since_established": 45628, "messages_received": 12, "messages_sent": 10, "connection_drop_count": 0, "established_connection_count": 1, "hold_time": 180, "keep_alive_interval": 30, "graceful_restart": true, "graceful_restart_mode": "HELPER_ONLY", "total_in_prefix_count": 2, "total_out_prefix_count": 1, "address_families": [ { "type": "IPV4_UNICAST", "in_prefix_count": 2, "out_prefix_count": 1 } ], "remote_site": { "target_id": "cfaec4c7-45c2-439b-b7c6-2c3aeabd9976", "target_display_name": "PA Site", "is_valid": true } } ], "last_update_timestamp": 1457117071089 }, { "source_address": "10.1.1.1", "neighbor_address": "10.1.2.1", "remote_as_number": "1", "remote_port": 179, "local_port": 179, "connection_state": "ESTABLISHED", "time_since_established": 45628, "messages_received": 12, "messages_sent": 10, "connection_drop_count": 0, "established_connection_count": 1, "hold_time": 180, "keep_alive_interval": 30, "graceful_restart": true, "graceful_restart_mode": "HELPER_ONLY", "total_in_prefix_count": 2, "total_out_prefix_count": 1, "address_families": [ { "type": "IPV4_UNICAST", "in_prefix_count": 2, "out_prefix_count": 1 } ], "remote_site": { "target_id": "cfaec4c7-45c2-439b-b7c6-2c3aeabd9976", "target_display_name": "PA Site", "is_valid": true } } ], "last_update_timestamp": 1457117071089 } ], } Required Permissions: read Feature: policy_connectivity Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get RTEP mesh connectivity status (Deprecated)

Get RTEP mesh connectivity status.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}/inter-site/status

Request Headers:

n/a

Query Parameters:

ListByOptionalTransportNodeParameters+

Request Body:

n/a

Example Request: GET https://policy-mgr/policy/api/v1/global-infra/tier-0s/tier0/locale-services/tier0localeservices/inter-site/status Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyEdgeClusterInterSiteStatus+

Example Response: { "gateway_path": "/global-infra/tier-0s/tier0", "edge_cluster_path": "/global-infra/sites/default/enforcement-points/default/edge-clusters/875381be-a4c5-4173-8aa7-ab71695a8129", "edge_cluster_name": "Federation edge cluster", "member_status": [ { "edge_node": { "edge_node_path": "/global-infra/sites/default/enforcement-points/default/edge-clusters/b051d3f9-3ad8-4831-9d67-8ae1cd3f5a1e/edge-nodes/258c50b4-c960-4005-9023-f7946e302162", "target_display_name": "Edge node 1", "is_valid": true }, "total_bgp_sessions": 2, "established_bgp_sessions": 2, "neighbor_status": [ { "source_address": "192.100.20.10", "neighbor_address": "192.200.20.10", "connection_state": "ESTABLISHED", "remote_site": { "target_edge_node": "258c50b4-c960-4005-9023-f7946e302162", "target_display_name": "India Site", "is_valid": true } }, { "source_address": "192.300.20.10", "neighbor_address": "192.400.20.10", "connection_state": "ESTABLISHED", "remote_site": { "target_id": "235c52a2-c960-4005-4512-451dc54fa542", "target_display_name": "PA Site", "is_valid": true } } ] "status": "UP" }, { "edge_node": { "edge_node_path": "/infra/sites/default/enforcement-points/default/edge-clusters/b051d3f9-3ad8-4831-9d67-8ae1cd3f5a1e/edge-nodes/77eead22-3bb9-4586-8de3-9412941f9116", "target_display_name": "Edge node 2", "is_valid": true }, "total_bgp_sessions": 1, "established_bgp_sessions": 0, "neighbor_status": [ { "source_address": "192.100.20.10", "neighbor_address": "192.200.20.10", "connection_state": "IDLE", "remote_site": { "target_edge_node": "258c50b4-c960-4005-9023-f7946e302162", "target_display_name": "India Site", "is_valid": true } } ] "status": "DOWN" } ], "overall_status": "DEGRADED", "last_update_timestamp": 1457117071089 } Required Permissions: read Feature: policy_connectivity Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get inter-site L2 forwarder status for Tier1 gateway

Get inter-site L2 forwarder status for Tier1 gateway.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}/inter-site-forwarder/status

Request Headers:

n/a

Query Parameters:

ListByOptionalTransportNodeParameters+

Request Body:

n/a

Example Request: GET https://policy-mgr/policy/api/v1/global-infra/tier-1s/tier1/locale-services/tier1localeservices/inter-site-forwarder/status Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

GatewayL2ForwarderSiteSpanInfo+

Example Response: { } Required Permissions: read Feature: policy_connectivity Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get segment cross site forwarder placement and HA status

Get segment cross site forwarder placement and HA statuss.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/inter-site-forwarder/site-span-info

Request Headers:

n/a

Query Parameters:

L2L3RuntimeRequestParameters+

L2L3RuntimeRequestParameters (schema)

Name	Description	Type	Notes
bgp_neighbor_type	Bgp neighbor type Bgp neighbor type that can be used as filter for T0 bgp neighbor status filter.	string	Enum: INTER_SR, USER
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_path	Policy path of edge node Policy path of edge node. Edge should be member of enforcement point.	string
enforcement_point_path	String Path of the enforcement point Enforcement point path.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
source	Source of statistics data The data source can be either realtime or cached. If not provided, cached data is returned.	DataSourceType	Experimental
stats_type	Segment statistics type This indicates the type of statistics being requested. We support statistics from the data plane.	string	Experimental Enum: DATAPATH_STATS
transport_node_id	Transport Node Id Identifer of the transport node. This is a UUID.	string	Experimental

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/global-infra/tier-1s/tier1/segments/tier1-ls/inter-site-forwarder/site-span-info?enforcement_point_path=/infra/sites/default/enforcement-points/default Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SegmentL2ForwarderSiteSpanInfo+

Example Response: { "segment_path": "/global-infra/tier-1s/tier1/segments/tier1-ls", "remote_macs_per_site": [ { "rtep_group_id": 2001, "remote_site": { "target_id": "258c50b4-c960-4005-9023-f7946e302162", "target_display_name": "India Site", "is_valid": true }, "remote_mac_addresses": [ "02:00:17:00:12:D3", "02:00:17:00:13:13" ], "remote_active_ips": [ "10.10.10.1" ], "remote_standby_ips": [ "20.20.20.1" ] } ], "last_update_timestamp": 1457117071089 } Required Permissions: read Feature: policy_segment Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get segment cross site traffic statistics

Get segment cross site traffic statistics.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/inter-site-forwarder/statistics

Request Headers:

n/a

Query Parameters:

L2L3RuntimeRequestParameters+

L2L3RuntimeRequestParameters (schema)

Name	Description	Type	Notes
bgp_neighbor_type	Bgp neighbor type Bgp neighbor type that can be used as filter for T0 bgp neighbor status filter.	string	Enum: INTER_SR, USER
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_path	Policy path of edge node Policy path of edge node. Edge should be member of enforcement point.	string
enforcement_point_path	String Path of the enforcement point Enforcement point path.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
source	Source of statistics data The data source can be either realtime or cached. If not provided, cached data is returned.	DataSourceType	Experimental
stats_type	Segment statistics type This indicates the type of statistics being requested. We support statistics from the data plane.	string	Experimental Enum: DATAPATH_STATS
transport_node_id	Transport Node Id Identifer of the transport node. This is a UUID.	string	Experimental

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/global-infra/tier-1s/tier1/segments/tier1-ls/inter-site-forwarder/stats?enforcement_point_path=/infra/sites/default/enforcement-points/default Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SegmentCrossSiteTrafficStats+

Example Response: { "segment_path": "/global-infra/tier-1s/tier1/segments/tier1-ls", "rx": { "total_bytes": 56646, "total_packets": 342, "dropped_packets": 103 }, "tx": { "total_bytes": 1125548, "total_packets": 2235, "dropped_packets": 0 }, "last_update_timestamp": 1457117071089 } Required Permissions: read Feature: policy_segment Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get segment cross site traffic statistics (Deprecated)

Get segment cross site traffic statistics.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/inter-site-forwarder/status

Request Headers:

n/a

Query Parameters:

L2L3RuntimeRequestParameters+

L2L3RuntimeRequestParameters (schema)

Name	Description	Type	Notes
bgp_neighbor_type	Bgp neighbor type Bgp neighbor type that can be used as filter for T0 bgp neighbor status filter.	string	Enum: INTER_SR, USER
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_path	Policy path of edge node Policy path of edge node. Edge should be member of enforcement point.	string
enforcement_point_path	String Path of the enforcement point Enforcement point path.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
source	Source of statistics data The data source can be either realtime or cached. If not provided, cached data is returned.	DataSourceType	Experimental
stats_type	Segment statistics type This indicates the type of statistics being requested. We support statistics from the data plane.	string	Experimental Enum: DATAPATH_STATS
transport_node_id	Transport Node Id Identifer of the transport node. This is a UUID.	string	Experimental

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/global-infra/tier-1s/tier1/segments/tier1-ls/inter-site-forwarder/status?enforcement_point_path=/infra/sites/default/enforcement-points/default Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SegmentCrossSiteTrafficStats+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get L2 forwarder remote mac addresses (Experimental)

Returns remote mac addresses of the l2 forwarder on logical switch.
It always returns realtime response.
Request:

Method:

GET

URI Path(s):

/api/v1/logical-switches/{logical-switch-id}/inter-site-forwarder/site-span-info

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/logical-switches/7a62a0c5-1ea1-4b25-9d43-dce1c0fa4b8c/inter-site-forwarder/site-span-info Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

L2ForwarderRemoteMacs+

Example Response: { "logical_switch_id": "7a62a0c5-1ea1-4b25-9d43-dce1c0fa4b8c", "remote_macs_per_site": [ { "rtep_group_id": 2001, "remote_site": { "target_id": "258c50b4-c960-4005-9023-f7946e302162", "target_display_name": "India Site", "is_valid": true }, "remote_mac_addresses": [ "02:00:17:00:12:D3", "02:00:17:00:13:13" ], "remote_active_ips": [ "10.10.10.1" ], "remote_standby_ips": [ "20.20.20.1" ] } ], "last_update_timestamp": 1457117071089 } Required Permissions: read Feature: aggregation_service_health_monitoring Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get L2 forwarder statistics (Experimental)

Returns statistics of the l2 forwarder on logical switch.
It always returns realtime response.
Request:

Method:

GET

URI Path(s):

/api/v1/logical-switches/{logical-switch-id}/inter-site-forwarder/statistics

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/logical-switches/7a62a0c5-1ea1-4b25-9d43-dce1c0fa4b8c/inter-site-forwarder/statistics Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

L2ForwarderStatistics+

Example Response: { "logical_switch_id": "7a62a0c5-1ea1-4b25-9d43-dce1c0fa4b8c", "rx": { "total_bytes": 56646, "total_packets": 342, "dropped_packets": 103 }, "tx": { "total_bytes": 1125548, "total_packets": 2235, "dropped_packets": 0 }, "last_update_timestamp": 1457117071089 } Required Permissions: read Feature: aggregation_service_health_monitoring Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get L2 forwarder status (Experimental) (Deprecated)

Returns status per transport node of the l2 forwarder on logical switch.
Request:

Method:

GET

URI Path(s):

/api/v1/logical-switches/{logical-switch-id}/inter-site-forwarder/status

Request Headers:

n/a

Query Parameters:

DataSourceParameters+

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/logical-switches/7a62a0c5-1ea1-4b25-9d43-dce1c0fa4b8c/inter-site-forwarder/status Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

L2ForwarderStatus+

Example Response: { "logical_switch_id": "7a62a0c5-1ea1-4b25-9d43-dce1c0fa4b8c", "status_per_node": [ { "transport_node": { "target_id": "258c50b4-c960-4005-9023-f7946e302162", "target_display_name": "Edge node 1", "is_valid": true }, "high_availability_status": "STANDBY" }, { "transport_node": { "target_id": "56eead22-3bb9-4586-8de3-9412941f9116", "target_display_name": "Edge node 2", "is_valid": true }, "high_availability_status": "ACTIVE" } ] "last_update_timestamp": 1457117071089 } Required Permissions: read Feature: aggregation_service_health_monitoring Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Paginated list of BGP Neighbors on edge transport node

Paginated list of BGP Neighbors on edge transport node.
Request:

Method:

GET

URI Path(s):

/api/v1/transport-nodes/{edge-node-id}/inter-site/bgp/neighbors

Request Headers:

n/a

Query Parameters:

ListRequestParameters+

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/transport-nodes/875381be-a4c5-4173-8aa7-ab71695a8129/inter-site/bgp/neighbors Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

BgpNeighborListResult+

Example Response: { "cursor": "0036640912b0-4820-46f0-b7c2-7a9e2cb57505neighbor2", "result_count": 2, "neighbors": [ { "id": "a9478c1d-d7ab-47c5-9e05-548920f4d88c", "display_name": "neighbor2", "resource_type": "BgpNeighbor", "hold_down_timer": 180, "neighbor_address": "1.1.1.1", "keep_alive_timer": 60, "remote_as_num": "300", "address_families": [ { "type" : "IPV4_UNICAST", "enabled" : true } ], "_last_modified_time": 1433948850593, "_create_time": 1433948850593, "_create_user": "admin", "_last_modified_user": "admin", "_revision": 0 }, { "id": "640912b0-4820-46f0-b7c2-7a9e2cb57505", "display_name": "neighbor1", "resource_type": "BgpNeighbor", "hold_down_timer": 180, "neighbor_address": "2.2.2.2", "keep_alive_timer": 60, "remote_as_num": "200", "address_families": [ { "type" : "IPV4_UNICAST", "enabled" : true, "in_filter_ipprefixlist_id" : "ad879413-dbc3-4952-b77d-28386c3a5363" } ], "_last_modified_time": 1433960878203, "_create_time": 1433949148014, "_create_user": "admin", "_last_modified_user": "admin", "_revision": 4 } ] } Required Permissions: read Feature: aggregation_service_health_monitoring Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get BGP neighbor advertised routes on edge transport node

Returns routes advertised by BGP neighbor from the given edge transport node.
It always returns realtime response.
Request:

Method:

GET

URI Path(s):

/api/v1/transport-nodes/{edge-node-id}/inter-site/bgp/neighbors/{neighbor-id}/advertised-routes

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/transport-nodes/875381be-a4c5-4173-8aa7-ab71695a8129/inter-site/bgp/neighbors/f8431964-f400-4da5-8c18-4ce4e6bd5fa5/advertised-routes Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

BgpNeighborRouteDetails+

Example Response: { "logical_router_id": "4cca3156-bcc0-4c77-9a6a-141cb33a3844", "neighbor_address": "40.40.40.10", "per_transport_node_routes": [{ "transport_node_id": "6c9e2815-ad34-4b9c-bb95-8af87990cf5a", "source_address": "10.10.10.1", "routes": [{ "network": "2.1.4.0/24", "next_hop": "40.40.40.10", "local_pref": 0, "weight": 0, "med": 1, "as_path": 1000 }, { "network": "40.40.40.0/24", "next_hop": "40.40.40.10", "local_pref": 0, "weight": 0, "med": 1, "as_path": 1000 }] }, { "transport_node_id": "7980e91e-ba6d-11e8-9bda-020009ead346", "source_address": "50.50.50.1", "routes": [{ "network": "2.1.4.0/24", "next_hop": "40.40.40.10", "local_pref": 0, "weight": 0, "med": 1, "as_path": 1000 }, { "network": "40.40.40.0/24", "next_hop": "40.40.40.10", "local_pref": 0, "weight": 0, "med": 1, "as_path": 1000 }] }] } Required Permissions: read Feature: aggregation_service_health_monitoring Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get BGP neighbor learned routes on edge transport node

Returns routes learned by BGP neighbor from the given edge transport node.
It always returns realtime response.
Request:

Method:

GET

URI Path(s):

/api/v1/transport-nodes/{edge-node-id}/inter-site/bgp/neighbors/{neighbor-id}/routes

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/transport-nodes/875381be-a4c5-4173-8aa7-ab71695a8129/inter-site/bgp/neighbors/f8431964-f400-4da5-8c18-4ce4e6bd5fa5/routes Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

BgpNeighborRouteDetails+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get inter-site BGP summary of edge node (Deprecated)

Returns BGP summary for all configured neighbors in tunnel VRF
on the given egde node. It always returns realtime response.
Request:

Method:

GET

URI Path(s):

/api/v1/transport-nodes/{edge-node-id}/inter-site/bgp/summary

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/transport-nodes/875381be-a4c5-4173-8aa7-ab71695a8129/inter-site/bgp/summary Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

InterSiteBgpSummary+

Example Response: { "transport_node_id": "875381be-a4c5-4173-8aa7-ab71695a8129", "neighbor_status": [ { "source_address": "10.1.1.1", "neighbor_address": "10.1.2.1", "remote_as_number": "1", "remote_port": 179, "local_port": 179, "connection_state": "ESTABLISHED", "time_since_established": 45628, "messages_received": 12, "messages_sent": 10, "connection_drop_count": 0, "established_connection_count": 1, "hold_time": 180, "keep_alive_interval": 30, "graceful_restart": true, "graceful_restart_mode": "HELPER_ONLY", "total_in_prefix_count": 2, "total_out_prefix_count": 1, "address_families": [ { "type": "IPV4_UNICAST", "in_prefix_count": 2, "out_prefix_count": 1 } ], "remote_site": { "target_id": "cfaec4c7-45c2-439b-b7c6-2c3aeabd9976", "target_display_name": "PA Site", "is_valid": true } } ], "last_update_timestamp": 1457117071089 } Required Permissions: read Feature: aggregation_service_health_monitoring Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get inter-site statistics of edge node

Returns RTEP to RTEP tunnel port statistics of the given edge node.
It always returns realtime response.
Request:

Method:

GET

URI Path(s):

/api/v1/transport-nodes/{edge-node-id}/inter-site/statistics

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/transport-nodes/875381be-a4c5-4173-8aa7-ab71695a8129/inter-site/statistics Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

NodeInterSiteStatistics+

Example Response: { "transport_node_id": "875381be-a4c5-4173-8aa7-ab71695a8129", "stats_per_site": [ { "remote_site": { "target_id": "258c50b4-c960-4005-9023-f7946e302162", "target_display_name": "India Site", "is_valid": true }, "stats_per_tunnel": [ { "tunnel_source_address": "100.10.10.1", "tunnel_destination_address": "200.20.20.1", "rx": { "total_bytes": 1000, "total_packets": 100, "dropped_packets": 20 }, "tx": { "total_bytes": 2000, "total_packets": 300, "dropped_packets": 0 } }, { "tunnel_source_address": "300.30.30.1", "tunnel_destination_address": "400.40.40.1", "rx": { "total_bytes": 1500, "total_packets": 120, "dropped_packets": 50 }, "tx": { "total_bytes": 3000, "total_packets": 320, "dropped_packets": 10 } } ], "rx": { "total_bytes": 2500, "total_packets": 220, "dropped_packets": 70 }, "tx": { "total_bytes": 4500, "total_packets": 440, "dropped_packets": 60 } }, { "remote_site": { "target_id": "cfaec4c7-45c2-439b-b7c6-2c3aeabd9976", "target_display_name": "PA Site", "is_valid": true }, "stats_per_tunnel": [ { "tunnel_source_address": "100.10.10.1", "tunnel_destination_address": "200.20.20.1", "rx": { "total_bytes": 1000, "total_packets": 100, "dropped_packets": 20 }, "tx": { "total_bytes": 2000, "total_packets": 300, "dropped_packets": 0 } } ], "rx": { "total_bytes": 1000, "total_packets": 100, "dropped_packets": 20 }, "tx": { "total_bytes": 2000, "total_packets": 300, "dropped_packets": 0 } } ], "last_update_timestamp": 1457117071089 } Required Permissions: read Feature: aggregation_service_health_monitoring Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Federation: Observability

Associated URIs:

GET /policy/api/v1/observability/flow-details

Get monitoring info

Provides federation monitoring information, which includes all
config flows originating from the site where API is invoked.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/observability/flow-details

Request Headers:

n/a

Query Parameters:

SiteRequestParameter+

Request Body:

n/a

Example Request: GET https://<global-manager>/global-manager/api/v1/observability/flow-details GET https://<local-manager>/policy/api/v1/observability/flow-details Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

MonitoringInfo+

Example Response: On Global Manager { "monitoring_info": [{ "id": "rrrrrr-9ebc-46e0-9d7a-5a4fa8bb3802", "flow_type":"GM_TO_LM", "queue_info": [ { "max_size": 1000, "current_size": 100, "name": "gm2lm.transmitter.delta", "namespace": "ar-queues" }, { "max_size": 1000, "current_size": 200, "name": "gm2lm.receiver.delta", "namespace": "ar-queues" }, ], "cross_site_flow_info": { "status": "GOOD", "to_site_id": "36021bd5-9ebc-46e0-9d7a-5a4fa8bb3802", "to_site_path": "/global-infra/sites/Newyork", "from_site_id": "ececa019-3601-47dc-b92e-f21f52b34f6f", "from_site_path": "/global-infra/global-managers/LondonGM", "latency_millis": 123, "latency_measured_ts": 1590336614947, "last_full_sync": { "status": "COMPLETED", "id": "f6fda71a-d5f2-4000-8677-deaafd80641e", "reason_code": "10010", "reason": "Site onboarded", "stage": "COMPLETED", "data_streaming_from_source_progress": "Sending resources of type COMMUNICATION_MAP", "data_streaming_from_source_start_time": 1590335604947, "data_streaming_from_source_end_time": 1590336604947, "receiver_state": "COMPLETED", "receiver_start_time": 1590336614947, "receiver_end_time": 1590336714947, "start_time": 1590335604947, "end_time": 1590435604947, "errors": {}, "warnings": {} } } }, { "id": "asarrr-9ebc-46e0-9d7a-5a4fa8bb3802", "flow_type":"GM_TO_LM", "queue_info": [ { "max_size": 1000, "current_size": 100, "name": "gm2lm.transmitter.delta", "namespace": "ar-queues" }, { "max_size": 1000, "current_size": 200, "name": "gm2lm.receiver.delta", "namespace": "ar-queues" }, ], "cross_site_flow_info": { "status": "GOOD", "to_site_id": "aa021bd5-9ebc-46e0-9d7a-5a4fa8bb3111", "to_site_path": "/global-infra/sites/Paris", "from_site_id": "ececa019-3601-47dc-b92e-f21f52b34f6f", "from_site_path": "/global-infra/global-managers/LondonGM", "latency_millis": 123, "latency_measured_ts": 1590336614947, "last_full_sync": { "status": "COMPLETED", "id": "f6fda71a-d5f2-4000-8677-deaafd80641e", "reason_code": "10010", "reason": "Site onboarded", "stage": "COMPLETED", "data_streaming_from_source_progress": "Sending resources of type COMMUNICATION_MAP", "data_streaming_from_source_start_time": 1590335604947, "data_streaming_from_source_end_time": 1590336604947, "receiver_state": "COMPLETED", "receiver_start_time": 1590336614947, "receiver_end_time": 1590336714947, "start_time": 1590335604947, "end_time": 1590435604947, "errors": {}, "warnings": {} } } }, { "id": "rrbbr-9ebc-46e0-9d7a-5a4fa8bb3802", "flow_type":"LM_TO_GM", "queue_info": [ { "max_size": 1000, "current_size": 100, "name": "lm2gm.transmitter.delta", "namespace": "ar-queues" }, { "max_size": 1000, "current_size": 200, "name": "lm2gm.receiver.delta", "namespace": "ar-queues" }, ], "cross_site_flow_info": { "status": "GOOD", "to_site_id": "ececa019-3601-47dc-b92e-f21f52b34f6f", "to_site_path": "/global-infra/global-managers/LondonGM", "from_site_id": "aa021bd5-9ebc-46e0-9d7a-5a4fa8bb3111", "from_site_path": "/global-infra/sites/Paris", "latency_millis": 125 } }, { "id": "ca00-9ebc-46e0-9d7a-5a4fa8bb3802", "flow_type":"LM_TO_GM", "queue_info": [ { "max_size": 1000, "current_size": 100, "name": "lm2gm.transmitter.delta", "namespace": "ar-queues" }, { "max_size": 1000, "current_size": 200, "name": "lm2gm.receiver.delta", "namespace": "ar-queues" }, ], "cross_site_flow_info": { "status": "GOOD", "to_site_id": "ececa019-3601-47dc-b92e-f21f52b34f6f", "to_site_path": "/global-infra/global-managers/NewyorkGM", "from_site_id": "BB021bd5-9ebc-46e0-9d7a-5a4fa8bb3155", "from_site_path": "/global-infra/sites/Newyork", "latency_millis": 120 "latency_measured_ts": 1590336614947, } }, { "id": "cab10-9ebc-46e0-9d7a-5a4fa8bb3802", "flow_type":"GM_WORK_QUEUE", "queue_info": [ { "max_size": 1000, "current_size": 100, "name": "gm-work-queue", "namespace": "gm" } ] }, { "id": "dea0-9ebc-46e0-9d7a-5a4fa8bb3802", "flow_type":"GM_DELETE_QUEUE", "queue_info": [ { "max_size": 1000, "current_size": 100, "name": "gm-delete-queue-1", "namespace": "gm" } ] } ] } On Local Manager { "monitoring_info": [ { "id": "we11-9ebc-46e0-9d7a-5a4fa8bb3802", "flow_type":"GM_TO_LM", "queue_info": [ { "max_size": 1000, "current_size": 100, "name": "gm2lm.transmitter.delta", "namespace": "ar-queues" }, { "max_size": 1000, "current_size": 200, "name": "gm2lm.receiver.delta", "namespace": "ar-queues" }, ], "cross_site_flow_info": { "status": "GOOD", "to_site_id": "aa021bd5-9ebc-46e0-9d7a-5a4fa8bb3111", "to_site_path": "/global-infra/sites/Paris", "from_site_id": "ececa019-3601-47dc-b92e-f21f52b34f6f", "from_site_path": "/global-infra/global-managers/LondonGM", "latency_millis": 123, "latency_measured_ts": 1590336614947, "last_full_sync": { "status": "COMPLETED", "id": "f6fda71a-d5f2-4000-8677-deaafd80641e", "reason_code": "10010", "reason": "Site onboarded", "stage": "COMPLETED", "data_streaming_from_source_progress": "Sending resources of type COMMUNICATION_MAP", "data_streaming_from_source_start_time": 1590335604947, "data_streaming_from_source_end_time": 1590336604947, "receiver_state": "COMPLETED", "receiver_start_time": 1590336614947, "receiver_end_time": 1590336714947, "start_time": 1590335604947, "end_time": 1590435604947, "errors": {}, "warnings": {} } } }, { "id": "fg12-9ebc-46e0-9d7a-5a4fa8bb3802", "flow_type":"LM_TO_GM", "queue_info": [ { "max_size": 1000, "current_size": 100, "name": "lm2gm.transmitter.delta", "namespace": "ar-queues" }, { "max_size": 1000, "current_size": 200, "name": "lm2gm.receiver.delta", "namespace": "ar-queues" }, ], "cross_site_flow_info": { "status": "GOOD", "to_site_id": "ececa019-3601-47dc-b92e-f21f52b34f6f", "to_site_path": "/global-infra/global-managers/LondonGM", "from_site_id": "aa021bd5-9ebc-46e0-9d7a-5a4fa8bb3111", "from_site_path": "/global-infra/sites/Paris", "latency_millis": 125, "latency_measured_ts": 1590336614947, } }, { "id": "ff10-9ebc-46e0-9d7a-5a4fa8bb3802", "flow_type":"LM_TO_LM", "cross_site_flow_info": { "status": "GOOD", "to_site_id": "aa021bd5-9ebc-46e0-9d7a-5a4fa8bb3111", // To NewYork (LM doesn't have site paths) "from_site_id": "ececa019-3601-47dc-b92e-f21f52b34f6f", "latency_millis": 123, "latency_measured_ts": 1590336614947, } } ] } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Federation: Sites

Associated URIs:

GET /policy/api/v1/infra/deployment-zones (Deprecated)
GET /policy/api/v1/infra/deployment-zones/{deployment-zone-id} (Deprecated)
GET /policy/api/v1/infra/site/offboarding-status
GET /policy/api/v1/infra/sites
GET /policy/api/v1/global-infra/sites
DELETE /policy/api/v1/infra/sites/{site-id}
GET /policy/api/v1/infra/sites/{site-id}
GET /policy/api/v1/global-infra/sites/{site-id}
PATCH /policy/api/v1/infra/sites/{site-id}
PUT /policy/api/v1/infra/sites/{site-id}
GET /policy/api/v1/infra/sites/listener_certificate
GET /policy/api/v1/global-infra/sites/listener_certificate
GET /policy/api/v1/infra/span
GET /policy/api/v1/global-infra/span
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/span
GET /api/v1/sites
GET /api/v1/sites?version=3.0.2
GET /api/v1/sites?version=3.1.0
GET /api/v1/sites?version=latest
GET /api/v1/sites/compatibility
GET /api/v1/sites/compatibility/remote
GET /api/v1/sites/self
GET /api/v1/sites/status
GET /api/v1/sites/switchover-status

List Deployment Zones for infra (Deprecated)

Paginated list of all Deployment zones for infra.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/deployment-zones

Request Headers:

n/a

Query Parameters:

DeploymentZoneListRequestParameters+

Request Body:

n/a

Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

DeploymentZoneListResult+

Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Read a DeploymentZone (Deprecated)

Read a Deployment Zone.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/deployment-zones/{deployment-zone-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

DeploymentZone+

DeploymentZone (schema) (Deprecated)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildEnforcementPoint
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enforcement_points	Logical grouping of enforcement points	array of EnforcementPoint
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DeploymentZone	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get site offboarding status.

Get site offboarding status. Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/site/offboarding-status

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy>/policy/api/v1/infra/site/offboarding-status Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SiteOffBoardingState+

SiteOffBoardingState (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
message	Message about the status. Captures message associated with status. If FAILED, can contain folowing errors local site configuration is null internal server error with detail	string	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
previousErrorMessage	Previous failure message. Contains previus failed message in case, state machine is stuck in a state	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SiteOffBoardingState	string
status	Status of site. Represents site offboarding status.	string	Readonly Enum: INITIALIZE_INPROGRESS, INITIALIZE_FAILED, INITIALIZE_SUCCESSFUL, CLEANUP_INPROGRESS, CLEANUP_FAILED, CLEANUP_SUCCESSFUL, REALIZATION_INPROGRESS, REALIZATION_FAILED, REALIZATION_SUCCESSFUL, TERMINAL_INPROGRESS, TERMINAL_FAILED, FAILED, SUCCESSFUL
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "SiteOffBoardingState", "status": "INITIALIZE_INPROGRESS", "is_local": true, "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262573524, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List Sites

List Sites under Infra.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/sites

/policy/api/v1/global-infra/sites

Request Headers:

n/a

Query Parameters:

SiteListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/sites Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SiteListResult+

Example Response: { "result_count" : 3, "results" : [ { "resource_type": "Site", "id": "casablanca", "display_name": "Casablanca, Morocco Site", "description" : "Site managing call center workloads in North Africa", "path": "/infra/sites/casablanca", "parent_path": "/infra/sites/casablanca", "relative_path": "casablanca", "site_connection_info": [{ "fqdn": "10.192.201.163" }], "maximum_rtt": 250, "fail_if_rtt_exceeded": true, "fail_if_mismatch_rteps": true "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262573524, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 }, { "resource_type": "Site", "id": "tokyo", "display_name": "Tokyo, Japan Site", "description" : "Active Site managing production workloads in East Asia", "path": "/infra/sites/tokyo", "parent_path": "/infra/sites/tokyo", "relative_path": "tokyo", "site_connection_info": [{ "fqdn": "10.199.201.163" }], "maximum_rtt": 250, "fail_if_rtt_exceeded": true, "fail_if_mismatch_rteps": true "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262573524, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 }, { "resource_type": "Site", "id": "paris", "display_name": "Paris, France Site", "description" : "StandBy Site managing business workloads in Central Europe", "path": "/infra/sites/paris", "parent_path": "/infra/sites/paris", "relative_path": "paris", "site_connection_info": [{ "fqdn": "10.190.201.163" }], "maximum_rtt": 250, "fail_if_rtt_exceeded": true, "fail_if_mismatch_rteps": true "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262573524, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } ] } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or fully replace a Site under infra

Create or fully replace a Site under Infra.
Revision is optional for creation and required for update.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/sites/{site-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

Site+

Site (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildEnforcementPoint ChildSiteSecuritySetting
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fail_if_rtep_misconfigured	Fail onboarding if RTEPs misconfigured Both the local site and the remote site must have edge clusters correctly configured and remote tunnel endpoint (RTEP) interfaces must be defined, or onboarding will fail.	boolean	Default: "True"
fail_if_rtt_exceeded	Fail onboarding if maximum RTT exceeded Fail onboarding if maximum RTT exceeded.	boolean	Default: "True"
federation_config	Federation releated config System managed federation config.	GmFederationSiteConfig	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
maximum_rtt	Maximum acceptable packet round trip time (RTT) If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value.	integer	Minimum: 0 Maximum: 1000 Default: "250"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Site	string
site_connection_info	Connection information To onboard a site, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the site has been successfully onboarded, the site_connection_info is discarded and authentication to the remote site occurs using an X.509 client certificate.	array of SiteNodeConnectionInfo	Maximum items: 3
site_number	12-bit system generated site number	integer	Readonly
site_type	Persistent Site Type The site_type property identifies type of current site.	string	Enum: ONPREM_LM, SDDC_LM
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/sites/Paris { "site_connection_info": [{ "fqdn": "10.192.201.163", "username": "admin", "password": "Admin!23Admin", "thumbprint": "f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4" }], "maximum_rtt": 250, "fail_if_rtt_exceeded": true, "fail_if_rtep_misconfigured": true "display_name": "Paris, EU Site", "description" : "Site managing call center workloads in western Europe", "_revision" : 1 } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

Site+

Site (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildEnforcementPoint ChildSiteSecuritySetting
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fail_if_rtep_misconfigured	Fail onboarding if RTEPs misconfigured Both the local site and the remote site must have edge clusters correctly configured and remote tunnel endpoint (RTEP) interfaces must be defined, or onboarding will fail.	boolean	Default: "True"
fail_if_rtt_exceeded	Fail onboarding if maximum RTT exceeded Fail onboarding if maximum RTT exceeded.	boolean	Default: "True"
federation_config	Federation releated config System managed federation config.	GmFederationSiteConfig	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
maximum_rtt	Maximum acceptable packet round trip time (RTT) If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value.	integer	Minimum: 0 Maximum: 1000 Default: "250"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Site	string
site_connection_info	Connection information To onboard a site, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the site has been successfully onboarded, the site_connection_info is discarded and authentication to the remote site occurs using an X.509 client certificate.	array of SiteNodeConnectionInfo	Maximum items: 3
site_number	12-bit system generated site number	integer	Readonly
site_type	Persistent Site Type The site_type property identifies type of current site.	string	Enum: ONPREM_LM, SDDC_LM
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "Site", "id": "Paris", "display_name": "Paris, EU Site", "description" : "Site managing call center workloads in western Europe", "path": "/infra/sites/Paris", "parent_path": "/infra/sites/Paris", "relative_path": "Paris", "site_connection_info": [{ "fqdn": "10.192.201.163" }], "maximum_rtt": 250, "fail_if_rtt_exceeded": true, "fail_if_rtep_misconfigured": true "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262573524, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } Required Permissions: crud Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or patch Site

Create or patch Site under Infra.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/sites/{site-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

Site+

Site (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildEnforcementPoint ChildSiteSecuritySetting
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fail_if_rtep_misconfigured	Fail onboarding if RTEPs misconfigured Both the local site and the remote site must have edge clusters correctly configured and remote tunnel endpoint (RTEP) interfaces must be defined, or onboarding will fail.	boolean	Default: "True"
fail_if_rtt_exceeded	Fail onboarding if maximum RTT exceeded Fail onboarding if maximum RTT exceeded.	boolean	Default: "True"
federation_config	Federation releated config System managed federation config.	GmFederationSiteConfig	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
maximum_rtt	Maximum acceptable packet round trip time (RTT) If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value.	integer	Minimum: 0 Maximum: 1000 Default: "250"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Site	string
site_connection_info	Connection information To onboard a site, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the site has been successfully onboarded, the site_connection_info is discarded and authentication to the remote site occurs using an X.509 client certificate.	array of SiteNodeConnectionInfo	Maximum items: 3
site_number	12-bit system generated site number	integer	Readonly
site_type	Persistent Site Type The site_type property identifies type of current site.	string	Enum: ONPREM_LM, SDDC_LM
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/sites/Paris { "site_connection_info": [{ "fqdn": "10.192.201.163", "username": "admin", "password": "Admin!23Admin", "thumbprint": "f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4" }], "maximum_rtt": 250, "fail_if_rtt_exceeded": true, "fail_if_rtep_misconfigured": true "display_name": "Paris, EU Site", "description" : "Site managing call center workloads in western Europe", } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete a site

Delete a site under Infra.
Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/sites/{site-id}

Request Headers:

n/a

Query Parameters:

SiteActionParameters+

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/sites/Paris Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Read a site

Read a site under Infra.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/sites/{site-id}

/policy/api/v1/global-infra/sites/{site-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/sites/casablanca Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

Site+

Site (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildEnforcementPoint ChildSiteSecuritySetting
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fail_if_rtep_misconfigured	Fail onboarding if RTEPs misconfigured Both the local site and the remote site must have edge clusters correctly configured and remote tunnel endpoint (RTEP) interfaces must be defined, or onboarding will fail.	boolean	Default: "True"
fail_if_rtt_exceeded	Fail onboarding if maximum RTT exceeded Fail onboarding if maximum RTT exceeded.	boolean	Default: "True"
federation_config	Federation releated config System managed federation config.	GmFederationSiteConfig	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
maximum_rtt	Maximum acceptable packet round trip time (RTT) If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value.	integer	Minimum: 0 Maximum: 1000 Default: "250"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Site	string
site_connection_info	Connection information To onboard a site, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the site has been successfully onboarded, the site_connection_info is discarded and authentication to the remote site occurs using an X.509 client certificate.	array of SiteNodeConnectionInfo	Maximum items: 3
site_number	12-bit system generated site number	integer	Readonly
site_type	Persistent Site Type The site_type property identifies type of current site.	string	Enum: ONPREM_LM, SDDC_LM
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "Site", "id": "casablanca", "display_name": "Casablanca, Morocco Site", "description" : "Site managing call center workloads in North Africa", "path": "/infra/sites/casablanca", "parent_path": "/infra/sites/casablanca", "relative_path": "casablanca", "site_connection_info": [{ "fqdn": "10.192.201.163" }], "maximum_rtt": 250, "fail_if_rtt_exceeded": true, "fail_if_mismatch_rteps": true "_create_user": "admin", "_create_time": 1517262573524, "_last_modified_user": "admin", "_last_modified_time": 1517262573524, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Returns the certificate of the listener

Connects to the given IP and port, and, if an SSL listener is present, returns
the certificate of the listener.
Intent of this API is "Do you trust this certificate?".
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/sites/listener_certificate

/policy/api/v1/global-infra/sites/listener_certificate

Request Headers:

n/a

Query Parameters:

TlsListenerEndpointAddressRequestParameters+

Request Body:

n/a

Example Request: POST https://<policy-mgr>/global-policy/api/v1/infra/sites/listener_certificate?address=10.22.122.7&port=443 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TlsListenerCertificate+

Example Response: { "result": "SUCCESS", "certificate": { "issuer_cn": "vSM Test Certificate", "public_key_length": 1024, "signature": "4e cf ff 36 ac a1", "not_before": 1323772715000, "subject": "1.2.840.113549.1.9.1=#16076140622e636f6d,CN=vSM Test Certificate,OU=vShield,O=VMware,L=Pune,ST=Maharashtra,C=IN", "serial_number": "ca55f5e21a0b2dd2", "public_key_algo": "RSA", "version": "1", "issuer": "1.2.840.113549.1.9.1=#16076140622e636f6d,CN=vSM Test Certificate,OU=vShield,O=VMware,L=Pune,ST=Maharashtra,C=IN", "is_ca": false, "subject_cn": "vSM Test Certificate", "not_after": 1355308715000, "is_valid": false, "rsa_public_key_exponent": "10001", "signature_algorithm": "SHA1WITHRSA", "rsa_public_key_modulus": "00 b7 8f 79 e4" }, "thumbprint": "f53d7052535613b3032a41d555631228cb4d0d8b584a8225b94fbf0ba83eb9a4" } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get span for an entity with specified path

Get span for an entity with specified path. Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/span

/policy/api/v1/global-infra/span

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/span

Request Headers:

n/a

Query Parameters:

IntentPathRequestParameter+

Request Body:

n/a

Example Request: GET https://<global-manager>/global-manager/api/v1/global-infra/span?intent_path=/global-infra/tier-0s/t0 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

Span+

Span (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Span	string
sites	List of SpanSiteInfos List of SpanSiteInfos representing the strech of the entity.	array of SpanSiteInfo	Readonly
span_leader	Policy resource type of span leader Represents Policy resource type streached entity's span leader.	string	Readonly
span_resource	Policy resource path Represents Policy resource path of streached entity.	string	Readonly
span_resource_type	Policy resource type Policy resource type of the streached entity.	string	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "SPAN", "span_resource_type": "PROVIDER", "span_resource": "/global-infra/tier-0s/t0", "span_leader": "/global-infra/tier-0s/t0", "site_ids": [ "51a1294a-b1d5-40a9-a382-2b1aeb62c41a", "3d497d3f-2f9a-4983-9db0-d1f5f7cbc3d0" ], "marked_for_delete": false, "overridden": false } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get the site configuration

Request:

Method:

GET

URI Path(s):

/api/v1/sites

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/sites Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

FederationConfiguration+

Example Response: { "sites": [ { "id": "c69dd550-841d-4064-bc92-476e977ad04d", "name": "name1", "active_gm": "true", "aph_list": [ { "address": "10.11.12.13", "port": "8000", "certificate": "-----BEGIN CERTIFICATE-----\nMIIC1TCCAb2gAwIBAgIEX135sjANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDEw9j\nbHVzdGVyLW1hbmFnZXIwIBcNMTgwODAzMTgyNTI1WhgPMjExODA3MTAxODI1MjVa\nMBoxGDAWBgNVBAMTD2NsdXN0ZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBALKz/i+SQzpB7dkaF6tGTm1oP4esjEtd5Pv9beE01qpZv+CA\npAB/BosbDLFvBSwlEwqFZNbNSPlgyfbHCCe28IibWWrkVtIIH/9XVTdsH+iJEG3N\nDXgcn3Qj+PBbYK9K+imF2fQdypeYokMova3YQnBadfTKZgJSc5gt0fKPehLceeHE\nIZz07tfDRMzZg4kYFBURU1u/V17coPD7y/Ja0kGJSBSjN6t/eFqI1PvVLw9niddz\n+yjsRqnvdGnQFoB43LewnbpYxn69qOd9Knu81MP2HR4G2jhVevf/qkG8mS3fS8gu\nFGm2JwtncnWsxGFdb2c/KTMxH0iQEcBCjbph6T0CAwEAAaMhMB8wHQYDVR0OBBYE\nFHhBeWEQrmNTv4otlztUkfVLCzwkMA0GCSqGSIb3DQEBCwUAA4IBAQBAu/jFw3QY\n5eWm3lOBJe67MXXOFVbCLRgcMlXzXoNWStI/3ncH1ZUDH0pz0pcOmyWoWUZ0OSjr\nLz+XMZN6MFgHx2w7RvLXYewFzowVaNu7l/V375Vhv18KpnJ6EjemVQRMZmJQFwda\nMrLU5dSuWVJYoTR6yVneSPasxHMCorTc+K3msVbP/1nh/wSls5Zj8L7jszLOqMpz\nUQL8eYN2r+A/sWFW5Ge6qGTOuOVpUS24isBwRqcyYLD7iJsIzpdebanuTNlXeJJQ\n49yPXri4nzQ4mNsiVCNFGGZyUmBzEpvcx3Lzol790Azk8SHkiGaOQJRKVr8CPszv\nZ12pIgNkADz8\n-----END CERTIFICATE-----\n" } ], } ], "epoch": 1, "version": 1 } Required Permissions: read Feature: cluster_management Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get the compatibility list of the site

Returns the version of this site and list of compatible versions
Request:

Method:

GET

URI Path(s):

/api/v1/sites/compatibility

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/sites/compatibility Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SiteCompatibilityInfo+

Example Response: { "site_version": "3.1.0", "compatibility_list": ["3.0.1", "3.1.0"] } Required Permissions: read Feature: cluster_management Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Check whether the remote site version is compatible to this site

Returns the version of this site and list of compatible versions for both local and remote site,
also a boolean indicating whether the two are compatible, this value is true if one of the site
version is in the compatibility list of the other site
Request:

Method:

GET

URI Path(s):

/api/v1/sites/compatibility/remote

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

RemoteSiteCredential+

Example Request: GET https://<nsx-mgr>/api/v1/sites/compatibility/remote { "address": "10.100.200.10:7441", "username": "admin", "password": "password", "thumbprint": "f656452785a13d8e1431984a0a5137f1e27cdfa43e1cb08f46051a66733ca1b8" } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

RemoteSiteCompatibilityInfo+

Example Response: { "local": { "site_version": "3.1.0", "compatibility_list": ["3.0.1", "3.1.0"] } "remote": { "site_version": "3.1.1", "compatibility_list": ["3.1.0", "3.1.1"] } "is_compatible": true } Required Permissions: crud Feature: cluster_management Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get the local site configuration

Request:

Method:

GET

URI Path(s):

/api/v1/sites/self

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/sites/self Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

LocalSiteConfiguration+

Example Response: { "federation_id": "12345", "epoch": 12, "site": { "id": "c69dd550-841d-4064-bc92-476e977ad04d", "name": "name1", "active_gm": "true", "aph_list": [ { "address": "10.11.12.13", "port": "8000", "certificate": "-----BEGIN CERTIFICATE-----\nMIIC1TCCAb2gAwIBAgIEX135sjANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDEw9j\nbHVzdGVyLW1hbmFnZXIwIBcNMTgwODAzMTgyNTI1WhgPMjExODA3MTAxODI1MjVa\nMBoxGDAWBgNVBAMTD2NsdXN0ZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBALKz/i+SQzpB7dkaF6tGTm1oP4esjEtd5Pv9beE01qpZv+CA\npAB/BosbDLFvBSwlEwqFZNbNSPlgyfbHCCe28IibWWrkVtIIH/9XVTdsH+iJEG3N\nDXgcn3Qj+PBbYK9K+imF2fQdypeYokMova3YQnBadfTKZgJSc5gt0fKPehLceeHE\nIZz07tfDRMzZg4kYFBURU1u/V17coPD7y/Ja0kGJSBSjN6t/eFqI1PvVLw9niddz\n+yjsRqnvdGnQFoB43LewnbpYxn69qOd9Knu81MP2HR4G2jhVevf/qkG8mS3fS8gu\nFGm2JwtncnWsxGFdb2c/KTMxH0iQEcBCjbph6T0CAwEAAaMhMB8wHQYDVR0OBBYE\nFHhBeWEQrmNTv4otlztUkfVLCzwkMA0GCSqGSIb3DQEBCwUAA4IBAQBAu/jFw3QY\n5eWm3lOBJe67MXXOFVbCLRgcMlXzXoNWStI/3ncH1ZUDH0pz0pcOmyWoWUZ0OSjr\nLz+XMZN6MFgHx2w7RvLXYewFzowVaNu7l/V375Vhv18KpnJ6EjemVQRMZmJQFwda\nMrLU5dSuWVJYoTR6yVneSPasxHMCorTc+K3msVbP/1nh/wSls5Zj8L7jszLOqMpz\nUQL8eYN2r+A/sWFW5Ge6qGTOuOVpUS24isBwRqcyYLD7iJsIzpdebanuTNlXeJJQ\n49yPXri4nzQ4mNsiVCNFGGZyUmBzEpvcx3Lzol790Azk8SHkiGaOQJRKVr8CPszv\nZ12pIgNkADz8\n-----END CERTIFICATE-----\n" } ] } } Required Permissions: read Feature: cluster_management Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get overall status of the federation, including stub status

Request:

Method:

GET

URI Path(s):

/api/v1/sites/status

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/sites/status Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

FederationStatus+

Example Response: { "remote_connections": [ { "site_name": "site name", "stubs": { "address": "10.160.223.31", "connection_up": true } } ], "active_standby_sync_statuses": [ { "standby_site": "London", "is_data_consistent": true, "description": "status description", "status": "ONGOING", "percentage_completed": 70, "remaining_entries_to_send": 5, "sync_type": "DELTA_SYNC", "full_sync_status": { "sync_id": "9d33ec11-3c7a-46bc-80f9-88adc21c8289", "status": "COMPLETE", "sync_type": "STANDARD", "completed_at": "1600913640000", "snapshot_version": "781" } } ] } Required Permissions: read Feature: cluster_management Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get the switchover status

Request:

Method:

GET

URI Path(s):

/api/v1/sites/switchover-status

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/sites/switchover-status Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SwitchoverStatus+

Example Response: { "overall_status": "ERROR", "note": "", "current_step": { "name": "precheck", "description": "precheck", "parts": [ { "name": "precheck", "description": "precheck", "status": "ERROR", "percentage": 0, "error": "Some problem have occured" } ] }, "current_step_number", 1, "number_of_stemps", 6 } Required Permissions: read Feature: cluster_management Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get the site configuration, some attributes won't be shown based on version

Request:

Method:

GET

URI Path(s):

/api/v1/sites?version=3.0.2

/api/v1/sites?version=3.1.0

/api/v1/sites?version=latest

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/sites?version=latest Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

FederationConfiguration+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Federation: Sites (Security Settings)

Associated URIs:

GET /policy/api/v1/global-infra/sites/{site-id}/security-setting

This routine will get site security setting

This routine will get site security setting
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/sites/{site-id}/security-setting

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/global-infra/sites/London/security-setting { "air_gapped": true, "resource_type": "SiteSecuritySetting", "id": "security-setting", "display_name": "security-setting", "path": "/global-infra/sites/LM/security-setting", "relative_path": "security-setting", "parent_path": "/global-infra/sites/LM", "unique_id": "ffaca9ae-4a90-4f9f-ba88-4369e02bf3e3", "owner_id": "6c5b2358-5862-49d8-952e-611b8cd32bf1", "marked_for_delete": false, "overridden": false, "_create_time": 1718858458723, "_create_user": "admin", "_last_modified_time": 1718858458723, "_last_modified_user": "admin", "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SiteSecuritySetting+

SiteSecuritySetting (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
air_gapped	Flag to indicate air gapped deployments If true, deployment is marked as air gapped deployment and operations that requires internet connectivity are expected to be supported through Global Manager.	boolean	Default: "False"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SiteSecuritySetting	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Required Permissions: read Feature: policy_security_settings Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Hide

Associated URIs:

GET /api/v1/cluster/{cluster-node-id}/node/mode
GET /api/v1/node/mode

NodeMode

Returns current Node Mode.
Request:

Method:

GET

URI Path(s):

/api/v1/cluster/{cluster-node-id}/node/mode

/api/v1/node/mode

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/node/mode Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

NodeMode+

Example Response: { "mode_id": "VMC" } Required Permissions: read Feature: system_administration Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Inventory

Inventory: Baremetal Server Interfaces

Associated URIs:

POST /policy/api/v1/infra/baremetal-server-interfaces/tags
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/baremetal-server-interfaces/tags

Apply tags on bare metal server interface

Allows an admin to apply multiple tags to a bare metal server interface. This operation
does not store the intent on the policy side. This operation will replace the existing
tags on the bare metal server interface with the ones that have been passed. If the
application of tag fails, then an error is reported. The admin will have to retry the operation again.
Policy framework does not perform a retry. Failure could occur due to multiple
reasons. For e.g constraints like max tags limit exceeded, etc.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/baremetal-server-interfaces/tags

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/baremetal-server-interfaces/tags

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

BareMetalServerInterfaceTagList+

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/baremetal-server-interfaces/tags { "bms_interface_external_id": "74730a28-e52d-11e5-936e-6f061d405a28", "tags": [ {"scope": "os1", "tag": "NetworkInterface"}, {"scope": "security", "tag": "storage"} ] } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

BareMetalServerInterfaceTagList+

Required Permissions: crud Feature: policy_bare_metal_server_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Inventory: Context Profiles

Associated URIs:

GET /policy/api/v1/infra/context-profiles
GET /policy/api/v1/global-infra/context-profiles
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles
DELETE /policy/api/v1/infra/context-profiles/{context-profile-id}
DELETE /policy/api/v1/global-infra/context-profiles/{context-profile-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/{context-profile-id}
GET /policy/api/v1/infra/context-profiles/{context-profile-id}
GET /policy/api/v1/global-infra/context-profiles/{context-profile-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/{context-profile-id}
PATCH /policy/api/v1/infra/context-profiles/{context-profile-id}
PATCH /policy/api/v1/global-infra/context-profiles/{context-profile-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/{context-profile-id}
PUT /policy/api/v1/infra/context-profiles/{context-profile-id}
PUT /policy/api/v1/global-infra/context-profiles/{context-profile-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/{context-profile-id}
GET /policy/api/v1/infra/context-profiles/attribute-types
GET /policy/api/v1/infra/context-profiles/attributes
GET /policy/api/v1/global-infra/context-profiles/attributes
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/attributes
PATCH /policy/api/v1/infra/context-profiles/custom-attributes (Deprecated)
PATCH /policy/api/v1/global-infra/context-profiles/custom-attributes (Deprecated)
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes (Deprecated)
POST /policy/api/v1/infra/context-profiles/custom-attributes (Deprecated)
POST /policy/api/v1/global-infra/context-profiles/custom-attributes (Deprecated)
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes (Deprecated)
GET /policy/api/v1/infra/context-profiles/custom-attributes/default
GET /policy/api/v1/global-infra/context-profiles/custom-attributes/default
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes/default
PATCH /policy/api/v1/infra/context-profiles/custom-attributes/default
PATCH /policy/api/v1/global-infra/context-profiles/custom-attributes/default
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes/default
POST /policy/api/v1/infra/context-profiles/custom-attributes/default
POST /policy/api/v1/global-infra/context-profiles/custom-attributes/default
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes/default

Get PolicyContextProfiles

Get all PolicyContextProfiles
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/context-profiles

/policy/api/v1/global-infra/context-profiles

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles

Request Headers:

n/a

Query Parameters:

PolicyContextProfileListRequestParameters+

PolicyContextProfileListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
has_unsupported_app_ids	Filter by unsupported App IDs If true, returns only context profiles that contain unsupported App IDs. If false, returns only context profiles with supported App IDs. If not specified, returns all context profiles regardless of App ID status.	boolean
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/ { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type":"PolicyContextProfile", "display_name":"testPolicyContextProfile", "description":"Test Policy Context Profile", "attributes":[ { "key":"APP_ID", "value":[ "TLS" ], "datatype":"STRING", "sub_attributes":[ { "key":"TLS_VERSION", "value": [ "TLS_V13" ], "datatype":"STRING" }, { "key":"ENCRYPTION_ALGORITHM", "value": [ "TLS_RSA_EXPORT_WITH_RC4_40_MD5" ], "datatype":"STRING" } ], }, { "key":"DOMAIN_NAME", "value": [ "*.office365.com" ], "datatype":"STRING" } ] } ] } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyContextProfileListResult+

Required Permissions: read Feature: policy_context_profile Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create PolicyContextProfile

Creates/Updates a PolicyContextProfile, which encapsulates attribute and
sub-attributes of network services.
Rules for using attributes and sub-attributes in single PolicyContextProfile
1. One type of attribute can't have multiple occurrences. ( Eg. -
Attribute type APP_ID can be used only once per PolicyContextProfile.)
2. For specifying multiple values for an attribute, provide them in an array.
3. If sub-attribtes are mentioned for an attribute, then only single
value is allowed for that attribute.
4. To get a list of supported attributes and sub-attributes fire the following REST API
GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes
5. Do not create context profile with "custom_attributes" id
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/context-profiles/{context-profile-id}

/policy/api/v1/global-infra/context-profiles/{context-profile-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/{context-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

PolicyContextProfile+

PolicyContextProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attributes	Array of Policy Context Profile attributes Property containing attributes/sub-attributes for Policy Context Profile.	array of PolicyAttributes	Required
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyContextProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/context-profiles/testPolicyContextProfile { "resource_type":"PolicyContextProfile", "display_name":"testPolicyContextProfile", "description":"Test Policy Context Profile", "attributes":[ { "key":"APP_ID", "value":[ "SSL" ], "datatype":"STRING", "sub_attributes":[ { "key":"TLS_VERSION", "value":[ "TLS_V13" ], "datatype":"STRING" }, { "key":"TLS_CIPHER_SUITE", "value":[ "TLS_RSA_EXPORT_WITH_RC4_40_MD5" ], "datatype":"STRING" } ] }, { "key":"DOMAIN_NAME", "value":[ "*.office365.com" ], "datatype":"STRING" } ] } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_context_profile Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create PolicyContextProfile

Method:

PUT

URI Path(s):

/policy/api/v1/infra/context-profiles/{context-profile-id}

/policy/api/v1/global-infra/context-profiles/{context-profile-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/{context-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

PolicyContextProfile+

PolicyContextProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attributes	Array of Policy Context Profile attributes Property containing attributes/sub-attributes for Policy Context Profile.	array of PolicyAttributes	Required
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyContextProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/context-profiles/testPolicyContextProfile { "resource_type":"PolicyContextProfile", "display_name":"testPolicyContextProfile", "description":"Test Policy Context Profile", "attributes":[ { "key":"APP_ID", "value":[ "SSL" ], "datatype":"STRING", "sub_attributes":[ { "key":"TLS_VERSION", "value": [ "TLS_V13" ], "datatype":"STRING" }, { "key":"TLS_CIPHER_SUITE", "value": [ "TLS_RSA_EXPORT_WITH_RC4_40_MD5" ], "datatype":"STRING" } ] }, { "key":"DOMAIN_NAME", "value": [ "*.office365.com" ], "datatype":"STRING" } ] } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyContextProfile+

PolicyContextProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attributes	Array of Policy Context Profile attributes Property containing attributes/sub-attributes for Policy Context Profile.	array of PolicyAttributes	Required
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyContextProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Required Permissions: crud Feature: policy_context_profile Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get PolicyContextProfile

Get a single PolicyContextProfile by id
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/context-profiles/{context-profile-id}

/policy/api/v1/global-infra/context-profiles/{context-profile-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/{context-profile-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/testPolicyContextProfile { "resource_type":"PolicyContextProfile", "display_name":"testPolicyContextProfile", "description":"Test Policy Context Profile", "attributes":[ { "key":"APP_ID", "value":[ "TLS" ], "datatype":"STRING", "sub_attributes":[ { "key":"TLS_VERSION", "value": [ "TLS_V13" ], "datatype":"STRING" }, { "key":"ENCRYPTION_ALGORITHM", "value": [ "TLS_RSA_EXPORT_WITH_RC4_40_MD5" ], "datatype":"STRING" } ], }, { "key":"DOMAIN_NAME", "value": [ "*.office365.com" ], "datatype":"STRING" } ] } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyContextProfile+

PolicyContextProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attributes	Array of Policy Context Profile attributes Property containing attributes/sub-attributes for Policy Context Profile.	array of PolicyAttributes	Required
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyContextProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Required Permissions: read Feature: policy_context_profile Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete Policy Context Profile

Deletes the specified Policy Context Profile. If the Policy Context
Profile is consumed in a firewall rule, it won't get deleted.
Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/context-profiles/{context-profile-id}

/policy/api/v1/global-infra/context-profiles/{context-profile-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/{context-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideDeleteRequestParameters+

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/context-profiles/testPolicyContextProfile Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_context_profile Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List Context Profile supported attribute types

Returns supported attribute type strings for Context Profile.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/context-profiles/attribute-types

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/policy/api/v1/infra/context-profiles/attribute-types Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ProfileSupportedAttributeTypesResult+

Example Response: { "attribute_types": [ "APP_ID", "DOMAIN_NAME", "URL_CATEGORY", "URL_REPUTATION", "CUSTOM_URL" ] } Required Permissions: read Feature: policy_context_profile Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List Policy Context Profile supported attributes and sub-attributes

Returns supported attribute and sub-attributes for specified
attribute key with their supported values, if provided in query/request
parameter, else will fetch all supported attributes and sub-attributes for
all supported attribute keys.
Alternatively, to get a list of supported attributes and sub-attributes fire the following REST API
GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/context-profiles/attributes

/policy/api/v1/global-infra/context-profiles/attributes

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/attributes

Request Headers:

n/a

Query Parameters:

ProfileSupportedAttributesListRequestParameters+

ProfileSupportedAttributesListRequestParameters (schema)

Name	Description	Type	Notes
attribute_key	Fetch attributes and sub-attributes for the given attribute key It fetches attributes and subattributes for the given attribute key supported in the system which can be used for Policy Context Profile creation.	string
attribute_source	Source of the attribute, System Defined or custom It fetches attributes and sub attributes for the given attribute key based on the source of attribute which can be used for Policy Context Profile creation.	string	Enum: ALL, CUSTOM, SYSTEM Default: "SYSTEM"
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyContextProfileListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "attributes":[ { "key":"APP_ID", "value": [ "SSL" ], "datatype":"STRING", "description":"SSL (Secure Sockets Layer) is a cryptographic protocol that provides security over the Internet.", "sub_attributes":[ { "key":"TLS_VERSION", "value": [ "TLS_V10", "TLS_V11", "TLS_V12", "TLS_V13" ], "datatype":"STRING" }, { "key":"TLS_CIPHER_SUITE", "value": [ "TLS_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", ] "datatype":"STRING" } ], }, { "key":"DOMAIN_NAME", "value": [ "*.office365.com" ], "datatype":"STRING", "description":"Office 365 url" } ] } ] } Required Permissions: read Feature: policy_context_profile Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Update custom object attribute value list for given attribute key (Deprecated)

This API updates custom attribute value list for given key.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/context-profiles/custom-attributes

/policy/api/v1/global-infra/context-profiles/custom-attributes

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

PolicyAttributes+

PolicyAttributes (schema)

Name	Description	Type	Notes
attribute_source	Source of attribute value i.e whether system defined or custom value	string	Enum: SYSTEM, CUSTOM Default: "SYSTEM"
custom_url_partial_match	true value would be treated as a partial match for custom url True value for this flag will be treated as a partial match for custom url	boolean
datatype	Datatype for attribute	string	Required Enum: STRING
description	Description for attribute value	string
isALGType	Is the value ALG type Describes whether the APP_ID value is ALG type or not.	boolean
key	Key for attribute Policy Attribute Key - Denotes the type of attribute we are adding to the context profile or the L7 access profile. The keys has to be one of the enums defined for this field.	string	Required Enum: APP_ID, DOMAIN_NAME, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL
metadata	Provide additional meta information about key/values This is optional part that can hold additional data about the attribute key/values. Example - For URL CATEGORY key , it specified super category for url category value. This is generic array and can hold multiple meta information about key/values in future	array of ContextProfileAttributesMetadata
sub_attributes	Reference to sub attributes for the attribute	array of PolicySubAttributes
value	Value for attribute key Multiple attribute values can be specified as elements of array.	array of string	Required Minimum items: 1

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/context-profiles/custom-attributes Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: { "key":"DOMAIN_NAME", "value":[ "*.office365.com", "*.azure.com" ], "datatype":"STRING" } Required Permissions: crud Feature: policy_context_profile Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Adds/Removes custom attribute values from list (Deprecated)

This API adds/removes custom attribute values from list for a given attribute key.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/context-profiles/custom-attributes

/policy/api/v1/global-infra/context-profiles/custom-attributes

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes

Request Headers:

n/a

Query Parameters:

CustomAttributeAction+

Request Body:

PolicyAttributes+

PolicyAttributes (schema)

Name	Description	Type	Notes
attribute_source	Source of attribute value i.e whether system defined or custom value	string	Enum: SYSTEM, CUSTOM Default: "SYSTEM"
custom_url_partial_match	true value would be treated as a partial match for custom url True value for this flag will be treated as a partial match for custom url	boolean
datatype	Datatype for attribute	string	Required Enum: STRING
description	Description for attribute value	string
isALGType	Is the value ALG type Describes whether the APP_ID value is ALG type or not.	boolean
key	Key for attribute Policy Attribute Key - Denotes the type of attribute we are adding to the context profile or the L7 access profile. The keys has to be one of the enums defined for this field.	string	Required Enum: APP_ID, DOMAIN_NAME, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL
metadata	Provide additional meta information about key/values This is optional part that can hold additional data about the attribute key/values. Example - For URL CATEGORY key , it specified super category for url category value. This is generic array and can hold multiple meta information about key/values in future	array of ContextProfileAttributesMetadata
sub_attributes	Reference to sub attributes for the attribute	array of PolicySubAttributes
value	Value for attribute key Multiple attribute values can be specified as elements of array.	array of string	Required Minimum items: 1

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/context-profiles/custom-attributes?action=add Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: { "key":"DOMAIN_NAME", "value":[ "*.office365.com", "*.azure.com" ], "datatype":"STRING" } Required Permissions: crud Feature: policy_context_profile Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Update custom attribute value list for given attribute key.

This API updates custom attribute value list for given key in the request. This replaces the
existing list with the list provided in the request
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/context-profiles/custom-attributes/default

/policy/api/v1/global-infra/context-profiles/custom-attributes/default

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes/default

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

PolicyCustomAttributes+

PolicyCustomAttributes (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attribute_source	Source of attribute value i.e whether system defined or custom value	string	Enum: CUSTOM, SYSTEM Default: "CUSTOM"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
datatype	Datatype for attribute	string	Required Enum: STRING
description	Description for attribute value	string
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
key	Key for attribute Policy Custom Attribute Key	string	Required Enum: DOMAIN_NAME, CUSTOM_URL
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
metadata	Provide additional meta information about key/values This is optional part that can hold additional data about the attribute key/values. Example - For Custom URL key , it specified url type for url value. This is generic array and can hold multiple meta information about key/values in future	array of ContextProfileAttributesMetadata
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyCustomAttributes	string
sub_attributes	Reference to sub attributes for the attribute	array of PolicySubAttributes
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
value	Value for attribute key Multiple attribute values can be specified as elements of array.	array of string	Required Minimum items: 1

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/context-profiles/custom-attributes/default { "key":"DOMAIN_NAME", "value":[ "*.customdomainname1.com", "*.customdomainname2.com" ], "datatype":"STRING" } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_context_profile Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Retrieves custom attribute values for given attribute key

This API lists all the custom attribute values defined in the system for the attribute_key
mentioned as part of the url.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/context-profiles/custom-attributes/default

/policy/api/v1/global-infra/context-profiles/custom-attributes/default

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes/default

Request Headers:

n/a

Query Parameters:

ProfileSupportedAttributesListRequestParameters+

ProfileSupportedAttributesListRequestParameters (schema)

Name	Description	Type	Notes
attribute_key	Fetch attributes and sub-attributes for the given attribute key It fetches attributes and subattributes for the given attribute key supported in the system which can be used for Policy Context Profile creation.	string
attribute_source	Source of the attribute, System Defined or custom It fetches attributes and sub attributes for the given attribute key based on the source of attribute which can be used for Policy Context Profile creation.	string	Enum: ALL, CUSTOM, SYSTEM Default: "SYSTEM"
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/custom-attributes/default?attribute_key=DOMAIN_NAME Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyContextProfileListResult+

Example Response: { "key":"DOMAIN_NAME", "value":[ "*.office365.com", "*.azure.com" ], "datatype":"STRING" } Required Permissions: read Feature: policy_context_profile Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Adds/Removes custom attribute values from list

This API adds/removes custom attribute values from list for a given attribute key. The values in the
request will be added or removed from the existing list.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/context-profiles/custom-attributes/default

/policy/api/v1/global-infra/context-profiles/custom-attributes/default

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes/default

Request Headers:

n/a

Query Parameters:

CustomAttributeAction+

Request Body:

PolicyCustomAttributes+

PolicyCustomAttributes (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attribute_source	Source of attribute value i.e whether system defined or custom value	string	Enum: CUSTOM, SYSTEM Default: "CUSTOM"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
datatype	Datatype for attribute	string	Required Enum: STRING
description	Description for attribute value	string
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
key	Key for attribute Policy Custom Attribute Key	string	Required Enum: DOMAIN_NAME, CUSTOM_URL
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
metadata	Provide additional meta information about key/values This is optional part that can hold additional data about the attribute key/values. Example - For Custom URL key , it specified url type for url value. This is generic array and can hold multiple meta information about key/values in future	array of ContextProfileAttributesMetadata
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyCustomAttributes	string
sub_attributes	Reference to sub attributes for the attribute	array of PolicySubAttributes
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
value	Value for attribute key Multiple attribute values can be specified as elements of array.	array of string	Required Minimum items: 1

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/context-profiles/custom-attributes/default?action=add { "key":"DOMAIN_NAME", "value":[ "*.customdomainname5.com", "*.customdomainname6.com" ], "datatype":"STRING" } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_context_profile Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Inventory: Group Members

Associated URIs:

GET /policy/api/v1/infra/bms-group-associations
GET /policy/api/v1/global-infra/bms-group-associations
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/bms-group-associations
GET /policy/api/v1/infra/bmsi-group-associations
GET /policy/api/v1/global-infra/bmsi-group-associations
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/bmsi-group-associations
GET /policy/api/v1/infra/cloud-native-service-group-associations
GET /policy/api/v1/global-infra/cloud-native-service-group-associations
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/associated-kubernetes-clusters
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/antrea-egresses
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/antrea-ip-pools
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/bms
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/bms
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/bmsi
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/bmsi
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/cloud-native-service-instances
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/cloud-native-service-instances
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/consolidated-effective-ip-addresses
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/dvpg
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/dvpg
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/dvports
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/dvports
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/identity-groups
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/ip-groups
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/ip-groups
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/ip-groups
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-gateways
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-ingresses
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-node-ips
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-node-pod-cidrs
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-services
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/logical-ports (Deprecated)
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/logical-ports (Deprecated)
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/logical-ports (Deprecated)
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/logical-switches (Deprecated)
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/logical-switches (Deprecated)
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/logical-switches (Deprecated)
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/pods
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/pods
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/pods
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/segment-ports
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/segment-ports
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/segment-ports
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/segments
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/segments
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/segments
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/transport-nodes
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/vifs
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/vifs
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/vifs
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/vpcs
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/vpcs
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/vpcs
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/statistics/virtual-machines (Deprecated)
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/statistics/virtual-machines (Deprecated)
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/tags
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/tags
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/tags
GET /policy/api/v1/infra/group-associations
GET /policy/api/v1/global-infra/group-associations
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/group-associations
GET /policy/api/v1/infra/identity-group-associations
GET /policy/api/v1/infra/ip-address-group-associations
GET /policy/api/v1/global-infra/ip-address-group-associations
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/ip-address-group-associations
GET /policy/api/v1/infra/pod-group-associations
GET /policy/api/v1/global-infra/pod-group-associations
GET /policy/api/v1/infra/virtual-machine-group-associations
GET /policy/api/v1/global-infra/virtual-machine-group-associations
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/virtual-machine-group-associations
GET /policy/api/v1/infra/virtual-network-interface-group-associations
GET /policy/api/v1/global-infra/virtual-network-interface-group-associations
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/virtual-network-interface-group-associations

Get groups for which the given bare metal server (BMS) is a member

Get policy groups for which the given bare metal server (BMS) is a member.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/bms-group-associations

/policy/api/v1/global-infra/bms-group-associations

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/bms-group-associations

Request Headers:

n/a

Query Parameters:

BareMetalServerGroupAssociationRequestParams+

BareMetalServerGroupAssociationRequestParams (schema)

Name	Description	Type	Notes
bms_external_id	BMS external ID	string	Required
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/bms-group-associations?bms_external_id=564de333-15ac-de52-da90-974fe099a17b&enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyResourceReferenceForEPListResult+

Example Response: { "result_count": 2, "results": [ { { "path" : "/infra/domains/domain1/groups/g1", "target_id" : "g1", "target_display_name" : "group-1", "target_type" : "DOMAIN_GROUP", "is_valid" : "true", "owner_id": "4c5c5516-087a-47cd-9fba-a7669775d308", "origin_site_id": "4c5c5516-087a-47cd-9fba-a7669775d308" }, { "path" : "/infra/domains/domain1/groups/g2", "target_id" : "g2", "target_display_name" : "group-2", "target_type" : "DOMAIN_GROUP", "is_valid" : "true", "owner_id": "4c5c5516-087a-47cd-9fba-a7669775d308", "origin_site_id": "4c5c5516-087a-47cd-9fba-a7669775d308" } } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get groups for which the given bare metal server interface (BMSI) is a member

Get policy groups for which the given bare metal server interface (BMSI) is a member.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/bmsi-group-associations

/policy/api/v1/global-infra/bmsi-group-associations

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/bmsi-group-associations

Request Headers:

n/a

Query Parameters:

BareMetalServerInterfaceGroupAssociationRequestParams+

BareMetalServerInterfaceGroupAssociationRequestParams (schema)

Name	Description	Type	Notes
bmsi_external_id	BMSI external ID	string	Required
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/bmsi-group-associations?bmsi_external_id=564de333-15ac-de52-da90-974fe099a17b&enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyResourceReferenceForEPListResult+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get groups for which the given Cloud Native Service Instance is a member

Get policy groups for which the given Cloud Native Service Instance is a member.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/cloud-native-service-group-associations

/policy/api/v1/global-infra/cloud-native-service-group-associations

Request Headers:

n/a

Query Parameters:

CNSGroupAssociationRequestParams+

CNSGroupAssociationRequestParams (schema)

Name	Description	Type	Notes
cns_external_id	Cloud Native Service external ID	string	Required
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/cloud-native-service-group-associations?cns_external_id=564de333-15ac-de52-da90-974fe099a17b&enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyResourceReferenceForEPListResult+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get associated kubernetes clusters for given group

Get list of clusters associated to this Group. This API is applicable for Groups
containing kubernetes resources. For Groups containing other member types an empty list is returned.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/associated-kubernetes-clusters

Request Headers:

n/a

Query Parameters:

AssociatedKubernetesClusterListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/associated-kubernetes-clusters Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupAssociatedKubernetesClusterListResult+

Example Response: { "results": [ { "clusters": [ { "external_id": "6ar43cd0-6f0a-40b0-a31a-1f55d51e1824", "display_name": "tenant1" }, { "external_id": "77r43cd0-6f0a-40b0-a31a-1f55d51e1824", "display_name": "tenant2" } ] } ], "result_count": 2, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get antrea egresses that belong to this Group

Get antrea egresses that belong to this Group. This API is applicable for Groups
containing AntreaEgress member type. For
Groups containing other member types an empty list is returned
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/antrea-egresses

Request Headers:

n/a

Query Parameters:

PolicyKubernetesListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/antrea-egresses?cluster_id=6ar43cd0-6f0a-40b0-a31a-1f55d51e1824 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupAntreaEgressListResult+

Example Response: { "results": [ { "clusters": [ { "external_id": "6ar43cd0-6f0a-40b0-a31a-1f55d51e1824", "display_name": "ANTK01", "antrea-egresses": [ { "external_id": "564de333-15ac-de52-da90-974fe099a17b", "display_name": "egress-prod-web", "egress_ip": "10.10.0.8" }, { "external_id": "564de333-15ac-de52-da90-974fe099a17b", "display_name": "egress-staging-web", "egress_ip": "192.168.20.1" } ] } ] } ], "result_count": 2, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get antrea ippools that belong to this Group

Get antrea ippools that belong to this Group. This API is applicable for Groups
containing AntreaIPPool member type. For
Groups containing other member types an empty list is returned
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/antrea-ip-pools

Request Headers:

n/a

Query Parameters:

PolicyKubernetesListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/antrea-ip-pools?cluster_id=6ar43cd0-6f0a-40b0-a31a-1f55d51e1824 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupAntreaIPPoolListResult+

Example Response: { "results": [ { "clusters": [ { "external_id": "6ar43cd0-6f0a-40b0-a31a-1f55d51e1824", "display_name": "ANTK01", "antrea_ip_pools": [ { "external_id": "564de333-15ac-de52-da90-974fe099a17b", "display_name": "prod-ip-pool", "ip_ranges": [ { "cidr": "10.10.1.0/28", "start": "10.10.1.0", "end": "10.10.1.15", "gateway": "10.10.1.0", "prefix_length": 28, "vlan": 1 } ] } ] } ] } ], "result_count": 1, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get Effective Bare Metal Servers(BMS) that belong to this group.

Returns Effective Bare metal servers(BMS) that belong to this group.
This API is applicable only for Groups containing BMS member type.
For Groups containing other member types,it returns an empty list.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/bms

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/bms

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/bms?enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

BareMetalServerListResult+

Example Response: { "cursor" : "00361f148bdc-fe7c-4320-8ef3-594e28d57c87Iws-2", "result_count": 1, "results": [ { "display_name": "BM-1", "tags": [ { "scope": "os", "tag": "linux86" } ], "resource_type": "BareMetalServer", "source_id": "74730a28-e52d-11e5-936e-6f061d405a11", "external_id": "74730a28-e52d-11e5-936e-6f061d405a22", "cpu_cores": 4 "os_info": { "os_name": "Ubuntu Linux (64-bit)", "os_version": "20.0" }, "_last_sync_time": 1493291539130 } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get Effective Bare Metal Server Interfaces(BMSI) that belong to this group.

Returns Effective Bare metal server interfaces (BMSI) that belong to this group.
This API is applicable only for Groups containing BMSI member type.
For Groups containing other member types,it returns an empty list.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/bmsi

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/bmsi

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/bmsi?enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

BareMetalServerInterfaceListResult+

Example Response: { "cursor" : "00361f148bdc-fe7c-4320-8ef3-594e28d57c87Iws-2", "result_count": 1, "results": [ { "external_id": "5006d98a-352f-134f-df6b-33e7f8d5de65", "tags": [ { "scope": "os", "tag": "linux86" } ], "resource_type": "BareMetalServerInterface", "bms_external_id": "5006d98a-352f-134f-df6b-33e7f8d54444", "display_name": "Interface1", "ip_addresses": [ "172.16.20.10", "fe80::250:56ff:fe86:f2b2" ], "mac_address": "00:50:56:86:f2:b2", "source_id": "74730a28-e52d-11e5-936e-6f061d405a28", "is_mgmt_interface": "true", "state": "UP" } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get Effective Cloud Native Service Instances that belong to this group.

Returns Effective Cloud Native Service Instances that belong to this group.
This API is applicable only for Groups containing CloudNativeServiceInstance member type.
For Groups containing other member types,it returns an empty list.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/cloud-native-service-instances

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/cloud-native-service-instances

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/cloud-native-service-instances?enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupMembersListResult+

Example Response: { "cursor" : "00361f148bdc-fe7c-4320-8ef3-594e28d57c87Iws-2", "result_count" : 1, "results" : [ { "display_name" : "CNS-2", "id" : "420e72c9-55e7-a4f7-81bf-673a2af1a6cf" } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get consolidated effective IPAddress translated from this group across site

Returns the consolidated effective IP address members of the specified Group. This is applicable in the case of a
federated environment. The response includes a site-wise list of static and dynamically translated effective IP
address members. If the group evaluation on a site is empty, the response will contain the site-id with empty list.
If a group is a reference group on a site, then its consolidated effective IP response will contain the effective IPs
from other sites, and the response will contain an empty list of IPs for the sites where is it a reference group.

This API is applicable only for Global Groups that contain (either directly or via nesting) VirtualMachine,
VIF, Segment, SegmentPort, or IPSet member types. Please use the cursor value in the response to fetch the next page.
If there is no cursor value in the response, it indicates that it is the last page of results for the query.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/consolidated-effective-ip-addresses

Request Headers:

n/a

Query Parameters:

ConsolidatedEffectiveIPListRequestParameters+

ConsolidatedEffectiveIPListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point on which the API needs to be executed. Forward slashes must be escaped using %2F.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
ip_filter	An IPAddress or subnet for filtering the results. This filter can be used to verify an ip membership in the effective results	IPElement
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
site_id	UUID of the site from which the effective IP addresses are to be fetched	string
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: Group demo1 have dynamic criteria based on vm name contains 'vm' and 2 static IPs "fd01:0:101:2600:20c:29ff:fe23:eef3","25.1.1.4/30". Request for Group in Federation environment on Paris LM: GET https://{{paris-site-ip}}/policy/api/v1/global-infra/domains/default/groups/demo1/members/consolidated-effective-ip-addresses?enforcement_point_path=/global-infra/sites/Paris/enforcement-points/default Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ConsolidatedEffectiveIPAddressMemberListResult+

Example Response: { "results": [ { "site_id": "e977e929-255e-41c0-a938-a35d12f860ee", "effective_ips": [ "fd01:0:101:2600:20c:29ff:fe23:eef3", "25.1.1.4/30", "10.160.8.45", "10.160.16.77" ] }, { "site_id": "210d7017-5dca-4901-bfcc-c63928215160", "effective_ips": [ "fd01:0:101:2600:20c:29ff:fe23:eef3", "25.1.1.4/30", "10.160.10.118", "10.160.27.172" ] }, { "site_id": "fa8be70f-b592-4cb1-add9-b89ccdfd3ee3", "effective_ips": [ "fd01:0:101:2600:20c:29ff:fe23:eef3", "25.1.1.4/30", "10.160.15.134", "10.160.26.223" ] } ], "cursor": "7806177147493-0" } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get Discovered Port Groups that belong to this Group

Get Discovered Port Groups that belong to this Group
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/dvpg

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/dvpg

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/dvpg?enforcement_point_path=/infra/sites/default/enforcement-points/default Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupMembersListResult+

Example Response: { "results": [ { "id": "dvpg-1", "display_name": "segment-1", "path": "/infra/segments/segment-1" } ], "result_count": 1, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get discovered ports that belong to this Group

Get discovered ports that belong to this Group
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/dvports

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/dvports

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/segment-ports?enforcement_point_path=/infra/sites/default/enforcement-points/default Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupMembersListResult+

Example Response: { "results": [ { "id": "default:4a5a3cd0-6f0a-40b0-a31a-1f55d51e1824", "display_name": "nbokare-10.160.129.166-vdtest-97902/VM-1-10.160.129.166-20190505-122351-03783733@b089f7e1-433f-4ecc-9722-ab5f2b66d391", "path": "/infra/segments/segment-1/ports/default:4a5a3cd0-6f0a-40b0-a31a-1f55d51e1824" } ], "result_count": 1, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get Effective Identity Groups that belong to this group.

Returns Effective Identiy Groups that belong to this group.
This API is applicable only for Groups containing IdentityGroup member type.
For Groups containing other member types,it returns an empty list.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/identity-groups

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/identity-groups?enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupMembersListResult+

Example Response: { "cursor": "00361f148bdc-fe7c-4320-8ef3-594e28d57c87Iws-2", "sort_ascending": true, "result_count": 2, "results": [ { "id" : "fcb51d1d-b141-4f5b-a0b9-1063a1470a63", "display_name" : "ADGroup1" }, { "id" : "3eecac54-15e7-4a0d-b418-001052fcfdcd", "display_name" : "ADGroup2" } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get IP addresses that belong to this Group

Get IP addresses that belong to this Group.
This API is applicable for Groups containing either VirtualMachine, VIF,
Segment ,Segment Port or IP Address member type.For Groups containing other
member types,an empty list is returned
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/ip-addresses?enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupIPMembersListResult+

Example Response: { "result_count": 3, "results": [ "192.168.0.0/24", "192.168.0.1", "192.168.0.1-192.168.0.100" ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get Effective IPGroups that belong to this group.

Returns effective IPGroups that belong to this group.
This API is applicable only for Groups containing IPSet member type.
For Groups containing other member types,it returns an empty list.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/ip-groups

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/ip-groups

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/ip-groups

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/ip-groups?enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupMembersListResult+

Example Response: { "cursor": "00361f148bdc-fe7c-4320-8ef3-594e28d57c87Iws-2", "sort_ascending": true, "result_count": 2, "results": [ { "target_id" : "fcb51d1d-b141-4f5b-a0b9-1063a1470a63", "target_display_name" : "IPSet1", "target_type" : "IPSet", }, { "id" : "3eecac54-15e7-4a0d-b418-001052fcfdcd", "display_name" : "IPSet2", "target_type" : "IPSet" } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get kubernetes gateways that belong to this Group

Get kubernetes gateways that belong to this Group. This API is applicable for Groups
containing KubernetesGateway member type. For
Groups containing other member types an empty list is returned
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-gateways

Request Headers:

n/a

Query Parameters:

PolicyKubernetesListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/kubernetes-gateways?cluster_id=6ar43cd0-6f0a-40b0-a31a-1f55d51e1824 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupKubernetesGatewayListResult+

Example Response: { "results": [ { "clusters": [ { "external_id": "6ar43cd0-6f0a-40b0-a31a-1f55d51e1824", "display_name": "ANTK01", "namespaces": [ { "external_id": "e0b2ec27-852d-4cc3-9818-b5869e7589e6", "display_name": "kube-node-lease", "kubernetes_gateways": [ { "external_id": "564de333-15ac-de52-da90-974fe099a17b", "display_name": "external-http", "gateway_ip_addresses": [ "192.168.1.14" ] }, { "external_id": "3de1ba27-61fe-4f27-b116-11f9ec312fcb", "display_name": "internal-http", "gateway_ip_addresses": [ "192.168.1.15" ] }, { "external_id": "34b5793c-af87-41c4-80fa-f87fff77ef53", "display_name": "internal-named-http", "gateway_ip_addresses": [ "192.168.1.16" ] } ] } ] } ] } ], "result_count": 3, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get kubernetes ingress policies that belong to this Group

Get kubernetes ingress policies that belong to this Group. This API is applicable for Groups
containing KubernetesIngress member type. For
Groups containing other member types an empty list is returned
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-ingresses

Request Headers:

n/a

Query Parameters:

PolicyKubernetesListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/kubernetes-ingresses?cluster_id=6ar43cd0-6f0a-40b0-a31a-1f55d51e1824 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupKubernetesIngressListResult+

Example Response: { "results": [ { "clusters": [ { "external_id": "6ar43cd0-6f0a-40b0-a31a-1f55d51e1824", "display_name": "ANTK01", "namespaces": [ { "external_id": "e0b2ec27-852d-4cc3-9818-b5869e7589e6", "display_name": "kube-node-lease", "kubernetes_ingresses": [ { "external_id": "564de333-15ac-de52-da90-974fe099a17b", "display_name": "nginx-example", "load_balance_ingress_ip_addresses": [ "10.10.1.0", "10.10.2.0", "" ] }, { "external_id": "564de333-15ac-de52-da90-974fe099a17b", "display_name": "ingress-resource-backend", "load_balance_ingress_ip_addresses": [ "10.10.3.0", "10.10.4.0", "" ] } ] } ] } ] } ], "result_count": 2, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get kubernetes nodes that belong to this Group

Get kubernetes nodes that belong to this Group. This API is applicable for Groups
containing KubernetesNode member type with key as IP_ADDRESSES. For
Groups containing other member types an empty list is returned
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-node-ips

Request Headers:

n/a

Query Parameters:

PolicyKubernetesListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/kubernetes-node-ips?cluster_id=6ar43cd0-6f0a-40b0-a31a-1f55d51e1824 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupKubernetesNodeListResult+

Example Response: { "results": [ { "clusters": [ { "external_id": "6ar43cd0-6f0a-40b0-a31a-1f55d51e1824", "display_name": "ANTK01", "kubernetes_nodes": [ { "external_id": "564de333-15ac-de52-da90-974fe099a17b", "display_name": "workload-control-plane-jsz27", "ip_addresses": [ "10.217.161.107" ] }, { "external_id": "0222a09f-f806-4c41-840e-d0970690998c", "display_name": "workload-md-0-d4c86fd4d-kqd56", "ip_addresses": [ "10.217.161.106", "10.217.161.107" ] } ] } ] } ], "result_count": 2, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get kubernetes node pod cidrs that belong to this Group

Get kubernetes node pod cidrs that belong to this Group. This API is applicable for Groups
containing KubernetesNode member type with key as POD_CIDRS. For
Groups containing other member types an empty list is returned
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-node-pod-cidrs

Request Headers:

n/a

Query Parameters:

PolicyKubernetesListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/kubernetes-node-pod-cidrs?cluster_id=6ar43cd0-6f0a-40b0-a31a-1f55d51e1824 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupPodCidrListResult+

Example Response: { "results": [ { "clusters": [ { "external_id": "6ar43cd0-6f0a-40b0-a31a-1f55d51e1824", "display_name": "ANTK01", "kubernetes_nodes" : [ { "pod_cidrs" : [ "10.221.121.206/32", "FE80::/64" ], "external_id" : "873eee86-8331-4b84-a278-4b132f4cbd17", "display_name" : "workload-control-plane-jsz27" }, { "pod_cidrs" : [ "10.221.121.205/32", "FE80::/64" ], "external_id" : "cc54a04d-0aba-4a24-9e6a-0a7372202242", "display_name" : "workload-md-0-d4c86fd4d-kqd56" } ] } ] } ], "result_count": 2, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get kubernetes services that belong to this Group

Get kubernetes services that belong to this Group. This API is applicable for Groups
containing KubernetesService member type. For
Groups containing other member types an empty list is returned
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-services

Request Headers:

n/a

Query Parameters:

PolicyKubernetesListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/kubernetes-services?cluster_id=6ar43cd0-6f0a-40b0-a31a-1f55d51e1824 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupKubernetesServiceListResult+

Example Response: { "results": [ { "clusters": [ { "external_id": "6ar43cd0-6f0a-40b0-a31a-1f55d51e1824", "display_name": "ANTK01", "namespaces": [ { "external_id": "e0b2ec27-852d-4cc3-9818-b5869e7589e6", "display_name": "kube-node-lease", "kubernetes_services": [ { "external_id": "564de333-15ac-de52-da90-974fe099a17b", "display_name": "frontend", "type": "LoadBalancer", "load_balance_ingress_ip_addresses": [ "100.71.35.11", "" ], "node_port_local_endpoints": [ ], "cluster_ips": [ ] }, { "external_id": "34b5793c-af87-41c4-80fa-f87fff77ef53", "display_name": "kubernetes", "type": "ClusterIP", "load_balance_ingress_ip_addresses": [ ], "node_port_local_endpoints": [ { "node_ip": "100.71.35.11", "node_port": "30007" } ], "cluster_ips": [ "100.64.147.218" ] } ] } ] } ] } ], "result_count": 2, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get logical ports that belong to this Group (Deprecated)

Get logical ports that belong to this Group
This API is applicable for Groups containing either VirtualMachine, VIF,
Segment or Segment Port member type.For Groups containing other
member types,an empty list is returned.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/logical-ports

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/logical-ports

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/logical-ports

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/logical-ports?enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupMembersListResult+

Example Response: { "result_count": 2, "results": [ { "id" : "20c1ac1f-58b5-4241-a352-f8e82c4a8c65", "display_name" : "LP-HR1" }, { "id" : "c07005fe-4a9a-47f1-9a1e-2db65a285124", "display_name" : "LP-HR2" } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get logical switches that belong to this Group (Deprecated)

Get logical switches that belong to this Group.
This API is applicable for Groups containing Segment member type.
For Groups containing other member types, an empty list is returned.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/logical-switches

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/logical-switches

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/logical-switches

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/logical-switches?enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupMembersListResult+

Example Response: { "result_count": 2, "results": [ { "id" : "20c1ac1f-58b5-4241-a352-f8e82c4a8c65", "display_name" : "LS-HR1" }, { "id" : "c07005fe-4a9a-47f1-9a1e-2db65a285124", "display_name" : "LS-HR2" } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get pods that belong to this Group

Get pods that belong to this Group. This API is applicable for Groups
containing either Pod, Cluster, Namespace, Service member type. For
Groups containing other member types an empty list is returned
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/pods

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/pods

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/pods

Request Headers:

n/a

Query Parameters:

ContainerListRequestParameters+

ContainerListRequestParameters (schema)

Name	Description	Type	Notes
cluster_id	Cluster ID ID of the cluster to query	string
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/pods?enforcement_point_path=/infra/sites/default/enforcement-points/default&cluster_id=6ar43cd0-6f0a-40b0-a31a-1f55d51e1824 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyContainerGroupMembersListResult+

Example Response: { "results": [ { "cluster_id":"6ar43cd0-6f0a-40b0-a31a-1f55d51e1824", "pods":[ { "id": "4a5a3cd0-6f0a-40b0-a31a-1f55d51e1824", "display_name": "Container1" }, { "id": "54R3W356-6f0a-40b0-a31a-1f55d51e1824", "display_name": "Container2" } ] } ], "result_count": 1, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get segment ports that belong to this Group

Get segment ports that belong to this Group
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/segment-ports

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/segment-ports

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/segment-ports

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/segment-ports?enforcement_point_path=/infra/sites/default/enforcement-points/default Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupMembersListResult+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get segments that belong to this Group

Get segments that belong to this Group
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/segments

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/segments

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/segments

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/segments?enforcement_point_path=/infra/sites/default/enforcement-points/default Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupMembersListResult+

Example Response: { "results": [ { "id": "segment-1", "display_name": "segment-1", "path": "/infra/segments/segment-1" } ], "result_count": 1, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get effective transport node members that belong to this group

Get effective transport node members that belong to this Group.
This API is applicable only for Groups containing TransportNode member type.
For Groups containing other member types,an empty list is returned.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/transport-nodes

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/transport-nodes?enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupMembersListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "id": "5327b241-7fdd-4d41-9e93-76e006b8a4c2", "display_name" : "TransportNode-1" } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get Virtual Network Interface instances that belong to this Group

Get Virtual Network Interface instances that belong to this Group.
This API is applicable for Groups containing VirtualNetworkInterface and VirtualMachine member types.
For Groups containing other member types,an empty list is returned.target_id in response
is external_id of VirtualNetworkInterface or VirtualMachine.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/vifs

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/vifs

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/vifs

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/vifs?enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

VirtualNetworkInterfaceListResult+

Example Response: { "results": [ { "external_id": "564dda4e-bc05-061c-dac7-7a314e0e0c9c-4000", "owner_vm_id": "1778a2b0-7f9b-4c64-806c-bc13d6d60762", "owner_vm_type": "REGULAR", "host_id": "28477562-ea6f-11e9-9c84-f98983786a98", "vm_local_id_on_host": "1", "device_key": "4000", "device_name": "Network adapter 1", "mac_address": "00:0c:29:0e:0c:9c", "ip_address_info": [ { "source": "VM_TOOLS", "ip_addresses": [ "10.170.66.155", "fd01:3:4:2825:c5dc:25a5:fbb9:6762", "fd01:3:4:2825:2c49:a400:48df:23dd", "fd01:3:4:2825:34ca:5670:96e0:6edf", "fd01:3:4:2825:d9e4:5e51:6df6:c93e", "fd01:3:4:2825:b002:86da:30d4:1030", "fd01:3:4:2825:20c:29ff:fe0e:c9c", "fe80::20c:29ff:fe0e:c9c", "fd01:3:4:2825:eddf:5879:67d5:6293", "fd01:3:4:2825:f027:6316:8de5:3a29" ] } ], "resource_type": "VirtualNetworkInterface", "display_name": "Network adapter 1", "_last_sync_time": 0 } ], "result_count": 1, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get Virtual machines that belong to this Group

Get Virtual machines that belong to this Group.
This API is applicable for Groups containing VirtualMachine,member type.
For Groups containing other member types,an empty list is returned.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/virtual-machines?enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

RealizedVirtualMachineListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "RealizedVirtualMachine", "id": "564de333-15ac-de52-da90-974fe099a17b", "display_name": "1-vm_ubuntu_1404_srv_64-local-586-bb9bbaf4-7f29-4e7a-9216-ef33890bf081", "path": "/infra/realized-state/enforcement-points/nsx-1/virtual-machines/564de333-15ac-de52-da90-974fe099a17b", "parent_path": "/infra/realized-state/enforcement-points/nsx-1", "relative_path": "564de333-15ac-de52-da90-974fe099a17b", "intent_reference": [], "realization_specific_identifier": "564de333-15ac-de52-da90-974fe099a17b", "alarms": [], "state": "REALIZED", "runtime_status": "UNKNOWN", "compute_ids": [ "moIdOnHost:1", "hostLocalId:1", "locationId:564de333-15ac-de52-da90-974fe099a17b", "instanceUuid:bb9bbaf4-7f29-4e7a-9216-ef33890bf081", "externalId:564de333-15ac-de52-da90-974fe099a17b", "biosUuid:564de333-15ac-de52-da90-974fe099a17b" ], "power_state": "VM_RUNNING", "_create_user": "system", "_create_time": 1519383616259, "_last_modified_user": "system", "_last_modified_time": 1519383616259, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get VPCs that belong to this Group

Get VPCs that belong to this Group
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/vpcs

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/vpcs

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/vpcs

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/members/vpcs?enforcement_point_path=/infra/sites/default/enforcement-points/default Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyGroupMembersListResult+

Example Response: { "results": [ { "id": "vpc-1", "display_name": "vpc-1", "path": "/orgs/default/projects/project-1/vpcs/vpc-1" } ], "result_count": 1, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get effective VMs for the Group (Deprecated)

Get the effective VM membership for the Group. This API also gives some VM
details such as VM name, IDs and the current state of the VMs.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/statistics/virtual-machines

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/statistics/virtual-machines

Request Headers:

n/a

Query Parameters:

RealizedVirtualMachineListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/statistics/virtual-machines?enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

RealizedVirtualMachineListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "RealizedVirtualMachine", "id": "564de333-15ac-de52-da90-974fe099a17b", "display_name": "1-vm_ubuntu_1404_srv_64-local-586-bb9bbaf4-7f29-4e7a-9216-ef33890bf081", "path": "/infra/realized-state/enforcement-points/nsx-1/virtual-machines/564de333-15ac-de52-da90-974fe099a17b", "parent_path": "/infra/realized-state/enforcement-points/nsx-1", "relative_path": "564de333-15ac-de52-da90-974fe099a17b", "intent_reference": [], "realization_specific_identifier": "564de333-15ac-de52-da90-974fe099a17b", "alarms": [], "state": "REALIZED", "runtime_status": "UNKNOWN", "compute_ids": [ "moIdOnHost:1", "hostLocalId:1", "locationId:564de333-15ac-de52-da90-974fe099a17b", "instanceUuid:bb9bbaf4-7f29-4e7a-9216-ef33890bf081", "externalId:564de333-15ac-de52-da90-974fe099a17b", "biosUuid:564de333-15ac-de52-da90-974fe099a17b" ], "power_state": "vm_running", "_create_user": "system", "_create_time": 1519383616259, "_last_modified_user": "system", "_last_modified_time": 1519383616259, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get tags used to define conditions inside a Group

Get tags used to define conditions inside a Group. Also
includes tags inside nested groups.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/tags

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/tags

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/tags

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/d1/groups/g1/tags Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

GroupTagsList+

Example Response: { "result_count": 2, "results": [ { "member_type" : "IPSet", "tags" : [ "Web", "DB", "App" ] }, { "member_type" : "VirtualMachine", "tags" : [ "Linux", "Windows", "Mac" ] } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get groups for which the given object is a member

Get policy groups for which the given object is a member.
In Federation environment, if the given object is a global entity
(eg: global segment) and if the entity is not stretched to the site
specified in the enforcement_point_path parameter,then the following is returned:-
1)If the entity is a member of any global group and that group is stretched
to the enforcement_point_path site,then the API returns an empty list.
2)If the entity is not a member of any global group,this API returns
an 'invalid path' error message.
3)If both the entity and its corresponding groups are stretched to the
enforcement_point_path site , then the API returns the groups list.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/group-associations

/policy/api/v1/global-infra/group-associations

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/group-associations

Request Headers:

n/a

Query Parameters:

IntentEnforcementPointListRequestParams+

IntentEnforcementPointListRequestParams (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
intent_path	String path of the intent object	string	Required
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/group-associations?intent_path=/infra/segment/s1&enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyResourceReferenceForEPListResult+

Example Response: { "result_count": 2, "results": [ { { "path" : "/infra/domains/domain1/groups/g1", "target_id" : "g1", "target_display_name" : "group-1", "target_type" : "DOMAIN_GROUP", "is_valid" : "true", "owner_id": "4c5c5516-087a-47cd-9fba-a7669775d308", "origin_site_id": "4c5c5516-087a-47cd-9fba-a7669775d308" }, { "path" : "/infra/domains/domain1/groups/g2", "target_id" : "g2", "target_display_name" : "group-2", "target_type" : "DOMAIN_GROUP", "is_valid" : "true", "owner_id": "4c5c5516-087a-47cd-9fba-a7669775d308", "origin_site_id": "4c5c5516-087a-47cd-9fba-a7669775d308", } } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get groups for which the given Identity Group is a member

Get policy groups for which the given Identity Group is a member.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/identity-group-associations

Request Headers:

n/a

Query Parameters:

IdentityGroupAssociationRequestParams+

IdentityGroupAssociationRequestParams (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
identity_group_external_id	Identity Group external ID	string	Required
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/identity-group-associations?identity_group_external_id=564de333-15ac-de52-da90-974fe099a17b&enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyResourceReferenceForEPListResult+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get groups for which the given IP address is a member

Get policy groups for which the given IP address is a member.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/ip-address-group-associations

/policy/api/v1/global-infra/ip-address-group-associations

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/ip-address-group-associations

Request Headers:

n/a

Query Parameters:

IPAddressGroupAssociationRequestParams+

IPAddressGroupAssociationRequestParams (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
ip_address	IPAddress	string	Required
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/ip-address-group-associations?ip_address=10.1.19.10&enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyResourceReferenceForEPListResult+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get groups for which the given pod is a member

Get policy groups for which the given pod is a member.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/pod-group-associations

/policy/api/v1/global-infra/pod-group-associations

Request Headers:

n/a

Query Parameters:

ContainerApplicationInstanceGroupAssociationRequestParams+

ContainerApplicationInstanceGroupAssociationRequestParams (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
pod_id	ContainerApplicationInstance	string	Required
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/pod-group-associations?pod_id=64dde333-15ac-de52-da90-974de459a17b&enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyResourceReferenceForEPListResult+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get groups for which the given VM is a member

Get policy groups for which the given VM is a member.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/virtual-machine-group-associations

/policy/api/v1/global-infra/virtual-machine-group-associations

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/virtual-machine-group-associations

Request Headers:

n/a

Query Parameters:

VMGroupAssociationRequestParams+

VMGroupAssociationRequestParams (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
vm_external_id	Virtual machine external ID	string	Required

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/virtual-machine-group-associations?vm_external_id=564de333-15ac-de52-da90-974fe099a17b&enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyResourceReferenceForEPListResult+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get groups for which the given VIF is a member

Get policy groups for which the given VIF is a member.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/virtual-network-interface-group-associations

/policy/api/v1/global-infra/virtual-network-interface-group-associations

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/virtual-network-interface-group-associations

Request Headers:

n/a

Query Parameters:

VIFGroupAssociationRequestParams+

VIFGroupAssociationRequestParams (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
vif_external_id	Virtual network interface external ID	string	Required

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/virtual-network-interface-group-associations?vif_external_id=564de333-15ac-de52-da90-974fe099a17b&enforcement_point_path=/infra/sites/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyResourceReferenceForEPListResult+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Inventory: Groups

Associated URIs:

GET /policy/api/v1/infra/domains/{domain-id}/groups
GET /policy/api/v1/global-infra/domains/{domain-id}/groups
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups
DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}
PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}
PUT /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}
DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}
PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}
POST /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}
DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}
PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}
POST /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}
DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}
PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}
POST /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/member-types
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/member-types
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/member-types
DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}
PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}
POST /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}

List Groups for a domain

List Groups for a domain. Groups can be filtered using member_types query parameter,
which returns the groups that contains the specified member types. Multiple member types
can be provided as comma separated values. The API also return groups having member
type that are subset of provided member_types.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups

/policy/api/v1/global-infra/domains/{domain-id}/groups

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups

Request Headers:

n/a

Query Parameters:

GroupListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

GroupListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "Group", "description": "web group", "id": "webgroup", "display_name": "web group", "path": "/infra/domains/vmc/groups/webgroup", "parent_path": "/infra/domains/vmc", "relative_path": "webgroup", "expression": [ { "resource_type": "Condition", "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "_protection": "NOT_PROTECTED" } ], "_create_user": "admin", "_create_time": 1517308749250, "_last_modified_user": "admin", "_last_modified_time": 1517308749250, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Patch a group

If a group with the group-id is not already present, create a new group.
If it already exists, patch the group.
Group created with Kubernetes membership criteria includes only Antrea reported inventory as its members.
Once created, Groups with Identity (Directory) Group members should be updated with the new Distinguished Name in case it is changed on AD Server.
Maximum of 500 malicious IP Groups (i.e Group with criteria having IPAddress equals All MALICIOUS_IP) should be created.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

Group+

Group (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildDnsSecurityProfileBindingMap ChildGroupDiscoveryProfileBindingMap ChildGroupMonitoringProfileBindingMap ChildPolicyFirewallFloodProtectionProfileBindingMap ChildPolicyFirewallSessionTimerProfileBindingMap
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
expression	Expression The expression list must follow below criteria: 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all non-conjunction expressions must be at even indices, separated by a conjunction expression at odd indices. 2. The total of ConditionExpression and NestedExpression in a list should not exceed 5. 3. The total of IPAddressExpression, MACAddressExpression, external IDs in an ExternalIDExpression and paths in a PathExpression must not exceed the defined Config Max limit for the form-factor of Manager nodes. 4. Each expression must be a valid Expression. See the definition of the Expression type for more information.	array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GeoLocationExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression
extended_expression	Extended Expression Extended Expression allows additional higher level context to be specified for grouping criteria. (e.g. user AD group) This field allow users to specified user context as the source of a firewall rule for IDFW feature. Current version only support a single IdentityGroupExpression. In the future, this might expand to support other conjunction and non-conjunction expression. The extended expression list must follow below criteria: 1. Contains a single IdentityGroupExpression. No conjunction expression is supported. 2. No other non-conjunction expression is supported, except for IdentityGroupExpression. 3. Each expression must be a valid Expression. See the definition of the Expression type for more information. 4. Extended expression are implicitly AND with expression. 5. No nesting can be supported if this value is used. 6. If a Group is using extended expression, this group must be the only member in the source field of an communication map.	array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GeoLocationExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression	Maximum items: 1
group_type	Indicates the group type. Group type can be specified during create and update of a group. Empty group type indicates a 'generic' group, ie group can include any entity from the valid GroupMemberType.	array of GroupTypes	Maximum items: 1
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
reference	Indicates if the group is a reference. If true, indicates that this is a remote reference group. Such group will have span different from the its parent domain. Default value is false.	boolean	Readonly Default: "False"
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Group	string
state	Realization state of this group This field is no longer supported in this API. To get the realized status of the Group use the realized-state API.	string	Deprecated Readonly Enum: IN_PROGRESS, SUCCESS, FAILURE
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup { "expression": [ { "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "resource_type": "Condition" } ], "description": "web group", "display_name": "web group" } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or update a group

If a group with the group-id is not already present, create a new group.
If it already exists, update the group.
Avoid creating groups with multiple MACAddressExpression and IPAddressExpression.
In future releases, group will be restricted to contain a single
MACAddressExpression and IPAddressExpression along with other expressions.
To group IPAddresses or MACAddresses, use nested groups instead of multiple
IPAddressExpressions/MACAddressExpression.
Group created with Kubernetes membership criteria includes only Antrea reported inventory as its members.
Once created, Groups with Identity (Directory) Group members should be updated with the new Distinguished Name in case it is changed on AD Server.
Maximum of 500 malicious IP Groups (i.e Group with criteria having IPAddress equals All MALICIOUS_IP) should be created.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

Group+

Group (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildDnsSecurityProfileBindingMap ChildGroupDiscoveryProfileBindingMap ChildGroupMonitoringProfileBindingMap ChildPolicyFirewallFloodProtectionProfileBindingMap ChildPolicyFirewallSessionTimerProfileBindingMap
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
expression	Expression The expression list must follow below criteria: 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all non-conjunction expressions must be at even indices, separated by a conjunction expression at odd indices. 2. The total of ConditionExpression and NestedExpression in a list should not exceed 5. 3. The total of IPAddressExpression, MACAddressExpression, external IDs in an ExternalIDExpression and paths in a PathExpression must not exceed the defined Config Max limit for the form-factor of Manager nodes. 4. Each expression must be a valid Expression. See the definition of the Expression type for more information.	array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GeoLocationExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression
extended_expression	Extended Expression Extended Expression allows additional higher level context to be specified for grouping criteria. (e.g. user AD group) This field allow users to specified user context as the source of a firewall rule for IDFW feature. Current version only support a single IdentityGroupExpression. In the future, this might expand to support other conjunction and non-conjunction expression. The extended expression list must follow below criteria: 1. Contains a single IdentityGroupExpression. No conjunction expression is supported. 2. No other non-conjunction expression is supported, except for IdentityGroupExpression. 3. Each expression must be a valid Expression. See the definition of the Expression type for more information. 4. Extended expression are implicitly AND with expression. 5. No nesting can be supported if this value is used. 6. If a Group is using extended expression, this group must be the only member in the source field of an communication map.	array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GeoLocationExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression	Maximum items: 1
group_type	Indicates the group type. Group type can be specified during create and update of a group. Empty group type indicates a 'generic' group, ie group can include any entity from the valid GroupMemberType.	array of GroupTypes	Maximum items: 1
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
reference	Indicates if the group is a reference. If true, indicates that this is a remote reference group. Such group will have span different from the its parent domain. Default value is false.	boolean	Readonly Default: "False"
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Group	string
state	Realization state of this group This field is no longer supported in this API. To get the realized status of the Group use the realized-state API.	string	Deprecated Readonly Enum: IN_PROGRESS, SUCCESS, FAILURE
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup { "expression": [ { "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "resource_type": "Condition" } ], "description": "web group", "display_name": "web group", "_revision":0 } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

Group+

Group (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildDnsSecurityProfileBindingMap ChildGroupDiscoveryProfileBindingMap ChildGroupMonitoringProfileBindingMap ChildPolicyFirewallFloodProtectionProfileBindingMap ChildPolicyFirewallSessionTimerProfileBindingMap
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
expression	Expression The expression list must follow below criteria: 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all non-conjunction expressions must be at even indices, separated by a conjunction expression at odd indices. 2. The total of ConditionExpression and NestedExpression in a list should not exceed 5. 3. The total of IPAddressExpression, MACAddressExpression, external IDs in an ExternalIDExpression and paths in a PathExpression must not exceed the defined Config Max limit for the form-factor of Manager nodes. 4. Each expression must be a valid Expression. See the definition of the Expression type for more information.	array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GeoLocationExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression
extended_expression	Extended Expression Extended Expression allows additional higher level context to be specified for grouping criteria. (e.g. user AD group) This field allow users to specified user context as the source of a firewall rule for IDFW feature. Current version only support a single IdentityGroupExpression. In the future, this might expand to support other conjunction and non-conjunction expression. The extended expression list must follow below criteria: 1. Contains a single IdentityGroupExpression. No conjunction expression is supported. 2. No other non-conjunction expression is supported, except for IdentityGroupExpression. 3. Each expression must be a valid Expression. See the definition of the Expression type for more information. 4. Extended expression are implicitly AND with expression. 5. No nesting can be supported if this value is used. 6. If a Group is using extended expression, this group must be the only member in the source field of an communication map.	array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GeoLocationExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression	Maximum items: 1
group_type	Indicates the group type. Group type can be specified during create and update of a group. Empty group type indicates a 'generic' group, ie group can include any entity from the valid GroupMemberType.	array of GroupTypes	Maximum items: 1
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
reference	Indicates if the group is a reference. If true, indicates that this is a remote reference group. Such group will have span different from the its parent domain. Default value is false.	boolean	Readonly Default: "False"
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Group	string
state	Realization state of this group This field is no longer supported in this API. To get the realized status of the Group use the realized-state API.	string	Deprecated Readonly Enum: IN_PROGRESS, SUCCESS, FAILURE
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "Group", "description": "web group", "id": "webgroup", "display_name": "web group", "path": "/infra/domains/vmc/groups/webgroup", "parent_path": "/infra/domains/vmc", "relative_path": "webgroup", "expression": [ { "resource_type": "Condition", "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "_protection": "NOT_PROTECTED" } ], "_create_user": "admin", "_create_time": 1517308749250, "_last_modified_user": "admin", "_last_modified_time": 1517308749250, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Read group

Read group Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

Group+

Group (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildDnsSecurityProfileBindingMap ChildGroupDiscoveryProfileBindingMap ChildGroupMonitoringProfileBindingMap ChildPolicyFirewallFloodProtectionProfileBindingMap ChildPolicyFirewallSessionTimerProfileBindingMap
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
expression	Expression The expression list must follow below criteria: 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all non-conjunction expressions must be at even indices, separated by a conjunction expression at odd indices. 2. The total of ConditionExpression and NestedExpression in a list should not exceed 5. 3. The total of IPAddressExpression, MACAddressExpression, external IDs in an ExternalIDExpression and paths in a PathExpression must not exceed the defined Config Max limit for the form-factor of Manager nodes. 4. Each expression must be a valid Expression. See the definition of the Expression type for more information.	array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GeoLocationExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression
extended_expression	Extended Expression Extended Expression allows additional higher level context to be specified for grouping criteria. (e.g. user AD group) This field allow users to specified user context as the source of a firewall rule for IDFW feature. Current version only support a single IdentityGroupExpression. In the future, this might expand to support other conjunction and non-conjunction expression. The extended expression list must follow below criteria: 1. Contains a single IdentityGroupExpression. No conjunction expression is supported. 2. No other non-conjunction expression is supported, except for IdentityGroupExpression. 3. Each expression must be a valid Expression. See the definition of the Expression type for more information. 4. Extended expression are implicitly AND with expression. 5. No nesting can be supported if this value is used. 6. If a Group is using extended expression, this group must be the only member in the source field of an communication map.	array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GeoLocationExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression	Maximum items: 1
group_type	Indicates the group type. Group type can be specified during create and update of a group. Empty group type indicates a 'generic' group, ie group can include any entity from the valid GroupMemberType.	array of GroupTypes	Maximum items: 1
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
reference	Indicates if the group is a reference. If true, indicates that this is a remote reference group. Such group will have span different from the its parent domain. Default value is false.	boolean	Readonly Default: "False"
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Group	string
state	Realization state of this group This field is no longer supported in this API. To get the realized status of the Group use the realized-state API.	string	Deprecated Readonly Enum: IN_PROGRESS, SUCCESS, FAILURE
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete Group

Delete the group with group_id under domain domain_id. The force query parameter supported on the
API is deprecated. Usage of the force query parameter does not alter the behaviour of the API. The
API just ignores the force parameter.
Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}

Request Headers:

n/a

Query Parameters:

GroupDeleteRequestParameters+

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Patch a group external ID expression

If a group ExternalIDexpression with the expression-id is not already present, create a new ExternalIDexpresison.
If it already exists, replace the existing ExternalIDexpression.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

ExternalIDExpression+

ExternalIDExpression (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
external_ids	Array of external IDs for the specified member type This array can consist of one or more external IDs for the specified member type.	array of string	Required Minimum items: 1
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
member_type	External ID member type	string	Required Enum: VirtualMachine, VirtualNetworkInterface, CloudNativeServiceInstance, BareMetalServer, BareMetalServerInterface
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ExternalIDExpression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup/external-id-expressions/exp1 { "member_type": "VirtualMachine", "external_ids": [ "00989582-0920-459e-a8a6-ebf65a140aa9" ], "resource_type": "ExternalIDExpression", "id": "exp1" } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete Group External ID Expression

Delete Group External ID Expression Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup/external-id-expressions/exp1 Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Add or Remove external id based members from/to a Group

It will add or remove the specified members having external ID for a given expression of a group.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}

Request Headers:

n/a

Query Parameters:

GroupMemberActionParameters+

Request Body:

GroupMemberList+

Example Request: ## For adding external id based members to a Group POST /infra/domains/default/groups/VMGroup/external-id-expressions/vmexp?action=add { "members": [ "527ef6f5-0fea-b910-1efb-0991e41e44cd", "527ef6f5-0fea-b910-1efb-0991e41e44ce" ] } ## For removing external id based members from a Group POST /infra/domains/default/groups/VMGroup/external-id-expressions/vmexp?action=remove { "members": [ "527ef6f5-0fea-b910-1efb-0991e41e44cd", "527ef6f5-0fea-b910-1efb-0991e41e44ce" ] } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Patch a group IP Address expression

If a group IPAddressExpression with the expression-id is not already present, create a new IPAddressExpression.
If it already exists, replace the existing IPAddressExpression.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

IPAddressExpression+

IPAddressExpression (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_addresses	Array of IP addresses This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64". The max limit for number of IP addresses applies across all expressions in a group. Please refer to Config Max limits specification document for a given environment.	array of IPElement	Required Minimum items: 1 Maximum items: 25000
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPAddressExpression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup/ip-address-expressions/exp1 { "ip_addresses": [ "10.110.9.21", "10.112.9.22" ], "resource_type": "IPAddressExpression", "id" : "exp1" } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete Group IPAddressExpression

Delete Group IPAddressExpression Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup/ip-address-expressions/exp1 Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Add or Remove IP Addresses from/to a Group

It will add or remove the specified IP Addresses from a given expression of a group.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}

Request Headers:

n/a

Query Parameters:

GroupMemberActionParameters+

Request Body:

IPAddressList+

Example Request: ## For adding ip addresses to a Group POST /infra/domains/default/groups/IPGroup/ip-address-expressions/ipaddressexp?action=add { "ip_addresses": [ "10.110.9.4-10.110.9.10", "10.110.9.3/24" ] } ## For removing ip addresses from a Group POST /infra/domains/default/groups/IPGroup/ip-address-expressions/ipaddressexp?action=remove { "ip_addresses": [ "10.110.9.4-10.110.9.10", "10.110.9.3/24" ] } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Patch a group MAC Address expression

If a group MACAddressExpression with the expression-id is not already present, create a new MACAddressExpression.
If it already exists, replace the existing MACAddressExpression.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

MACAddressExpression+

MACAddressExpression (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mac_addresses	Array of MAC addresses This array can consist of one or more MAC addresses. Max limit of 4000 MAC addresses applies across all the expressions.	array of MACAddress	Required Minimum items: 1 Maximum items: 4000
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value MACAddressExpression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup/mac-address-expressions/exp1 { "mac_addresses": [ "00:0a:95:9d:68:21", "00:0a:95:9d:68:22" ], "resource_type": "MACAddressExpression", "id" : "exp1" } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete Group MACAddressExpression

Delete Group MACAddressExpression Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup/mac-address-expressions/exp1 Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Add or Remove MAC Addresses from/to a Group

It will add or remove the specified MAC Addresses from a given expression of a group.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}

Request Headers:

n/a

Query Parameters:

GroupMemberActionParameters+

Request Body:

MACAddressList+

Example Request: ## For adding mac addresses to a Group POST /infra/domains/default/groups/MACGroup/mac-address-expressions/macaddressexp?action=add { "mac_addresses": [ "00:0a:95:9d:68:16", "00:0a:95:9d:68:17" ] } ## For removing mac addresses from a Group POST /infra/domains/default/groups/MACGroup/mac-address-expressions/macaddressexp?action=remove { "mac_addresses": [ "00:0a:95:9d:68:16", "00:0a:95:9d:68:17" ] } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get member types for a given Group

It retrieves member types for a given group. In case of nested groups, it calculates
member types of child groups as well. Considers member type for members added
via static members and dynamic membership criteria.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/member-types

/policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/member-types

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/member-types

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup/member-types Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

GroupMemberTypeListResult+

Example Response: { "resultCount": 1, "results" : ["VirtualMachine"] } Required Permissions: read Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Patch a group path expression

If a group path_expression with the expression-id is not already present, create a new pathexpresison.
If it already exists, replace the existing pathexpression.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

PathExpression+

PathExpression (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
paths	Array of policy paths This array can consist of one or more policy paths. Only policy paths of groups, segments and policy logical ports are allowed.	array of string	Required Minimum items: 1
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PathExpression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup/path-expression/exp1 { "paths": [ "/infra/domains/default/groups/childgroup8" ], "resource_type": "PathExpression", "id": "exp1" } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete Group Path Expression

Delete Group Path Expression Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup/path-expressions/exp1 Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Add or Remove path based members from/to a Group

It will add or remove the specified members having path for a given expression of a group.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}

Request Headers:

n/a

Query Parameters:

GroupMemberActionParameters+

Request Body:

GroupMemberList+

Example Request: ## For adding path based members to a Group POST /infra/domains/default/groups/NestedGroup/path-expressions/pathexp?action=add { "members": [ "/infra/domains/default/groups/GroupTag", "/infra/domains/default/groups/VMGroup" ] } ## For removing path based members from a Group POST /infra/domains/default/groups/NestedGroup/path-expressions/pathexp?action=remove { "members": [ "/infra/domains/default/groups/GroupTag", "/infra/domains/default/groups/VMGroup" ] } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_grouping Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Inventory: L7 Access Profiles

Associated URIs:

GET /policy/api/v1/infra/l7-access-profiles
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles
DELETE /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}
GET /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}
PATCH /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}
PUT /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}
GET /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries
DELETE /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}
GET /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}
PATCH /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}
PUT /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}
GET /policy/api/v1/infra/l7-access-profiles/attributes
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/attributes
GET /policy/api/v1/infra/static-mime-contents
DELETE /policy/api/v1/infra/static-mime-contents/{static-mime-content-id}
GET /policy/api/v1/infra/static-mime-contents/{static-mime-content-id}
PATCH /policy/api/v1/infra/static-mime-contents/{static-mime-content-id}
PUT /policy/api/v1/infra/static-mime-contents/{static-mime-content-id}

List l7 access Profiles

API will list all l7 access Profiles Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/l7-access-profiles

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles

Request Headers:

n/a

Query Parameters:

L7AccessProfileListRequestParameters+

L7AccessProfileListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
has_unsupported_app_ids	Filter by unsupported App IDs If true, returns only L7 access profiles that contain unsupported App IDs. If false, returns only L7 access profiles with supported App IDs. If not specified, returns all L7 access profiles regardless of App ID status.	boolean
include_entry_count	Include the count of entries in L7 Profile If true, populate the entry_count field with the count of rules in the particular policy. By default, entry_count will not be populated.	boolean	Default: "False"
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/l7-access-profiles Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

L7AccessProfileListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "l7_access_entries": [ { "sequence_number": 100, "attributes": [ { "key": "APP_ID", "value": [ "SSL" ], "datatype": "STRING", "sub_attributes": [ { "key": "TLS_VERSION", "value": [ "TLS_V13" ], "datatype": "STRING" }, { "key": "TLS_CIPHER_SUITE", "value": [ "TLS_RSA_EXPORT_WITH_RC4_40_MD5" ], "datatype": "STRING" } ], "attribute_source": "SYSTEM" } ], "action": "ALLOW", "logged": true, "disabled": false, "resource_type": "L7AccessEntry", "id": "entry_0", "display_name": "entry_0", "path": "/infra/l7-access-profiles/profile-1/entries/entry_0", "relative_path": "entry_0", "parent_path": "/infra/l7-access-profiles/profile-1", "unique_id": "6403f261-02fd-42ec-ac1f-4f6fb59f42a6", "realization_id": "6403f261-02fd-42ec-ac1f-4f6fb59f42a6", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431167, "_last_modified_user": "admin", "_last_modified_time": 1631900431167, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "sequence_number": 101, "attributes": [ { "key": "CUSTOM_URL", "value": [ "*.cisco.com", "www.google.com" ], "datatype": "STRING", "attribute_source": "SYSTEM" } ], "action": "ALLOW", "logged": false, "disabled": false, "resource_type": "L7AccessEntry", "id": "entry_1", "display_name": "entry_1", "path": "/infra/l7-access-profiles/profile-1/entries/entry_1", "relative_path": "entry_1", "parent_path": "/infra/l7-access-profiles/profile-1", "unique_id": "f098b0c9-65ba-42ae-8798-19a4f4515447", "realization_id": "f098b0c9-65ba-42ae-8798-19a4f4515447", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431168, "_last_modified_user": "admin", "_last_modified_time": 1631900431168, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "sequence_number": 102, "attributes": [ { "key": "URL_CATEGORY", "value": [ "Auctions", "Abused Drugs" ], "datatype": "STRING", "attribute_source": "SYSTEM" } ], "action": "REJECT", "logged": true, "disabled": false, "resource_type": "L7AccessEntry", "id": "entry_2", "display_name": "entry_2", "path": "/infra/l7-access-profiles/profile-1/entries/entry_2", "relative_path": "entry_2", "parent_path": "/infra/l7-access-profiles/profile-1", "unique_id": "7653be14-abe3-49d6-92bb-3f68303c6049", "realization_id": "7653be14-abe3-49d6-92bb-3f68303c6049", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431169, "_last_modified_user": "admin", "_last_modified_time": 1631900431169, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "sequence_number": 103, "attributes": [ { "key": "URL_REPUTATION", "value": [ "Suspicious" ], "datatype": "STRING", "attribute_source": "SYSTEM" } ], "action": "REJECT_WITH_RESPONSE", "logged": true, "disabled": false, "resource_type": "L7AccessEntry", "id": "entry_3", "display_name": "entry_3", "path": "/infra/l7-access-profiles/profile-1/entries/entry_3", "relative_path": "entry_3", "parent_path": "/infra/l7-access-profiles/profile-1", "unique_id": "e099255b-ce22-4dd4-9e4c-73520ab54870", "realization_id": "e099255b-ce22-4dd4-9e4c-73520ab54870", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431171, "_last_modified_user": "admin", "_last_modified_time": 1631900431171, "_protection": "NOT_PROTECTED", "_revision": 0 } ], "user_response_message": "", "default_action": "REJECT", "default_action_logged": false, "resource_type": "L7AccessProfile", "id": "profile-1", "display_name": "profile-1", "description": "Test Policy L7 Access Profile", "path": "/infra/l7-access-profiles/profile-1", "relative_path": "profile-1", "parent_path": "/infra", "unique_id": "ec0e9217-56a5-443c-997e-f73a75e0e2db", "realization_id": "ec0e9217-56a5-443c-997e-f73a75e0e2db", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431163, "_last_modified_user": "admin", "_last_modified_time": 1631900431163, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_security_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or update L7 Access Profile

API will create/update L7 Access Profile Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

L7AccessProfile+

L7AccessProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildL7AccessEntry
default_action		L7AccessEntryAction	Required
default_action_logged	Enable default logging flag Flag to activate packet logging. Default is deactivated.	boolean	Default: "False"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
entry_count	Entry count The count of entries in the L7 profile.	int	Readonly
id	Unique identifier of this resource	string	Sortable
l7_access_entries	Array of Policy L7 Access Profile entries Property containing L7 access entries for Policy L7 Access Profile.	array of L7AccessEntry	Maximum items: 1000
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L7AccessProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<nsx-mgr>/policy/api/v1/infra/l7-access-profiles/profile-1 { "resource_type": "L7AccessProfile", "display_name": "profile-1", "description":"Test Policy L7 Access Profile", "l7_access_entries": [ { "display_name": "entry_0", "sequence_number": 100, "attributes":[ { "key":"APP_ID", "value":[ "SSL" ], "datatype":"STRING", "sub_attributes":[ { "key":"TLS_VERSION", "value": [ "TLS_V13" ], "datatype":"STRING" }, { "key":"TLS_CIPHER_SUITE", "value": [ "TLS_RSA_EXPORT_WITH_RC4_40_MD5" ], "datatype":"STRING" } ], "attribute_source": "SYSTEM" } ], "action": "ALLOW", "logged" : true }, { "display_name": "entry_1", "sequence_number": 101, "attributes":[ { "key":"CUSTOM_URL", "value": [ "*.cisco.com", "www.google.com" ], "datatype":"STRING", "attribute_source": "CUSTOM" } ], "action": "ALLOW", "logged" : false }, { "display_name": "entry_2", "sequence_number": 102, "attributes":[ { "key":"URL_CATEGORY", "value": [ "Auctions", "Abused Drugs" ], "datatype":"STRING", "attribute_source": "SYSTEM" } ], "action": "REJECT", "logged" : true }, { "display_name": "entry_3", "sequence_number": 103, "attributes":[ { "key":"URL_REPUTATION", "value": [ "Suspicious" ], "datatype":"STRING", "attribute_source": "SYSTEM" } ], "action": "REJECT_WITH_RESPONSE", "logged" : true } ], "default_action": "REJECT" } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

L7AccessProfile+

L7AccessProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildL7AccessEntry
default_action		L7AccessEntryAction	Required
default_action_logged	Enable default logging flag Flag to activate packet logging. Default is deactivated.	boolean	Default: "False"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
entry_count	Entry count The count of entries in the L7 profile.	int	Readonly
id	Unique identifier of this resource	string	Sortable
l7_access_entries	Array of Policy L7 Access Profile entries Property containing L7 access entries for Policy L7 Access Profile.	array of L7AccessEntry	Maximum items: 1000
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L7AccessProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "l7_access_entries": [ { "sequence_number": 100, "attributes": [ { "key": "APP_ID", "value": [ "SSL" ], "datatype": "STRING", "sub_attributes": [ { "key": "TLS_VERSION", "value": [ "TLS_V13" ], "datatype": "STRING" }, { "key": "TLS_CIPHER_SUITE", "value": [ "TLS_RSA_EXPORT_WITH_RC4_40_MD5" ], "datatype": "STRING" } ], "attribute_source": "SYSTEM" } ], "action": "ALLOW", "logged": true, "disabled": false, "resource_type": "L7AccessEntry", "id": "entry_0", "display_name": "entry_0", "path": "/infra/l7-access-profiles/profile-1/entries/entry_0", "relative_path": "entry_0", "parent_path": "/infra/l7-access-profiles/profile-1", "unique_id": "6403f261-02fd-42ec-ac1f-4f6fb59f42a6", "realization_id": "6403f261-02fd-42ec-ac1f-4f6fb59f42a6", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431167, "_last_modified_user": "admin", "_last_modified_time": 1631900431167, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "sequence_number": 101, "attributes": [ { "key": "CUSTOM_URL", "value": [ "*.cisco.com", "www.google.com" ], "datatype": "STRING", "attribute_source": "SYSTEM" } ], "action": "ALLOW", "logged": false, "disabled": false, "resource_type": "L7AccessEntry", "id": "entry_1", "display_name": "entry_1", "path": "/infra/l7-access-profiles/profile-1/entries/entry_1", "relative_path": "entry_1", "parent_path": "/infra/l7-access-profiles/profile-1", "unique_id": "f098b0c9-65ba-42ae-8798-19a4f4515447", "realization_id": "f098b0c9-65ba-42ae-8798-19a4f4515447", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431168, "_last_modified_user": "admin", "_last_modified_time": 1631900431168, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "sequence_number": 102, "attributes": [ { "key": "URL_CATEGORY", "value": [ "Auctions", "Abused Drugs" ], "datatype": "STRING", "attribute_source": "SYSTEM" } ], "action": "REJECT", "logged": true, "disabled": false, "resource_type": "L7AccessEntry", "id": "entry_2", "display_name": "entry_2", "path": "/infra/l7-access-profiles/profile-1/entries/entry_2", "relative_path": "entry_2", "parent_path": "/infra/l7-access-profiles/profile-1", "unique_id": "7653be14-abe3-49d6-92bb-3f68303c6049", "realization_id": "7653be14-abe3-49d6-92bb-3f68303c6049", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431169, "_last_modified_user": "admin", "_last_modified_time": 1631900431169, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "sequence_number": 103, "attributes": [ { "key": "URL_REPUTATION", "value": [ "Suspicious" ], "datatype": "STRING", "attribute_source": "SYSTEM" } ], "action": "REJECT_WITH_RESPONSE", "logged": true, "disabled": false, "resource_type": "L7AccessEntry", "id": "entry_3", "display_name": "entry_3", "path": "/infra/l7-access-profiles/profile-1/entries/entry_3", "relative_path": "entry_3", "parent_path": "/infra/l7-access-profiles/profile-1", "unique_id": "e099255b-ce22-4dd4-9e4c-73520ab54870", "realization_id": "e099255b-ce22-4dd4-9e4c-73520ab54870", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431171, "_last_modified_user": "admin", "_last_modified_time": 1631900431171, "_protection": "NOT_PROTECTED", "_revision": 0 } ], "user_response_message": "", "default_action": "REJECT", "default_action_logged": false, "resource_type": "L7AccessProfile", "id": "profile-1", "display_name": "profile-1", "description": "Test Policy L7 Access Profile", "path": "/infra/l7-access-profiles/profile-1", "relative_path": "profile-1", "parent_path": "/infra", "unique_id": "ec0e9217-56a5-443c-997e-f73a75e0e2db", "realization_id": "ec0e9217-56a5-443c-997e-f73a75e0e2db", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431163, "_last_modified_user": "admin", "_last_modified_time": 1631900431163, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_security_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Update L7 Access Profile

API will update L7 Access Profile Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

L7AccessProfile+

L7AccessProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildL7AccessEntry
default_action		L7AccessEntryAction	Required
default_action_logged	Enable default logging flag Flag to activate packet logging. Default is deactivated.	boolean	Default: "False"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
entry_count	Entry count The count of entries in the L7 profile.	int	Readonly
id	Unique identifier of this resource	string	Sortable
l7_access_entries	Array of Policy L7 Access Profile entries Property containing L7 access entries for Policy L7 Access Profile.	array of L7AccessEntry	Maximum items: 1000
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L7AccessProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<nsx-mgr>/policy/api/v1/infra/l7-access-profiles/profile-1 { "resource_type": "L7AccessProfile", "display_name": "profile-1", "description":"Test Policy L7 Access Profile", "l7_access_entries": [ { "display_name": "entry_0", "sequence_number": 100, "attributes":[ { "key":"APP_ID", "value":[ "SSL" ], "datatype":"STRING", "sub_attributes":[ { "key":"TLS_VERSION", "value": [ "TLS_V13" ], "datatype":"STRING" }, { "key":"TLS_CIPHER_SUITE", "value": [ "TLS_RSA_EXPORT_WITH_RC4_40_MD5" ], "datatype":"STRING" } ], "attribute_source": "SYSTEM" } ], "action": "ALLOW", "logged" : true }, { "display_name": "entry_1", "sequence_number": 101, "attributes":[ { "key":"CUSTOM_URL", "value": [ "*.cisco.com", "www.google.com" ], "datatype":"STRING", "attribute_source": "CUSTOM" } ], "action": "ALLOW", "logged" : false }, { "display_name": "entry_2", "sequence_number": 102, "attributes":[ { "key":"URL_CATEGORY", "value": [ "Auctions", "Abused Drugs" ], "datatype":"STRING", "attribute_source": "SYSTEM" } ], "action": "REJECT", "logged" : true }, { "display_name": "entry_3", "sequence_number": 103, "attributes":[ { "key":"URL_REPUTATION", "value": [ "Suspicious" ], "datatype":"STRING", "attribute_source": "SYSTEM" } ], "action": "REJECT_WITH_RESPONSE", "logged" : true } ], "default_action": "REJECT" } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

L7AccessProfile+

L7AccessProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildL7AccessEntry
default_action		L7AccessEntryAction	Required
default_action_logged	Enable default logging flag Flag to activate packet logging. Default is deactivated.	boolean	Default: "False"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
entry_count	Entry count The count of entries in the L7 profile.	int	Readonly
id	Unique identifier of this resource	string	Sortable
l7_access_entries	Array of Policy L7 Access Profile entries Property containing L7 access entries for Policy L7 Access Profile.	array of L7AccessEntry	Maximum items: 1000
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L7AccessProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete L7 Access Profile

API will delete L7 Access Profile Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

n/a

Example Request: DELETE https://<nsx-mgr>/policy/api/v1/infra/l7-access-profiles/profile-1 Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_security_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get L7 Access Profile

API will get L7 Access Profile Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/policy/api/v1/infra/l7-access-profiles/profile-1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

L7AccessProfile+

L7AccessProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildL7AccessEntry
default_action		L7AccessEntryAction	Required
default_action_logged	Enable default logging flag Flag to activate packet logging. Default is deactivated.	boolean	Default: "False"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
entry_count	Entry count The count of entries in the L7 profile.	int	Readonly
id	Unique identifier of this resource	string	Sortable
l7_access_entries	Array of Policy L7 Access Profile entries Property containing L7 access entries for Policy L7 Access Profile.	array of L7AccessEntry	Maximum items: 1000
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L7AccessProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "l7_access_entries": [ { "sequence_number": 100, "attributes": [ { "key": "APP_ID", "value": [ "SSL" ], "datatype": "STRING", "sub_attributes": [ { "key": "TLS_VERSION", "value": [ "TLS_V13" ], "datatype": "STRING" }, { "key": "TLS_CIPHER_SUITE", "value": [ "TLS_RSA_EXPORT_WITH_RC4_40_MD5" ], "datatype": "STRING" } ], "attribute_source": "SYSTEM" } ], "action": "ALLOW", "logged": true, "disabled": false, "resource_type": "L7AccessEntry", "id": "entry_0", "display_name": "entry_0", "path": "/infra/l7-access-profiles/profile-1/entries/entry_0", "relative_path": "entry_0", "parent_path": "/infra/l7-access-profiles/profile-1", "unique_id": "6403f261-02fd-42ec-ac1f-4f6fb59f42a6", "realization_id": "6403f261-02fd-42ec-ac1f-4f6fb59f42a6", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431167, "_last_modified_user": "admin", "_last_modified_time": 1631900431167, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "sequence_number": 101, "attributes": [ { "key": "CUSTOM_URL", "value": [ "*.cisco.com", "www.google.com" ], "datatype": "STRING", "attribute_source": "SYSTEM" } ], "action": "ALLOW", "logged": false, "disabled": false, "resource_type": "L7AccessEntry", "id": "entry_1", "display_name": "entry_1", "path": "/infra/l7-access-profiles/profile-1/entries/entry_1", "relative_path": "entry_1", "parent_path": "/infra/l7-access-profiles/profile-1", "unique_id": "f098b0c9-65ba-42ae-8798-19a4f4515447", "realization_id": "f098b0c9-65ba-42ae-8798-19a4f4515447", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431168, "_last_modified_user": "admin", "_last_modified_time": 1631900431168, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "sequence_number": 102, "attributes": [ { "key": "URL_CATEGORY", "value": [ "Auctions", "Abused Drugs" ], "datatype": "STRING", "attribute_source": "SYSTEM" } ], "action": "REJECT", "logged": true, "disabled": false, "resource_type": "L7AccessEntry", "id": "entry_2", "display_name": "entry_2", "path": "/infra/l7-access-profiles/profile-1/entries/entry_2", "relative_path": "entry_2", "parent_path": "/infra/l7-access-profiles/profile-1", "unique_id": "7653be14-abe3-49d6-92bb-3f68303c6049", "realization_id": "7653be14-abe3-49d6-92bb-3f68303c6049", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431169, "_last_modified_user": "admin", "_last_modified_time": 1631900431169, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "sequence_number": 103, "attributes": [ { "key": "URL_REPUTATION", "value": [ "Suspicious" ], "datatype": "STRING", "attribute_source": "SYSTEM" } ], "action": "REJECT_WITH_RESPONSE", "logged": true, "disabled": false, "resource_type": "L7AccessEntry", "id": "entry_3", "display_name": "entry_3", "path": "/infra/l7-access-profiles/profile-1/entries/entry_3", "relative_path": "entry_3", "parent_path": "/infra/l7-access-profiles/profile-1", "unique_id": "e099255b-ce22-4dd4-9e4c-73520ab54870", "realization_id": "e099255b-ce22-4dd4-9e4c-73520ab54870", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431171, "_last_modified_user": "admin", "_last_modified_time": 1631900431171, "_protection": "NOT_PROTECTED", "_revision": 0 } ], "user_response_message": "", "default_action": "REJECT", "default_action_logged": false, "resource_type": "L7AccessProfile", "id": "profile-1", "display_name": "profile-1", "description": "Test Policy L7 Access Profile", "path": "/infra/l7-access-profiles/profile-1", "relative_path": "profile-1", "parent_path": "/infra", "unique_id": "ec0e9217-56a5-443c-997e-f73a75e0e2db", "realization_id": "ec0e9217-56a5-443c-997e-f73a75e0e2db", "marked_for_delete": false, "overridden": false, "_system_owned": false, "_create_user": "admin", "_create_time": 1631900431163, "_last_modified_user": "admin", "_last_modified_time": 1631900431163, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: policy_security_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List l7 access profile entries

API will list all l7 access profiles entries Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries

Request Headers:

n/a

Query Parameters:

L7AccessEntryListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/l7-access-profiles/profile-1/entries Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

L7AccessEntryListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "L7AccessEntry", "id": "entry-1", "display_name": "entry-1", "description":"Test Policy L7 Access Profile entry", "path": "/infra/l7-access-profiles/profile-1/entries/entry-1" "relative_path": "entry-1", "marked_for_delete": false," "sequence_number": 101, "attributes":[ { "key":"CUSTOM_URL", "value": [ "*.cisco.com", "www.google.com" ], "datatype":"STRING", "attribute_source": "CUSTOM" } ], "action": "ALLOW", "logged" : false, "_create_user": "admin", "_create_time": 1516386404233, "_last_modified_user": "admin", "_last_modified_time": 1516431370604, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } ] } Required Permissions: read Feature: policy_security_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or update L7 Access Profile entry

API will create/update L7 Access Profile entry Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

L7AccessEntry+

L7AccessEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action		L7AccessEntryAction	Required
attributes	Array of Policy L7 Access Profile attributes Property containing attributes/sub-attributes for Policy L7 Access Profile. APP_ID, CUSTOM_URL, URL_CATEGORY, are system created attributes, and user can use below API to get list of valid attributes and values and consume them in L7AccessEntry: GET /policy/api/v1/infra/l7-access-profiles/attributes?attribute_source=ALL CUSTOM_URL attribute value must be created explicitly by the user using below API: POST /policy/api/v1/infra/context-profiles/custom-attributes/default?action=add	array of L7AccessAttributes	Required Maximum items: 1
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
disabled	Flag to deactivate the entry Flag to deactivate the entry. Default is activated.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
logged	Enable logging flag Flag to activate packet logging. Default is deactivated.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L7AccessEntry	string
sequence_number	Policy L7 Access Entry Order Determines the order of the entry in this profile. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic.	int
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<nsx-mgr>/policy/api/v1/infra/l7-access-profiles/profile-1/entries/entry-1 { "resource_type": "L7AccessEntry", "display_name": "entry-1", "description":"Test Policy L7 Access Profile entry", "sequence_number": 101, "attributes":[ { "key":"CUSTOM_URL", "value": [ "*.cisco.com", "www.google.com" ], "datatype":"STRING", "attribute_source": "CUSTOM" } ], "action": "ALLOW", "logged" : false } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

L7AccessEntry+

L7AccessEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action		L7AccessEntryAction	Required
attributes	Array of Policy L7 Access Profile attributes Property containing attributes/sub-attributes for Policy L7 Access Profile. APP_ID, CUSTOM_URL, URL_CATEGORY, are system created attributes, and user can use below API to get list of valid attributes and values and consume them in L7AccessEntry: GET /policy/api/v1/infra/l7-access-profiles/attributes?attribute_source=ALL CUSTOM_URL attribute value must be created explicitly by the user using below API: POST /policy/api/v1/infra/context-profiles/custom-attributes/default?action=add	array of L7AccessAttributes	Required Maximum items: 1
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
disabled	Flag to deactivate the entry Flag to deactivate the entry. Default is activated.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
logged	Enable logging flag Flag to activate packet logging. Default is deactivated.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L7AccessEntry	string
sequence_number	Policy L7 Access Entry Order Determines the order of the entry in this profile. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic.	int
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "L7AccessEntry", "id": "entry-1", "display_name": "entry-1", "description":"Test Policy L7 Access Profile entry", "path": "/infra/l7-access-profiles/profile-1/entries/entry-1" "relative_path": "entry-1", "marked_for_delete": false," "sequence_number": 101, "attributes":[ { "key":"CUSTOM_URL", "value": [ "*.cisco.com", "www.google.com" ], "datatype":"STRING", "attribute_source": "CUSTOM" } ], "action": "ALLOW", "logged" : false, "_create_user": "admin", "_create_time": 1516386404233, "_last_modified_user": "admin", "_last_modified_time": 1516431370604, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } Required Permissions: crud Feature: policy_security_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create L7 Access Profile entry

API will create L7 Access Profile entry Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

L7AccessEntry+

L7AccessEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action		L7AccessEntryAction	Required
attributes	Array of Policy L7 Access Profile attributes Property containing attributes/sub-attributes for Policy L7 Access Profile. APP_ID, CUSTOM_URL, URL_CATEGORY, are system created attributes, and user can use below API to get list of valid attributes and values and consume them in L7AccessEntry: GET /policy/api/v1/infra/l7-access-profiles/attributes?attribute_source=ALL CUSTOM_URL attribute value must be created explicitly by the user using below API: POST /policy/api/v1/infra/context-profiles/custom-attributes/default?action=add	array of L7AccessAttributes	Required Maximum items: 1
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
disabled	Flag to deactivate the entry Flag to deactivate the entry. Default is activated.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
logged	Enable logging flag Flag to activate packet logging. Default is deactivated.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L7AccessEntry	string
sequence_number	Policy L7 Access Entry Order Determines the order of the entry in this profile. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic.	int
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<nsx-mgr>/policy/api/v1/infra/l7-access-profiles/profile-1/entries/entry-1 { "resource_type": "L7AccessEntry", "display_name": "entry-1", "description":"Test Policy L7 Access Profile entry", "sequence_number": 101, "attributes":[ { "key":"CUSTOM_URL", "value": [ "*.cisco.com", "www.google.com" ], "datatype":"STRING", "attribute_source": "CUSTOM" } ], "action": "ALLOW", "logged" : false } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

L7AccessEntry+

L7AccessEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action		L7AccessEntryAction	Required
attributes	Array of Policy L7 Access Profile attributes Property containing attributes/sub-attributes for Policy L7 Access Profile. APP_ID, CUSTOM_URL, URL_CATEGORY, are system created attributes, and user can use below API to get list of valid attributes and values and consume them in L7AccessEntry: GET /policy/api/v1/infra/l7-access-profiles/attributes?attribute_source=ALL CUSTOM_URL attribute value must be created explicitly by the user using below API: POST /policy/api/v1/infra/context-profiles/custom-attributes/default?action=add	array of L7AccessAttributes	Required Maximum items: 1
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
disabled	Flag to deactivate the entry Flag to deactivate the entry. Default is activated.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
logged	Enable logging flag Flag to activate packet logging. Default is deactivated.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L7AccessEntry	string
sequence_number	Policy L7 Access Entry Order Determines the order of the entry in this profile. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic.	int
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete L7 Access Profile entry

API will delete L7 Access Profile entry Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

n/a

Example Request: DELETE https://<nsx-mgr>/policy/api/v1/infra/l7-access-profiles/profile-1/entries/ Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_security_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Read L7 Access Profile entry

Read Friewall L7 Access Profile entry Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/policy/api/v1/infra/l7-access-profiles/profile-1/entries/entry-1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

L7AccessEntry+

L7AccessEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action		L7AccessEntryAction	Required
attributes	Array of Policy L7 Access Profile attributes Property containing attributes/sub-attributes for Policy L7 Access Profile. APP_ID, CUSTOM_URL, URL_CATEGORY, are system created attributes, and user can use below API to get list of valid attributes and values and consume them in L7AccessEntry: GET /policy/api/v1/infra/l7-access-profiles/attributes?attribute_source=ALL CUSTOM_URL attribute value must be created explicitly by the user using below API: POST /policy/api/v1/infra/context-profiles/custom-attributes/default?action=add	array of L7AccessAttributes	Required Maximum items: 1
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
disabled	Flag to deactivate the entry Flag to deactivate the entry. Default is activated.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
logged	Enable logging flag Flag to activate packet logging. Default is deactivated.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L7AccessEntry	string
sequence_number	Policy L7 Access Entry Order Determines the order of the entry in this profile. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic.	int
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "L7AccessEntry", "id": "entry-1", "display_name": "entry-1", "description":"Test Policy L7 Access Profile entry", "path": "/infra/l7-access-profiles/profile-1/entries/entry-1" "relative_path": "entry-1", "marked_for_delete": false," "sequence_number": 101, "attributes":[ { "key":"CUSTOM_URL", "value": [ "*.cisco.com", "www.google.com" ], "datatype":"STRING", "attribute_source": "CUSTOM" } ], "action": "ALLOW", "logged" : false, "_create_user": "admin", "_create_time": 1516386404233, "_last_modified_user": "admin", "_last_modified_time": 1516431370604, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 2 } Required Permissions: read Feature: policy_security_profiles Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List Policy L7 access profile supported attributes and sub-attributes

Method:

GET

URI Path(s):

/policy/api/v1/infra/l7-access-profiles/attributes

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/attributes

Request Headers:

n/a

Query Parameters:

ProfileSupportedAttributesListRequestParameters+

ProfileSupportedAttributesListRequestParameters (schema)

Name	Description	Type	Notes
attribute_key	Fetch attributes and sub-attributes for the given attribute key It fetches attributes and subattributes for the given attribute key supported in the system which can be used for Policy Context Profile creation.	string
attribute_source	Source of the attribute, System Defined or custom It fetches attributes and sub attributes for the given attribute key based on the source of attribute which can be used for Policy Context Profile creation.	string	Enum: ALL, CUSTOM, SYSTEM Default: "SYSTEM"
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/l7-access-profiles/attributes Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyContextProfileListResult+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List static mime contents

API will list all static mime contents Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/static-mime-contents

Request Headers:

n/a

Query Parameters:

StaticMimeContentListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/static-mime-contents Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

StaticMimeContentListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "StaticMimeContent", "id": "coke-response-page-1", "display_name": "coke-response-page-1", "description":"Coke response page for l7 profile 1", "unique_id": "4efdaa00-d0a4-473a-9dd7-b2c4836013e7", "path": "/infra/static-mime-contents/coke-response-page-1", "relative_path": "coke-response-page-1", "text_message": "Company internet access usage violation. Contact IT Help Desk for further details.", } ] } Required Permissions: read Feature: policy_edge_security_settings Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or update static mime content id

API will create/update static mime content id Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/static-mime-contents/{static-mime-content-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

StaticMimeContent+

StaticMimeContent (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value StaticMimeContent	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
text_message	text message text message.	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<nsx-mgr>/policy/api/v1/infra/static-mime-contents/coke-response-page-1" { "resource_type": "StaticMimeContent", "id": "coke-response-page-1", "display_name": "coke-response-page-1", "description":"Coke response page for l7 profile 1", "relative_path": "coke-response-page-1", "text_message": "Company internet access usage violation. Contact IT Help Desk for further details.", } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

StaticMimeContent+

StaticMimeContent (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value StaticMimeContent	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
text_message	text message text message.	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "StaticMimeContent", "id": "coke-response-page-1", "display_name": "coke-response-page-1", "description":"Coke response page for l7 profile 1", "unique_id": "4efdaa00-d0a4-473a-9dd7-b2c4836013e7", "path": "/infra/static-mime-contents/coke-response-page-1", "relative_path": "coke-response-page-1", "marked_for_delete": false," "text_message": "Company internet access usage violation. Contact IT Help Desk for further details.", "_create_user": "admin", "_create_time": 1516657975538, "_last_modified_user": "admin", "_last_modified_time": 1517353711231, "_system_owned": false, "_revision": 1 } Required Permissions: crud Feature: policy_edge_security_settings Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Update static mime content id

API will create/update static mime content id Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/static-mime-contents/{static-mime-content-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

StaticMimeContent+

StaticMimeContent (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value StaticMimeContent	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
text_message	text message text message.	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<nsx-mgr>/policy/api/v1/infra/static-mime-contents/coke-response-page-1" { "resource_type": "StaticMimeContent", "id": "coke-response-page-1", "display_name": "coke-response-page-1", "description":"Coke response page for l7 profile 1", "relative_path": "coke-response-page-1", "text_message": "Company internet access usage violation. Contact IT Help Desk for further details.", } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

StaticMimeContent+

StaticMimeContent (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value StaticMimeContent	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
text_message	text message text message.	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete static Mime content

API will delete static mime content Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/static-mime-contents/{static-mime-content-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

n/a

Example Request: DELETE https://<nsx-mgr>/policy/api/v1/infra/static-mime-contents/ Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_edge_security_settings Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get Static Mime content

API will get static mime content Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/static-mime-contents/{static-mime-content-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/policy/api/v1/infra/static-mime-contents/coke-response-page-1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

StaticMimeContent+

StaticMimeContent (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value StaticMimeContent	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
text_message	text message text message.	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "StaticMimeContent", "id": "coke-response-page-1", "display_name": "coke-response-page-1", "description":"Coke response page for l7 profile 1", "unique_id": "4efdaa00-d0a4-473a-9dd7-b2c4836013e7", "path": "/infra/static-mime-contents/coke-response-page-1", "relative_path": "coke-response-page-1", "marked_for_delete": false," "text_message": "Company internet access usage violation. Contact IT Help Desk for further details.", "_create_user": "admin", "_create_time": 1516657975538, "_last_modified_user": "admin", "_last_modified_time": 1517353711231, "_system_owned": false, "_revision": 1 } Required Permissions: read Feature: policy_edge_security_settings Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Inventory: Services

Associated URIs:

GET /policy/api/v1/infra/services
GET /policy/api/v1/global-infra/services
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services
DELETE /policy/api/v1/infra/services/{service-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}
GET /policy/api/v1/infra/services/{service-id}
GET /policy/api/v1/global-infra/services/{service-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}
PATCH /policy/api/v1/infra/services/{service-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}
PUT /policy/api/v1/infra/services/{service-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}
GET /policy/api/v1/infra/services/{service-id}/service-entries
GET /policy/api/v1/global-infra/services/{service-id}/service-entries
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries
DELETE /policy/api/v1/infra/services/{service-id}/service-entries/{service-entry-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries/{service-entry-id}
GET /policy/api/v1/infra/services/{service-id}/service-entries/{service-entry-id}
GET /policy/api/v1/global-infra/services/{service-id}/service-entries/{service-entry-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries/{service-entry-id}
PATCH /policy/api/v1/infra/services/{service-id}/service-entries/{service-entry-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries/{service-entry-id}
PUT /policy/api/v1/infra/services/{service-id}/service-entries/{service-entry-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries/{service-entry-id}

List Services

Return list of Services.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/services

/policy/api/v1/global-infra/services

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services

Request Headers:

n/a

Query Parameters:

ServiceListRequestParameters+

ServiceListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
default_service	Fetch all default services If set to true, then it will display only default services. If set to false, then it will display all user defined services. If it is not provided, then complete (default as well as user defined) list of services will be displayed.	boolean
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/services Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ServiceListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 402, "results": [ { "resource_type": "Service", "description": "AD Server", "id": "AD_Server", "display_name": "AD Server", "path": "/infra/services/AD_Server", "parent_path": "/infra/services/AD_Server", "relative_path": "AD_Server", "service_entries": [ { "resource_type": "L4PortSetServiceEntry", "id": "AD_Server", "display_name": "AD Server", "path": "/infra/services/AD_Server/service-entries/AD_Server", "parent_path": "/infra/services/AD_Server", "relative_path": "AD_Server", "destination_ports": [ "1024" ], "l4_protocol": "TCP", "_create_user": "system", "_create_time": 1517296380484, "_last_modified_user": "system", "_last_modified_time": 1517296380484, "_system_owned": true, "_protection": "NOT_PROTECTED", "_revision": 0 } ], "_create_user": "system", "_create_time": 1517296380468, "_last_modified_user": "system", "_last_modified_time": 1517296380468, "_system_owned": true, "_protection": "NOT_PROTECTED", "_revision": 0 } } Required Permissions: read Feature: policy_services Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or update a Service

Create a new service if a service with the given ID does not already
exist. Creates new service entries if populated in the service.
If a service with the given ID already exists, update the service
including the nested service entries. This is a full replace.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/services/{service-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

Service+

Service (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildServiceEntry
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_default	Flag for default services The flag, if true, indicates that service is created in the system by default. Such default services can't be modified/deleted.	boolean	Readonly Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Service	string
service_entries	Service type Service entries for this service	array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry
service_type	Type of service, ETHER or NON_ETHER	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/services/my-http { "description": "My HTTP", "display_name": "My HTTP", "_revision": 0, "service_entries": [ { "resource_type": "L4PortSetServiceEntry", "display_name": "MyHttpEntry", "destination_ports": [ "8080" ], "l4_protocol": "TCP" } ] } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

Service+

Service (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildServiceEntry
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_default	Flag for default services The flag, if true, indicates that service is created in the system by default. Such default services can't be modified/deleted.	boolean	Readonly Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Service	string
service_entries	Service type Service entries for this service	array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry
service_type	Type of service, ETHER or NON_ETHER	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "Service", "description": "My HTTP", "id": "my-http", "display_name": "My HTTP", "path": "/infra/services/my-http", "parent_path": "/infra/services/my-http", "relative_path": "my-http", "service_entries": [ { "resource_type": "L4PortSetServiceEntry", "id": "MyHttpEntry", "display_name": "MyHttpEntry", "path": "/infra/services/my-http/service-entries/MyHttpEntry", "parent_path": "/infra/services/my-http", "relative_path": "MyHttpEntry", "destination_ports": [ "8080" ], "l4_protocol": "TCP", "_create_user": "admin", "_create_time": 1517310677617, "_last_modified_user": "admin", "_last_modified_time": 1517310677617, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ], "_create_user": "admin", "_create_time": 1517310677604, "_last_modified_user": "admin", "_last_modified_time": 1517310677604, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_services Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Patch a Service

Create a new service if a service with the given ID does not already
exist. Creates new service entries if populated in the service.
If a service with the given ID already exists, patch the service
including the nested service entries.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/services/{service-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

Service+

Service (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildServiceEntry
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_default	Flag for default services The flag, if true, indicates that service is created in the system by default. Such default services can't be modified/deleted.	boolean	Readonly Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Service	string
service_entries	Service type Service entries for this service	array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry
service_type	Type of service, ETHER or NON_ETHER	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/services/my-http { "description": "My HTTP Patched", "display_name": "My HTTP", "service_entries": [ { "resource_type": "L4PortSetServiceEntry", "display_name": "MyHttpEntry", "destination_ports": [ "8080" ], "l4_protocol": "TCP" } ] } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_services Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Read a service

Read a service Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/services/{service-id}

/policy/api/v1/global-infra/services/{service-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/services/my-http Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

Service+

Service (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildServiceEntry
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_default	Flag for default services The flag, if true, indicates that service is created in the system by default. Such default services can't be modified/deleted.	boolean	Readonly Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Service	string
service_entries	Service type Service entries for this service	array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry
service_type	Type of service, ETHER or NON_ETHER	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete Service

Delete Service Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/services/{service-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/services/my-http Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_services Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List Service entries for the given service

Return list of Service entries for the given service
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/services/{service-id}/service-entries

/policy/api/v1/global-infra/services/{service-id}/service-entries

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries

Request Headers:

n/a

Query Parameters:

ServiceEntryListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ServiceEntryListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 2, "results": [ { "resource_type": "L4PortSetServiceEntry", "id": "MyHttpEntry", "display_name": "MyHttpEntry", "path": "/infra/services/my-http/service-entries/MyHttpEntry", "parent_path": "/infra/services/my-http", "relative_path": "MyHttpEntry", "destination_ports": [ "8080" ], "l4_protocol": "TCP", "_create_user": "admin", "_create_time": 1517310677617, "_last_modified_user": "admin", "_last_modified_time": 1517310677617, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "resource_type": "L4PortSetServiceEntry", "id": "https", "display_name": "MyHttps", "path": "/infra/services/my-http/service-entries/https", "parent_path": "/infra/services/my-http", "relative_path": "https", "destination_ports": [ "7443" ], "l4_protocol": "TCP", "_create_user": "admin", "_create_time": 1517316057383, "_last_modified_user": "admin", "_last_modified_time": 1517316057383, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_services Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or update a ServiceEntry

If a service entry with the service-entry-id is not already present,
create a new service entry. If it already exists, update the service
entry.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/services/{service-id}/service-entries/{service-entry-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries/{service-entry-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

ALGTypeServiceEntry+

ALGTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alg	The Application Layer Gateway (ALG) protocol The Application Layer Gateway (ALG) protocol. Please note, protocol NBNS_BROADCAST and NBDG_BROADCAST are deprecated. Please use UDP protocol and create L4 Port Set type of service instead.	string	Required Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_ports	The destination_port cannot be empty and must be a single value.	array of PortElement	Required Minimum items: 1 Maximum items: 1
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ALGTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
source_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

EtherTypeServiceEntry+

EtherTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
ether_type	Type of the encapsulated protocol	integer	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EtherTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ICMPTypeServiceEntry+

ICMPTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
icmp_code	ICMP message code	integer	Minimum: 0 Maximum: 255
icmp_type	ICMP message type	integer	Minimum: 0 Maximum: 255
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protocol		string	Required Enum: ICMPv4, ICMPv6
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ICMPTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IGMPTypeServiceEntry+

IGMPTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IGMPTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPProtocolServiceEntry+

IPProtocolServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protocol_number	IP protocol number IP protocol number (valid range: 0-255)	integer	Required Minimum: 0 Maximum: 255
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPProtocolServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L4PortSetServiceEntry+

L4PortSetServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
l4_protocol		string	Required Enum: TCP, UDP
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L4PortSetServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
source_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

NestedServiceServiceEntry+

NestedServiceServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
nested_service_path	path of nested service	string	Required
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value NestedServiceServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries/https { "resource_type": "L4PortSetServiceEntry", "display_name": "MyHttps", "destination_ports": [ "7443" ], "l4_protocol": "TCP", "_revision": 0 } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ALGTypeServiceEntry+

ALGTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alg	The Application Layer Gateway (ALG) protocol The Application Layer Gateway (ALG) protocol. Please note, protocol NBNS_BROADCAST and NBDG_BROADCAST are deprecated. Please use UDP protocol and create L4 Port Set type of service instead.	string	Required Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_ports	The destination_port cannot be empty and must be a single value.	array of PortElement	Required Minimum items: 1 Maximum items: 1
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ALGTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
source_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

EtherTypeServiceEntry+

EtherTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
ether_type	Type of the encapsulated protocol	integer	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EtherTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ICMPTypeServiceEntry+

ICMPTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
icmp_code	ICMP message code	integer	Minimum: 0 Maximum: 255
icmp_type	ICMP message type	integer	Minimum: 0 Maximum: 255
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protocol		string	Required Enum: ICMPv4, ICMPv6
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ICMPTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IGMPTypeServiceEntry+

IGMPTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IGMPTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPProtocolServiceEntry+

IPProtocolServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protocol_number	IP protocol number IP protocol number (valid range: 0-255)	integer	Required Minimum: 0 Maximum: 255
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPProtocolServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L4PortSetServiceEntry+

L4PortSetServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
l4_protocol		string	Required Enum: TCP, UDP
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L4PortSetServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
source_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

NestedServiceServiceEntry+

NestedServiceServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
nested_service_path	path of nested service	string	Required
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value NestedServiceServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "resource_type": "L4PortSetServiceEntry", "id": "https", "display_name": "MyHttps", "path": "/infra/services/my-http/service-entries/https", "parent_path": "/infra/services/my-http", "relative_path": "https", "destination_ports": [ "7443" ], "l4_protocol": "TCP", "_create_user": "admin", "_create_time": 1517316057383, "_last_modified_user": "admin", "_last_modified_time": 1517316057383, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_services Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Patch a ServiceEntry

If a service entry with the service-entry-id is not already present,
create a new service entry. If it already exists, patch the service
entry.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/services/{service-id}/service-entries/{service-entry-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries/{service-entry-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

ALGTypeServiceEntry+

ALGTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alg	The Application Layer Gateway (ALG) protocol The Application Layer Gateway (ALG) protocol. Please note, protocol NBNS_BROADCAST and NBDG_BROADCAST are deprecated. Please use UDP protocol and create L4 Port Set type of service instead.	string	Required Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_ports	The destination_port cannot be empty and must be a single value.	array of PortElement	Required Minimum items: 1 Maximum items: 1
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ALGTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
source_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

EtherTypeServiceEntry+

EtherTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
ether_type	Type of the encapsulated protocol	integer	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EtherTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ICMPTypeServiceEntry+

ICMPTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
icmp_code	ICMP message code	integer	Minimum: 0 Maximum: 255
icmp_type	ICMP message type	integer	Minimum: 0 Maximum: 255
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protocol		string	Required Enum: ICMPv4, ICMPv6
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ICMPTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IGMPTypeServiceEntry+

IGMPTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IGMPTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPProtocolServiceEntry+

IPProtocolServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protocol_number	IP protocol number IP protocol number (valid range: 0-255)	integer	Required Minimum: 0 Maximum: 255
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPProtocolServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L4PortSetServiceEntry+

L4PortSetServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
l4_protocol		string	Required Enum: TCP, UDP
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L4PortSetServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
source_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

NestedServiceServiceEntry+

NestedServiceServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
nested_service_path	path of nested service	string	Required
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value NestedServiceServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries/https { "resource_type": "L4PortSetServiceEntry", "display_name": "MyHttps", "destination_ports": [ "9443" ], "l4_protocol": "TCP" } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_services Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Read service entry

Read service entry Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/services/{service-id}/service-entries/{service-entry-id}

/policy/api/v1/global-infra/services/{service-id}/service-entries/{service-entry-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries/{service-entry-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries/https Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ALGTypeServiceEntry+

ALGTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alg	The Application Layer Gateway (ALG) protocol The Application Layer Gateway (ALG) protocol. Please note, protocol NBNS_BROADCAST and NBDG_BROADCAST are deprecated. Please use UDP protocol and create L4 Port Set type of service instead.	string	Required Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_ports	The destination_port cannot be empty and must be a single value.	array of PortElement	Required Minimum items: 1 Maximum items: 1
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ALGTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
source_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

EtherTypeServiceEntry+

EtherTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
ether_type	Type of the encapsulated protocol	integer	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EtherTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ICMPTypeServiceEntry+

ICMPTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
icmp_code	ICMP message code	integer	Minimum: 0 Maximum: 255
icmp_type	ICMP message type	integer	Minimum: 0 Maximum: 255
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protocol		string	Required Enum: ICMPv4, ICMPv6
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ICMPTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IGMPTypeServiceEntry+

IGMPTypeServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IGMPTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPProtocolServiceEntry+

IPProtocolServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protocol_number	IP protocol number IP protocol number (valid range: 0-255)	integer	Required Minimum: 0 Maximum: 255
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPProtocolServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L4PortSetServiceEntry+

L4PortSetServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
l4_protocol		string	Required Enum: TCP, UDP
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L4PortSetServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
source_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

NestedServiceServiceEntry+

NestedServiceServiceEntry (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
nested_service_path	path of nested service	string	Required
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value NestedServiceServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete Service entry

Delete Service entry Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/services/{service-id}/service-entries/{service-entry-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries/{service-entry-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries/https Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_services Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Inventory: Tags

Associated URIs:

DELETE /policy/api/v1/infra/categories/{category-id}/tags/{tag-id}/attachments
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/categories/{category-id}/tags/{tag-id}/attachments
GET /policy/api/v1/infra/categories/{category-id}/tags/{tag-id}/attachments
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/categories/{category-id}/tags/{tag-id}/attachments
PATCH /policy/api/v1/infra/categories/{category-id}/tags/{tag-id}/attachments
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/categories/{category-id}/tags/{tag-id}/attachments
GET /policy/api/v1/infra/tags
GET /policy/api/v1/global-infra/tags
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags
GET /policy/api/v1/infra/tags/effective-resources
GET /policy/api/v1/global-infra/tags/effective-resources
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags/effective-resources
GET /policy/api/v1/infra/tags/tag-operations/{operation-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags/tag-operations/{operation-id}
PUT /policy/api/v1/infra/tags/tag-operations/{operation-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags/tag-operations/{operation-id}
GET /policy/api/v1/infra/tags/tag-operations/{operation-id}/status
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags/tag-operations/{operation-id}/status
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/categories/{category-id}/tags/{tag-id}/attachments
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/categories/{category-id}/tags/{tag-id}/attachments
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/categories/{category-id}/tags/{tag-id}/attachments

Create or update vm tag attachment

Create or update vm tag attachment Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/categories/{category-id}/tags/{tag-id}/attachments

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/categories/{category-id}/tags/{tag-id}/attachments

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

TagAttachment+

TagAttachment (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
apply_to	List of resources on which tag needs to be applied List of resources on which tag needs to be applied.	array of ResourceInfo
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
remove_from	List of resources on which tag needs to be applied List of resources on which tag needs to be applied.	array of ResourceInfo
resource_type	Must be set to the value TagAttachment	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/tag/tag1/attachments { "remove_from": [ {"resource_type" : "VIRTUAL_MACHINE", "resource_ids": ["vm0"] }, { "resource_type" : "VIRTUAL_MACHINE", "resource_ids": ["vm4"] }, { "resource_type" : "SEGMENT", "resource_ids": ["seg"] } ], "apply_to": [ { "resource_type" : "VIRTUAL_MACHINE", "resource_ids": ["vm1", "vm3"] }, { "resource_type" : "SEGMENT", "resource_ids": ["seg3","seg1"] } ] } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TagAttachmentResponse+

TagAttachmentResponse (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attached_to	List of resources on which tag is applied List of resources on which tag is applied.	array of ResourceInfo
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
failed_to_attach	List to resources on which tag can not be applied	array of ResourceInfo
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TagAttachmentResponse	string
tag_path	Tag path Tag policy path of the attachment	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "attached_to": [ { "resource_type": "VIRTUAL_MACHINE", "resource_ids": [ "vm1", "vm3" ] }, { "resource_type": "SEGMENT", "resource_ids": [ "seg1", "seg3" ] } ], "tag_path": "/infra/tag/tag1", "marked_for_delete": false, "overridden": false, "_protection": "NOT_PROTECTED" } Required Permissions: crud Feature: policy_vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get tag attachments

Get tag attachments Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/categories/{category-id}/tags/{tag-id}/attachments

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/categories/{category-id}/tags/{tag-id}/attachments

Request Headers:

n/a

Query Parameters:

TagAttachmentRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tag//attachments ### for particalar resource type GET https://<policy-mgr>/policy/api/v1/infra/tag//attachments?resource_type=VIRTUAL_MACHINE Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TagAttachmentResponse+

TagAttachmentResponse (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attached_to	List of resources on which tag is applied List of resources on which tag is applied.	array of ResourceInfo
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
failed_to_attach	List to resources on which tag can not be applied	array of ResourceInfo
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TagAttachmentResponse	string
tag_path	Tag path Tag policy path of the attachment	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete tag attachments

Delete tag attachments Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/categories/{category-id}/tags/{tag-id}/attachments

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/categories/{category-id}/tags/{tag-id}/attachments

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/tag//attachments Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List all unique tags.

Returns paginated list of all unique tags. Supports filtering by scope, tag and
source from which tags are synced. Supports starts with, ends with, equals and
contains operators on scope and tag values.
To filter tags by starts with on scope or tag, use '*' as suffix after the value.
To filter tags by ends with on scope or tag, use '*' as prefix before the value.
To filter tags by contain on scope or tag, use '*' as prefix and suffix on the value.
Below special characters in the filter value needs to be escaped with hex values.
- Character '&' needs to be escaped as '%26'
- Character '[' needs to be escaped as '%5B'
- Character ']' needs to be escaped as '%5D'
- Character '+' needs to be escaped as '%2B'
- Character '#' needs to be escaped as '%23'
Sort option for list of unique tags is available only on tag and scope properties.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/tags

/policy/api/v1/global-infra/tags

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags

Request Headers:

n/a

Query Parameters:

TagInfoListRequestParameters+

TagInfoListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
scope	Tag scope	string
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
source	Source from which tags are synced.	string	Enum: Amazon, Azure, NSX, ANY
tag	Tag value	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tags Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TagInfoListResult+

Example Response: ## For /infra/tags ## { "results": [ { "scope": "os", "tag": "windows", "tagged_objects": 250 }, { "scope": "os", "tag": "ubantu", "tagged_objects": 100 } ], "result_count": 2 } ## For /infra/tags?tag=win* ## { "results": [ { "scope": "os", "tag": "windows", "tagged_objects": 250 } ], "result_count": 1 } ## For /infra/tags?tag=*ban* ## { "results": [ { "scope": "os", "tag": "ubantu", "tagged_objects": 100 } ], "result_count": 1 } Required Permissions: read Feature: policy_vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List all objects assigned with matching scope and tag values

Paginated list of all objects assigned with matching scope and tag values. Objects
are represented in form of resource reference. Sort option is available only on
target_type and target_display_name properties.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/tags/effective-resources

/policy/api/v1/global-infra/tags/effective-resources

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags/effective-resources

Request Headers:

n/a

Query Parameters:

TaggedObjectsListRequestParameters+

TaggedObjectsListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
filter_by	Comma-separated list of field names to filter tagged objects. Comma-separated list of field names used to filter tagged objects. Supported field names are resource_type, display_name and external_id.	string
filter_text	Filter text to restrict tagged objects list with matching filter text.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
scope	Tag scope	string
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
tag	Tag value	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tags/effective-resources?scope=type&tag=app Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyResourceReferenceListResult+

Example Response: { "results": [ { "target_type": "VirtualMachine", "target_display_name": "App-VM-1", "target_id": "564d8b81-983d-b8ef-686b-161205939c58" }, { "target_type": "Group", "target_display_name": "app-vms", "path": "/infra/domains/default/groups/app-vms" } ], "result_count": 2 } Required Permissions: read Feature: policy_vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Assign or Unassign tag on multiple Virtual Machines.

Tag can be assigned or unassigned on multiple objects. Supported object type is
restricted to Virtual Machine for now and support for other objects will be added
later. Permissions for tag bulk operation would be similar to virtual machine
tag permissions.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/tags/tag-operations/{operation-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags/tag-operations/{operation-id}

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

TagBulkOperation+

TagBulkOperation (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
apply_to	List of resources on which tag needs to be applied List of resources on which tag needs to be applied.	array of ResourceInfo
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
remove_from	List of resources from which tag needs to be removed List of resources from which tag needs to be removed.	array of ResourceInfo
resource_type	Must be set to the value TagBulkOperation	string
tag	Tag	Tag	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/tags/tag-operations/win-vm-update { "tag": { "scope": "os", "tag": "windows" }, "apply_to": [ { "resource_type": "VirtualMachine", "resource_ids": [ "ee98a906-7b84-42ae-9413-d812cdb64543" ] } ], "remove_from":[ { "resource_type": "VirtualMachine", "resource_ids": [ "564d8b81-983d-b8ef-686b-161205939c58" ] } ] } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TagBulkOperation+

TagBulkOperation (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
apply_to	List of resources on which tag needs to be applied List of resources on which tag needs to be applied.	array of ResourceInfo
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
remove_from	List of resources from which tag needs to be removed List of resources from which tag needs to be removed.	array of ResourceInfo
resource_type	Must be set to the value TagBulkOperation	string
tag	Tag	Tag	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "tag": { "scope": "os", "tag": "windows" }, "apply_to": [ { "resource_type": "VirtualMachine", "resource_ids": [ "ee98a906-7b84-42ae-9413-d812cdb64543" ] } ], "remove_from":[ { "resource_type": "VirtualMachine", "resource_ids": [ "564d8b81-983d-b8ef-686b-161205939c58" ] } ], "resource_type": "TagBulkOperation", "id": "win-vm-update", "display_name": "win-vm-update", "path": "/infra/tags/tag-operations/win-vm-update", "relative_path": "win-vm-update", "parent_path": "/infra/tags/tag-operations", "marked_for_delete": false, "_create_user": "admin", "_create_time": 1544641564432, "_last_modified_user": "admin", "_last_modified_time": 1544641564432, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get details of tag bulk operation request

Get details of tag bulk operation request with which tag is applied or removed
on virtual machines.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/tags/tag-operations/{operation-id}

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags/tag-operations/{operation-id}

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tags/tag-operations/win-vm-update Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TagBulkOperation+

TagBulkOperation (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
apply_to	List of resources on which tag needs to be applied List of resources on which tag needs to be applied.	array of ResourceInfo
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
remove_from	List of resources from which tag needs to be removed List of resources from which tag needs to be removed.	array of ResourceInfo
resource_type	Must be set to the value TagBulkOperation	string
tag	Tag	Tag	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get status of tag bulk operation

Get status of tag bulk operation with details of tag operation on each virtual machine.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/tags/tag-operations/{operation-id}/status

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags/tag-operations/{operation-id}/status

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tags/tag-operations/win-vm-update/status Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TagBulkOperationStatus+

Example Response: { "tag": { "scope": "os", "tag": "windows" }, "status": "Error", "apply_to": [ { "resource_type": "VirtualMachine", "resource_tag_status": [ { "resource_id": "e98a906-7b84-42ae-9413-d812cdb64543", "tag_status": "Success" } ] } ], "remove_from":[ { "resource_type": "VirtualMachine", "resource_tag_status": [ { "resource_id": "564d8b81-983d-b8ef-686b-161205939c58", "tag_status": "Error", "details": "VM with external id not found" } ] } ], } Required Permissions: crud Feature: policy_vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or update tag attachment for a VPC

Create or update tag attachment for a VPC Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/categories/{category-id}/tags/{tag-id}/attachments

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

TagAttachment+

TagAttachment (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
apply_to	List of resources on which tag needs to be applied List of resources on which tag needs to be applied.	array of ResourceInfo
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
remove_from	List of resources on which tag needs to be applied List of resources on which tag needs to be applied.	array of ResourceInfo
resource_type	Must be set to the value TagAttachment	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/tag/tag1/attachments Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TagAttachmentResponse+

TagAttachmentResponse (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attached_to	List of resources on which tag is applied List of resources on which tag is applied.	array of ResourceInfo
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
failed_to_attach	List to resources on which tag can not be applied	array of ResourceInfo
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TagAttachmentResponse	string
tag_path	Tag path Tag policy path of the attachment	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Required Permissions: crud Feature: policy_vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get tag attachments for VPC

Get tag attachments for VPC Request:

Method:

GET

URI Path(s):

/policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/categories/{category-id}/tags/{tag-id}/attachments

Request Headers:

n/a

Query Parameters:

TagAttachmentRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tag//attachments Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

TagAttachmentResponse+

TagAttachmentResponse (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attached_to	List of resources on which tag is applied List of resources on which tag is applied.	array of ResourceInfo
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
failed_to_attach	List to resources on which tag can not be applied	array of ResourceInfo
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TagAttachmentResponse	string
tag_path	Tag path Tag policy path of the attachment	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Required Permissions: read Feature: policy_vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete tag attachments for a VPC

Delete tag attachments for a VPC Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/orgs/{org-id}/projects/{project-id}/vpcs/{vpc-id}/categories/{category-id}/tags/{tag-id}/attachments

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/tag//attachments Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Inventory: Virtual Interfaces

Associated URIs:

GET /api/v1/fabric/vifs

Return the List of Virtual Network Interfaces (VIFs)

Returns information about all VIFs. A virtual network interface aggregates
network interfaces into a logical interface unit that is indistinuishable
from a physical network interface.
Request:

Method:

GET

URI Path(s):

/api/v1/fabric/vifs

Request Headers:

n/a

Query Parameters:

VifListRequestParameters+

VifListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
host_id	Id of the host where this vif is located.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
lport_attachment_id	LPort Attachment Id of the virtual network interface.	string
owner_vm_id	External id of the virtual machine.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string
vm_id	Internal identifier of the virtual machine.	string

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/fabric/vifs Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

VirtualNetworkInterfaceListResult+

Example Response: { "result_count": 2, "results": [ { "resource_type": "VirtualNetworkInterface", "device_key": "4000", "device_name": "Network adapter 1", "ip_address_info": [ { "ip_addresses": [ "172.16.20.10", "fe80::250:56ff:fe86:f2b2" ], "source": "VM_TOOLS" } ], "vm_local_id_on_host": "1", "mac_address": "00:50:56:86:f2:b2", "owner_vm_id": "5006d98a-352f-134f-df6b-33e7f8d5de65", "external_id": "5006d98a-352f-134f-df6b-33e7f8d5de65-4000", "lport_attachment_id": "3d4b208c-b986-47f7-8a29-a74610d33a13", "host_id": "74730a28-e52d-11e5-936e-6f061d405a28" }, { "resource_type": "VirtualNetworkInterface", "device_key": "4000", "device_name": "Network adapter 1", "ip_address_info": [ { "ip_addresses": [ "172.16.20.11", "fe80::250:56ff:feb1:705e" ], "source": "VM_TOOLS" } ], "vm_local_id_on_host": "3", "mac_address": "00:50:56:b1:70:5e", "owner_vm_id": "50314b00-d422-d5d0-0cb2-d8a904a31c16", "external_id": "50314b00-d422-d5d0-0cb2-d8a904a31c16-4000", "lport_attachment_id": "d0649784-6fb8-43f9-be9e-88d3ee357f6e", "host_id": "65bcd211-e570-11e5-8472-991cc87d670e" } ] } Required Permissions: read Feature: vm_vm_info Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Inventory: Vm

Associated URIs:

GET /api/v1/fabric/virtual-machines
POST /api/v1/fabric/virtual-machines?action=update_tags
POST /api/v1/fabric/virtual-machines?action=add_tags
POST /api/v1/fabric/virtual-machines?action=remove_tags
GET /api/v1/fabric/virtual-machines/tools-info
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/virtual-machines (Deprecated)
POST /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/virtual-machines?action=update_tags (Deprecated)
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/virtual-machines/{virtual-machine-id}/details
GET /policy/api/v1/infra/realized-state/system-excluded-virtual-machines
GET /policy/api/v1/infra/realized-state/system-virtual-machines
GET /policy/api/v1/infra/realized-state/unassociated-virtual-machines
GET /policy/api/v1/infra/realized-state/virtual-machines
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/realized-state/virtual-machines
POST /policy/api/v1/infra/realized-state/virtual-machines/{virtual-machine-id}/tags
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/realized-state/virtual-machines/{virtual-machine-id}/tags
GET /policy/api/v1/global-infra/vm-tag-replication-policies
GET /policy/api/v1/global-infra/vm-tag-replication-policies/{id}

Return the List of Virtual Machines

Returns information about all virtual machines.
If you have not added NSX tags on the VM or removed
all the NSX tags that were earlier added to the VM,
then tags property is not returned in the API response.
Request:

Method:

GET

URI Path(s):

/api/v1/fabric/virtual-machines

Request Headers:

n/a

Query Parameters:

VirtualMachineListRequestParameters+

VirtualMachineListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
display_name	Display Name of the virtual machine	string
exclude_vm_type	VM types to be excluded Specifies VM types, which needs to be excluded. It will be comma seperated to specify multiple VM type.	string
external_id	External id of the virtual machine	string
host_id	Id of the host where this vif is located	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/fabric/virtual-machines Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

VirtualMachineListResult+

Example Response: ## For /fabric/virtual-machines ## { "result_count" : 1, "results" : [ { "display_name" : "Iws-2", "resource_type" : "VirtualMachine", "local_id_on_host": "1", "external_id" : "420e72c9-55e7-a4f7-81bf-673a2af1a6cf", "host_id" : "cf0ffd7a-818a-11e4-9ab1-cb7a79b0af39", "compute_ids" : [ "locationId:420e72c9-55e7-a4f7-81bf-673a2af1a6cf", "instanceUuid:500e0c08-2ecc-2609-d9ba-ed489e48c787", "biosUuid:420e72c9-55e7-a4f7-81bf-673a2af1a6cf", "externalId:420e72c9-55e7-a4f7-81bf-673a2af1a6cf", "hostLocalId:1", "moIdOnHost:1" ], "source" : { "target_display_name" : "sc2-rdops-vm03-dhcp-102-35.eng.vmware.com", "is_valid" : true, "target_type" : "HostNode", "target_id" : "3d0574b8-267c-11e7-9126-0febdf149b8c" }, "type" : "REGULAR", "power_state" : "VM_RUNNING", "guest_info": { "os_name": "Ubuntu Linux (64-bit)", "computer_name": "app-vm" }, "_last_sync_time" : 1493291539130 } ] } ## For fabric/virtual-machines?external_id=5006d98a-352f-134f-df6b-33e7f8d5de65 ## { "result_count": 1, "results": [ { "resource_type": "VirtualMachine", "display_name": "app-vm", "compute_ids": [ "instanceUuid:5006d98a-352f-134f-df6b-33e7f8d5de65", "moIdOnHost:1", "externalId:5006d98a-352f-134f-df6b-33e7f8d5de65", "hostLocalId:1", "locationId:564d1012-15a8-dd22-9c13-f53d697678a8", "biosUuid:4206a555-5a2f-edaa-d215-dac9508da942" ], "external_id": "5006d98a-352f-134f-df6b-33e7f8d5de65", "source" : { "target_display_name" : "sc2-rdops-vm03-dhcp-102-35.eng.vmware.com", "is_valid" : true, "target_type" : "HostNode", "target_id" : "3d0574b8-267c-11e7-9126-0febdf149b8c" }, "type": "REGULAR", "host_id": "74730a28-e52d-11e5-936e-6f061d405a28", "local_id_on_host": "1", "power_state" : "VM_RUNNING", "guest_info": { "os_name": "Ubuntu Linux (64-bit)", "computer_name": "app-vm" }, "_last_sync_time" : 1493291539130 } ] } ## For fabric/virtual-machines?display_name=web-vm ## { "result_count": 1, "results": [ { "resource_type": "VirtualMachine", "display_name": "web-vm", "compute_ids": [ "instanceUuid:50069c43-e024-9fce-6017-001a87ef32be", "moIdOnHost:1", "externalId:50069c43-e024-9fce-6017-001a87ef32be", "hostLocalId:1", "locationId:564d6439-4abb-e39c-1a2f-d2524e3cc3e1", "biosUuid:42060137-3f57-15bb-1bfc-293c4ba89050" ], "external_id": "50069c43-e024-9fce-6017-001a87ef32be", "source" : { "target_display_name" : "sc2-rdops-vm03-dhcp-102-35.eng.vmware.com", "is_valid" : true, "target_type" : "HostNode", "target_id" : "3d0574b8-267c-11e7-9126-0febdf149b8c" }, "type": "REGULAR", "host_id": "65bcd211-e570-11e5-8472-991cc87d670e", "local_id_on_host": "1", "power_state" : "VM_RUNNING", "guest_info": { "os_name": "Ubuntu Linux (64-bit)", "computer_name": "web-vm" }, "_last_sync_time" : 1493291539130 } ] } ## For fabric/virtual-machines?display_name=db-vm-new&external_id=50314b00-d422-d5d0-0cb2-d8a904a31c16 ## { "result_count": 1, "results": [ { "resource_type": "VirtualMachine", "display_name": "db-vm-new", "compute_ids": [ "instanceUuid:50314b00-d422-d5d0-0cb2-d8a904a31c16", "moIdOnHost:3", "externalId:50314b00-d422-d5d0-0cb2-d8a904a31c16", "hostLocalId:3", "locationId:564d90f6-8f73-1baa-8226-82d85cc9c5c8", "biosUuid:4231c15f-ca24-b567-65b4-17bf1c0dd20e" ], "external_id": "50314b00-d422-d5d0-0cb2-d8a904a31c16", "source" : { "target_display_name" : "sc2-rdops-vm03-dhcp-102-35.eng.vmware.com", "is_valid" : true, "target_type" : "HostNode", "target_id" : "3d0574b8-267c-11e7-9126-0febdf149b8c" }, "type": "REGULAR", "host_id": "65bcd211-e570-11e5-8472-991cc87d670e", "local_id_on_host": "3", "power_state" : "VM_RUNNING", "guest_info": { "os_name": "Microsoft Windows 10 (64-bit)", "computer_name": "db-vm" }, "_last_sync_time" : 1493291539130 } ] } Required Permissions: read Feature: vm_vm_info Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Return the list of tools and agents installed in VMs.

This API returns the list of tools and agents installed in VMs. Request:

Method:

GET

URI Path(s):

/api/v1/fabric/virtual-machines/tools-info

Request Headers:

n/a

Query Parameters:

ListRequestParameters+

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/fabric/virtual-machines/tools-info Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

VmToolsInfoListResult+

Example Response: { "result_count": 1, "results": [ { "resource_type": "VmToolsInfo", "external_id": "a46b3633-22b3-49f9-87bd-b888b1bd0656", "host_local_id": "vm-1", "source": { "target_display_name": "192.168.0.2", "is_valid": true, "target_type": "HostNode", "target_id": "d25ae6ce-e599-4c66-8583-b10e31fcdf48" }, "file_agent_version": "10.3.5.0", "network_agent_version": "1.9.1", "vmtools_version": "10.7.1.0" } ] } Required Permissions: read Feature: vm_vm_info Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Perform action on specified virtual machine e.g. add new tags

Perform action on a specific virtual machine. External id of the virtual machine needs to be
provided in the request body.
To add new tags to existing list of tag, use action parameter add_tags.
The vmw-async: True HTTP header cannot be used with this API.
Request:

Method:

POST

URI Path(s):

/api/v1/fabric/virtual-machines?action=add_tags

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

VirtualMachineTagUpdate+

Example Request: POST https://<nsx-mgr>/api/v1/fabric/virtual-machines?action=add_tags { "external_id": "ID-0", "tags": [ {"scope": "os", "tag": "win32"}, {"scope": "security", "tag": "PCI"} ] } Successful Response:

Response Code:

204 No Content

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Perform action on specified virtual machine e.g. remove existing tags

Perform action on a specific virtual machine. External id of the virtual machine needs to be
provided in the request body.
To remove tags from existing list of tag, use action parameter remove_tags.
The vmw-async: True HTTP header cannot be used with this API.
Request:

Method:

POST

URI Path(s):

/api/v1/fabric/virtual-machines?action=remove_tags

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

VirtualMachineTagUpdate+

Example Request: POST https://<nsx-mgr>/api/v1/fabric/virtual-machines?action=remove_tags { "external_id": "ID-0", "tags": [ {"scope": "os", "tag": "win32"}, {"scope": "security", "tag": "PCI"} ] } Successful Response:

Response Code:

204 No Content

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Perform action on specified virtual machine e.g. update tags

Perform action on a specific virtual machine. External id of the virtual machine needs to be
provided in the request body.
To replace existing tags with new tags, use action parameter update_tags.
To clear all tags, provide an empty list and action parameter as update_tags.
The vmw-async: True HTTP header cannot be used with this API.
Request:

Method:

POST

URI Path(s):

/api/v1/fabric/virtual-machines?action=update_tags

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

VirtualMachineTagUpdate+

Example Request: POST https://<nsx-mgr>/api/v1/fabric/virtual-machines?action=update_tags { "external_id": "ID-0", "tags": [ {"scope": "os", "tag": "win32"}, {"scope": "security", "tag": "PCI"} ] } Successful Response:

Response Code:

204 No Content

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Listing of Virtual machines on the NSX Manager (Deprecated)

This API filters objects of type virtual machines from the specified NSX Manager.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/virtual-machines

Request Headers:

n/a

Query Parameters:

AdditionalSearchParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/realized-state/enforcement-points/default/virtual-machines Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SearchResponse+

Example Response: { "cursor": "1", "result_count": 10004, "results": [ { "compute_ids": [ "moIdOnHost:1", "hostLocalId:1", "locationId:564d75b2-7e28-7e78-dd77-64e5fd6128e1", "instanceUuid:04fb2e78-e4bc-416f-b9dc-18b9f05e6227", "externalId:564d75b2-7e28-7e78-dd77-64e5fd6128e1", "biosUuid:564d75b2-7e28-7e78-dd77-64e5fd6128e1" ], "resource_type": "VirtualMachine", "external_id": "564d75b2-7e28-7e78-dd77-64e5fd6128e1", "source": { "target_display_name": "sc-rdops-vm09-dhcp-16-203.eng.vmware.com", "is_valid": true, "target_type": "HostNode", "target_id": "1afea8da-d4e2-11e7-93c3-c57b39f75a4f" }, "_last_sync_time": 1512031301409, "display_name": "1-vm_ubuntu_1404_srv_64-local-586-04fb2e78-e4bc-416f-b9dc-18b9f05e6227", "type": "REGULAR", "power_state": "VM_RUNNING", "host_id": "1afea8da-d4e2-11e7-93c3-c57b39f75a4f", "local_id_on_host": "1" } ] } Required Permissions: read Feature: vm_vm_info Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Read the details of a virtual machine on the NSX Manager

This API return optional details about a virtual machines (e.g. user login session) from the
specified enforcement point.
In case of NSXT, virtual-machine-id would be the value of the external_id of the virtual machine.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/virtual-machines/{virtual-machine-id}/details

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/realized-state/enforcement-points/default/virtual-machines/564d75b2-7e28-7e78-dd77-64e5fd6128e1/details Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

VirtualMachineDetails+

Example Response: { "active_sessions": [ { "domain_name": "test.com", "user_name": "test6", "login_time": 1540338056213, "logout_time": 0, "user_session_id": 0 }], "archived_sessions": [ { "domain_name": "test.com", "user_name": "test6", "login_time": 1540338057355, "logout_time": 154033872131, "user_session_id": 3, }, { "domain_name": "test.com", "user_name": "test6", "login_time": 1540338059011, "logout_time": 1540338061036, "user_session_id": 4 } ] } Required Permissions: read Feature: policy_identity Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Apply tags on virtual machine (Deprecated)

Allows an admin to apply multiple tags to a virtual machine. This operation
does not store the intent on the policy side. It applies the tag directly
on the specified enforcement point. This operation will replace the existing
tags on the virtual machine with the ones that have been passed. If the
application of tag fails on the enforcement point, then an error is
reported. The admin will have to retry the operation again. Policy
framework does not perform a retry. Failure could occur due to multiple
reasons. For e.g enforcement point is down, Enforcement point could not
apply the tag due to constraints like max tags limit exceeded, etc.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/virtual-machines?action=update_tags

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

VirtualMachineTagsUpdate+

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/realized-state/enforcement-points/default/virtual-machines?action=update_tags { "virtual_machine_id": "ID-0", "tags": [ {"scope": "web", "tag": "web-vm"}, {"scope": "ostype", "tag": "WINDOWS"} ] } Successful Response:

Response Code:

204 No Content

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: vm_vm_info Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Lists all the system excluded virtual machines.

Lists all the system virtual machines that are auto excluded in
firewall exclude list (example -Partner and Edge VMs etc)
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/realized-state/system-excluded-virtual-machines

Request Headers:

n/a

Query Parameters:

SystemVMListRequestParameter+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/realized-state/system-excluded-virtual-machines Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

VirtualMachineListResult+

Example Response: { "results": [ { "host_id": "f8aeaa94-3e3b-48dd-bbd4-595676b87aaa", "source": { "target_id": "f8aeaa94-3e3b-48dd-bbd4-595676b87aaa", "target_display_name": "TN-1", "target_type": "HostNode", "is_valid": true }, "external_id": "6ab92268-3ae3-443f-b073-c8020fe783a5", "power_state": "VM_RUNNING", "local_id_on_host": "2", "compute_ids": [ "moIdOnHost:2", "hostLocalId:2", "locationId:564dc3dc-7e69-5e4f-102a-c29b5dddba49", "instanceUuid:6ab92268-3ae3-443f-b073-c8020fe783a5", "externalId:6ab92268-3ae3-443f-b073-c8020fe783a5", "biosUuid:564dc3dc-7e69-5e4f-102a-c29b5dddba49" ], "type": "INTELLIGENCE", "resource_type": "VirtualMachine", "display_name": "vsphere_vm_2", "_last_sync_time": 1589890824000 } ] } Required Permissions: read Feature: infra_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Lists all the system virtual machines.

Lists all the system virtual machines (example -Partner and Edge VMs etc)
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/realized-state/system-virtual-machines

Request Headers:

n/a

Query Parameters:

SystemVMListRequestParameter+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/realized-state/system-virtual-machines Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

VirtualMachineListResult+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List all virtual machines which are not part of any group

This API filters objects of type virtual machine which are not part of any group. This API also gives some VM
details such as VM name, IDs and the current state of the VMs.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/realized-state/unassociated-virtual-machines

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/realized-state/unassociated-virtual-machines?enforcement_point_path=/infra/deployment-zones/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

VirtualMachineListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "compute_ids": [ "moIdOnHost:1", "hostLocalId:1", "locationId:564d75b2-7e28-7e78-dd77-64e5fd6128e1", "instanceUuid:04fb2e78-e4bc-416f-b9dc-18b9f05e6227", "externalId:564d75b2-7e28-7e78-dd77-64e5fd6128e1", "biosUuid:564d75b2-7e28-7e78-dd77-64e5fd6128e1" ], "resource_type": "VirtualMachine", "external_id": "564d75b2-7e28-7e78-dd77-64e5fd6128e1", "source": { "target_display_name": "sc-rdops-vm09-dhcp-16-203.eng.vmware.com", "is_valid": true, "target_type": "HostNode", "target_id": "1afea8da-d4e2-11e7-93c3-c57b39f75a4f" }, "_last_sync_time": 1512031301409, "display_name": "1-vm_ubuntu_1404_srv_64-local-586-04fb2e78-e4bc-416f-b9dc-18b9f05e6227", "type": "REGULAR", "power_state": "VM_RUNNING", "host_id": "1afea8da-d4e2-11e7-93c3-c57b39f75a4f", "local_id_on_host": "1" } ] } Required Permissions: read Feature: infra_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List all virtual machines

This API filters objects of type virtual machine. This API also gives some VM
details such as VM name, IDs and the current state of the VMs.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/realized-state/virtual-machines

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/realized-state/virtual-machines

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/realized-state/virtual-machines?enforcement_point_path=/infra/deployment-zones/default/enforcement-points/ep1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

VirtualMachineListResult+

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Apply tags on virtual machine

Method:

POST

URI Path(s):

/policy/api/v1/infra/realized-state/virtual-machines/{virtual-machine-id}/tags

/policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/realized-state/virtual-machines/{virtual-machine-id}/tags

Request Headers:

n/a

Query Parameters:

RealizationListRequestParameters+

RealizationListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

VirtualMachineTagsUpdate+

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/realized-state/virtual-machines//tags { "tags": [ {"scope": "web", "tag": "web-vm"}, {"scope": "ostype", "tag": "WINDOWS"} ] } Successful Response:

Response Code:

204 No Content

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_vm_vm_tags Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List all VM tag replication policies

List all VM tag replication policies.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/vm-tag-replication-policies

Request Headers:

n/a

Query Parameters:

VMTagReplicationPolicyListRequestParameters+

Request Body:

n/a

Example Request: GET https://<global-manager>/global_manager/api/v1/global-infra/vm-tag-replication-policies Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

VMTagReplicationPolicyListResult+

Example Response: { "result_count": 1, "results": [ { "display_name": "VMTag replication policy 1", "description": "VMTag replication policy 1", "protected_site": "/global-infra/sites/pune", "recovery_sites": [ "/global-infra/sites/london" ], "vm_match_criteria": "MATCH_NSX_ATTACHMENT_ID", "groups": [ "/global-infra/domains/d1/groups/g1", "/global-infra/domains/d2/groups/g2" ], "id": "policy1", "path": "/global-infra/vm-tag-replication-policies/policy1", "_revision": 2 } ] } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get the VM tag replication policy specified by id

Get the VM tag replication policy specified by id.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/global-infra/vm-tag-replication-policies/{id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<global-manager>/global_manager/api/v1/global-infra/vm-tag-replication-policies/policy1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

VMTagReplicationPolicy+

VMTagReplicationPolicy (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
groups	Paths of groups Paths of groups (VM tag-based, VM name-based, etc.) that translates into VMs to be replicated from protected site to recovery sites. If no group is specified, none of the VM tag will be replicated from protected site to recovery sites.	array of string
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protected_site	A path of protected site A path of protected site, from where tags of selected VMs will be replicated to recovery sites.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
recovery_sites	Paths of recovery sites Paths of recovery sites, where tags of selected VMs will be replicated to, from protected site.	array of string	Required Minimum items: 1 Maximum items: 1
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
replication_type	Replication type used in DR failover Specifies type of replication used in DR (Disaster Recovery) failover.	string	Enum: VSPHERE_REPLICATION, STORAGE_ARRAY_REPLICATION, OTHER Default: "OTHER"
resource_type	Must be set to the value VMTagReplicationPolicy	string
tag_delay_delete_time	Specifies delay time to be used for tags of virtual machine This specifies delay in minutes which is used for deletion of tags of virtual machines on recovery site. If a VM is deleted on protected site and has not appeared on recovery site (e.g. this can happen primarily when array based storage replication is used with SRM and DR failover is run while protected site is reachable), the tags will be retained for this much amount of time on recovery site. VM appears within this much time on recovery site, then tags will get applied on recovery site. If replication type is VSPHERE_REPLICATION or OTHER, then its default value is 0 minutes. If replication type is STORAGE_ARRAY_REPLICATION, then its default value is 30 minutes. If this value is not specified, then default value according to replication type will be applicable. The time for virtual machines to appear on recovery site after those are deleted from primary site in case of storage replication depends on count of virtual machines configured to failover, storage array performance and ESXi host.	integer	Minimum: 0 Maximum: 4320
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vm_match_criteria	Matching criteria used for associating VMs Matching criteria used for associating VMs from protected site to VMs on recovery sites. - MATCH_NSX_ATTACHMENT_ID : Associate VMs from the protected site and recovery sites based on NSX attachment ID. - MATCH_BIOS_UUID_NAME : Associate VMs from the protected site and recovery sites based on (VM BIOS UUID + VM Name).	string	Enum: MATCH_NSX_ATTACHMENT_ID, MATCH_BIOS_UUID_NAME Default: "MATCH_NSX_ATTACHMENT_ID"

Example Response: { "display_name": "VMTag replication policy 1", "description": "VMTag replication policy 1", "protected_site": "/global-infra/sites/pune", "recovery_sites": [ "/global-infra/sites/london" ], "vm_match_criteria": "MATCH_NSX_ATTACHMENT_ID", "groups": [ "/global-infra/domains/d1/groups/g1", "/global-infra/domains/d2/groups/g2" ], "id": "policy1", "path": "/global-infra/vm-tag-replication-policies/policy1", "_revision": 2 } Required Permissions: read Feature: site_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Monitoring

Monitoring: Compliance

Associated URIs:

GET /policy/api/v1/compliance/status

Returns the compliance status

Returns the compliance status and details of non compliant configuration Request:

Method:

GET

URI Path(s):

/policy/api/v1/compliance/status

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/compliance/status Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyComplianceStatus+

Example Response: { "last_updated_time" : 1535016210856, "non_compliant_configs": [ { "description": "TLS version 1.0 used for establishing secure socket connection. It is recommended to run TLSv 1.1 or higher and fully deactivate TLSv1.0 that have protocol weaknesses.", "reported_by": { "target_display_name": "test-profile", "is_valid": true, "target_type": "LB_CLIENT_SSL_PROFILE", "target_id": "/infra/lb-client-ssl-profiles/test-profile", "path": "/infra/lb-client-ssl-profiles/test-profile" }, "non_compliance_code": 72022 } ] } Required Permissions: read Feature: infra_admin Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Monitoring: Dashboard (Legacy Management Plane)

Associated URIs:

GET /api/v1/ui-views (Deprecated)
POST /api/v1/ui-views (Deprecated)
DELETE /api/v1/ui-views/{view-id} (Deprecated)
GET /api/v1/ui-views/{view-id} (Deprecated)
PUT /api/v1/ui-views/{view-id} (Deprecated)
GET /api/v1/ui-views/{view-id}/widgetconfigurations (Deprecated)
POST /api/v1/ui-views/{view-id}/widgetconfigurations (Deprecated)
DELETE /api/v1/ui-views/{view-id}/widgetconfigurations/{widgetconfiguration-id} (Deprecated)
GET /api/v1/ui-views/{view-id}/widgetconfigurations/{widgetconfiguration-id} (Deprecated)
PUT /api/v1/ui-views/{view-id}/widgetconfigurations/{widgetconfiguration-id} (Deprecated)

Returns the Views based on query criteria defined in ViewQueryParameters. (Deprecated)

If no query params are specified then all the views entitled for the user
are returned. The views to which a user is entitled to include the views
created by the user and the shared views.
Request:

Method:

GET

URI Path(s):

/api/v1/ui-views

Request Headers:

n/a

Query Parameters:

ViewQueryParameters+

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/ui-views Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ViewList+

Example Response: { "views" : [ { "display_name" : "System", "widgets" : [ { "widget_id" : "ContainerConfiguration_Clusters-Status", "weight" : 9000 }, { "widget_id" : "ContainerConfiguration_EPP-Deployment-Status", "weight" : 9100 }, { "widget_id" : "ContainerConfiguration_Fabric-Status", "weight" : 9010 }, { "widget_id" : "DonutConfiguration_All-Transport-Zones-Status", "weight" : 9542 }, { "widget_id" : "DonutConfiguration_Compute-Managers-Status", "weight" : 9543 }, { "widget_id" : "DonutConfiguration_EPP-Deployment-Status", "weight" : 9080 }, { "widget_id" : "DonutConfiguration_Edge-Transport-Nodes", "weight" : 9536 }, { "widget_id" : "DonutConfiguration_Host-Transport-Nodes", "weight" : 9535 }, { "widget_id" : "DonutConfiguration_Node-Cluster-Status", "weight" : 9562 }, { "widget_id" : "LabelValueConfiguration_Backups", "weight" : 9070 } ], "shared" : true, "weight" : 10, "resource_type" : "View", "id" : "dashboard_system", "description" : "Highlights the health of key entities in the NSX infrastructure and backup status of appliance.", "_create_time" : 1672635884575, "_create_user" : "system", "_last_modified_time" : 1672635885284, "_last_modified_user" : "system", "_system_owned" : true, "_protection" : "NOT_PROTECTED", "_revision" : 1 }, { "display_name" : "Networking & Security", "widgets" : [ { "widget_id" : "ContainerConfiguration_Networking-Status", "weight" : 2000 }, { "widget_id" : "ContainerConfiguration_POLICY_VPN-Status", "weight" : 3035 }, { "widget_id" : "ContainerConfiguration_Policy-Load-Balancers-Status", "weight" : 3000 }, { "widget_id" : "ContainerConfiguration_Security-Status", "weight" : 1000 }, { "widget_id" : "ContainerConfiguration_Segments-Status", "weight" : 2020 }, { "widget_id" : "DonutConfiguration_DFW_Sections-Status", "weight" : 2020 }, { "widget_id" : "DonutConfiguration_Groups-Status", "weight" : 1000 }, { "widget_id" : "DonutConfiguration_Load_Balancers-Status", "weight" : 3040 }, { "widget_id" : "DonutConfiguration_Networks-Status", "weight" : 3020 }, { "widget_id" : "DonutConfiguration_Providers-Status", "weight" : 3010 }, { "widget_id" : "DonutConfiguration_Segments-Status", "weight" : 3030 }, { "widget_id" : "SpacerWidgetConfiguration_L2_VPN-Status", "weight" : 4000 }, { "widget_id" : "SpacerWidgetConfiguration_L3_ROUTE_BASED_VPN-Status", "weight" : 4040 }, { "widget_id" : "StatsConfiguration_L2_VPN-Status", "weight" : 4010 }, { "widget_id" : "StatsConfiguration_L3_POLICY_BASED_VPN-Status", "weight" : 4020 }, { "widget_id" : "StatsConfiguration_L3_ROUTE_BASED_VPN-Status", "weight" : 4030 } ], "shared" : true, "weight" : 20, "resource_type" : "View", "id" : "dashboard_policy_networking_n_security", "description" : "Highlights the realization status of key Networking and Security Intent.", "_create_time" : 1672635885297, "_create_user" : "system", "_last_modified_time" : 1672635885733, "_last_modified_user" : "system", "_system_owned" : true, "_protection" : "NOT_PROTECTED", "_revision" : 1 }, { "display_name" : "Networking & Security", "widgets" : [ { "widget_id" : "ContainerConfiguration_Firewall", "weight" : 9040 }, { "widget_id" : "ContainerConfiguration_Load-Balancers-Status", "weight" : 9030 }, { "widget_id" : "ContainerConfiguration_Switching-Status", "weight" : 9060 }, { "widget_id" : "ContainerConfiguration_VPN-Status", "weight" : 9050 }, { "widget_id" : "LabelValueConfiguration_Firewall-Rules-Details", "weight" : 0 }, { "widget_id" : "LabelValueConfiguration_Firewall-Sections-Details", "weight" : 0 }, { "widget_id" : "MultiWidgetConfiguration_Switching-Container-Port-Status", "weight" : 9436 }, { "widget_id" : "MultiWidgetConfiguration_Switching-Logical-Switches-Status", "weight" : 9430 }, { "widget_id" : "MultiWidgetConfiguration_Switching-Switch-Port-Status", "weight" : 9432 }, { "widget_id" : "MultiWidgetConfiguration_Switching-VM-Port-Status", "weight" : 9434 }, { "widget_id" : "StatsConfiguration_Firewall-Members-Excluded", "weight" : 9310 }, { "widget_id" : "StatsConfiguration_Firewall-Rules", "weight" : 9305 }, { "widget_id" : "StatsConfiguration_Firewall-Sections", "weight" : 9300 }, { "widget_id" : "StatsConfiguration_L2VPN-Status", "weight" : 9671 }, { "widget_id" : "StatsConfiguration_L3VPN-Status", "weight" : 9670 }, { "widget_id" : "StatsConfiguration_Load-Balancers-Status", "weight" : 9255 }, { "widget_id" : "StatsConfiguration_Server-Pools-Status", "weight" : 9270 }, { "widget_id" : "StatsConfiguration_Switching-Container-Ports-Admin-Status", "weight" : 9657 }, { "widget_id" : "StatsConfiguration_Switching-Container-Ports-Operational-Status", "weight" : 9414 }, { "widget_id" : "StatsConfiguration_Switching-Logical-Switches-Admin-Status", "weight" : 9400 }, { "widget_id" : "StatsConfiguration_Switching-Logical-Switches-Config-Status", "weight" : 9402 }, { "widget_id" : "StatsConfiguration_Switching-Switch-Ports-Admin-Status", "weight" : 9404 }, { "widget_id" : "StatsConfiguration_Switching-Switch-Ports-Operational-Status", "weight" : 9406 }, { "widget_id" : "StatsConfiguration_Switching-VM-Ports-Admin-Status", "weight" : 9408 }, { "widget_id" : "StatsConfiguration_Switching-VM-Ports-Operational-Status", "weight" : 9410 }, { "widget_id" : "StatsConfiguration_Virtual-Servers-Status", "weight" : 9260 } ], "shared" : true, "weight" : 30, "resource_type" : "View", "id" : "dashboard_adv_networking_n_security", "description" : "Highlights the health of key realized entities for Networking and Security.", "_create_time" : 1672635885752, "_create_user" : "system", "_last_modified_time" : 1672635886232, "_last_modified_user" : "system", "_system_owned" : true, "_protection" : "NOT_PROTECTED", "_revision" : 1 }, { "display_name" : "Compliance Report", "widgets" : [ ], "shared" : true, "weight" : 50, "resource_type" : "View", "id" : "dashboard_compliance", "description" : "Highlights the compliance issues with entities in the deployment.", "_create_time" : 1672635885743, "_create_user" : "system", "_last_modified_time" : 1672635885743, "_last_modified_user" : "system", "_system_owned" : true, "_protection" : "NOT_PROTECTED", "_revision" : 0 }, { "display_name" : "Custom", "widgets" : [ { "label" : { "text" : "NETWORKING" }, "widget_id" : "LabelValueConfiguration_0d5c8a34-616b-44a1-8151-09362f4177e5", "weight" : 10005 } ], "shared" : true, "weight" : 1000, "resource_type" : "View", "id" : "dashboard_custom", "description" : "Custom Dashboard gives flexibility to user to add content on the dashboard, for entities of their choice. Please create views and add widgets using REST API to add content, useful to highlight status or summarize details.", "_create_time" : 1672635884565, "_create_user" : "system", "_last_modified_time" : 1672751592453, "_last_modified_user" : "system", "_system_owned" : true, "_protection" : "NOT_PROTECTED", "_revision" : 1 } ] } Required Permissions: read Feature: nsx_dashboard Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Creates a new View. (Deprecated)

Request:

Method:

POST

URI Path(s):

/api/v1/ui-views

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

View+

View (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget.	string	Required Maximum length: 255
exclude_roles	Roles to which the shared view is not visible Comma separated list of roles to which the shared view is not visible. Allows user to prevent the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. If include_roles is specified then exclude_roles cannot be specified.	string	Maximum length: 1024
id	Unique identifier of this resource	string	Sortable
include_roles	Roles to which the shared view is visible Comma separated list of roles to which the shared view is visible. Allows user to specify the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles.	string	Maximum length: 1024
resource_type	Must be set to the value View	string
shared	Share the view with other users Defaults to false. Set to true to publish the view to other users. The widgets of a shared view are visible to other users.	boolean	Default: "False"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
weight	Weightage or placement of the view Determines placement of view relative to other views. The lower the weight, the higher it is in the placement order.	int	Default: "10000"
widgets	Widgets Array of widgets that are part of the view.	array of WidgetItem	Required Minimum items: 0

Example Request: POST https://<nsx-mgr>/api/v1/ui-views { "resource_type": "View", "display_name": "My View 1", "shared": true, "weight": 19020, "widgets": [{ "widget_id": "DonutConfiguration_Host-Nodes-Deployment", "label": { "text": "Deployment" }, "weight": 9531 },{ "widget_id": "DonutConfiguration_Host-Nodes-Connectivity", "label": { "text": "Connectivity" }, "weight": 9535 }] } Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

View+

View (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget.	string	Required Maximum length: 255
exclude_roles	Roles to which the shared view is not visible Comma separated list of roles to which the shared view is not visible. Allows user to prevent the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. If include_roles is specified then exclude_roles cannot be specified.	string	Maximum length: 1024
id	Unique identifier of this resource	string	Sortable
include_roles	Roles to which the shared view is visible Comma separated list of roles to which the shared view is visible. Allows user to specify the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles.	string	Maximum length: 1024
resource_type	Must be set to the value View	string
shared	Share the view with other users Defaults to false. Set to true to publish the view to other users. The widgets of a shared view are visible to other users.	boolean	Default: "False"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
weight	Weightage or placement of the view Determines placement of view relative to other views. The lower the weight, the higher it is in the placement order.	int	Default: "10000"
widgets	Widgets Array of widgets that are part of the view.	array of WidgetItem	Required Minimum items: 0

Example Response: { "id": "View_0de8406c", "resource_type": "View", "display_name": "My View 1", "shared": true, "weight": 19020, "widgets": [{ "widget_id": "DonutConfiguration_Host-Nodes-Deployment", "label": { "text": "Deployment" }, "weight": 9531 },{ "widget_id": "DonutConfiguration_Host-Nodes-Connectivity", "label": { "text": "Connectivity" }, "weight": 9535 }], "_create_user": "admin", "_create_time": 1496911709362, "_last_modified_user": "admin", "_last_modified_time": 1496911709362, "_system_owned": false, "_revision": 0 } Required Permissions: crud Feature: nsx_dashboard Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Returns View Information (Deprecated)

Returns Information about a specific View.
Request:

Method:

GET

URI Path(s):

/api/v1/ui-views/{view-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/ui-views/View_abe34406a Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

View+

View (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget.	string	Required Maximum length: 255
exclude_roles	Roles to which the shared view is not visible Comma separated list of roles to which the shared view is not visible. Allows user to prevent the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. If include_roles is specified then exclude_roles cannot be specified.	string	Maximum length: 1024
id	Unique identifier of this resource	string	Sortable
include_roles	Roles to which the shared view is visible Comma separated list of roles to which the shared view is visible. Allows user to specify the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles.	string	Maximum length: 1024
resource_type	Must be set to the value View	string
shared	Share the view with other users Defaults to false. Set to true to publish the view to other users. The widgets of a shared view are visible to other users.	boolean	Default: "False"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
weight	Weightage or placement of the view Determines placement of view relative to other views. The lower the weight, the higher it is in the placement order.	int	Default: "10000"
widgets	Widgets Array of widgets that are part of the view.	array of WidgetItem	Required Minimum items: 0

Example Response: { "id": "View_abe34406a", "resource_type": "View", "display_name": "My View 2", "shared": true, "weight": 19021, "widgets": [{ "widget_id": "DonutConfiguration_Edge-Nodes-Deployment", "label": { "text": "Deployment" }, "weight": 9532 },{ "widget_id": "DonutConfiguration_Edge-Nodes-Connectivity", "label": { "text": "Connectivity" }, "weight": 9536 }], "_create_user": "admin", "_create_time": 1496911709362, "_last_modified_user": "admin", "_last_modified_time": 1496911709362, "_system_owned": false, "_revision": 0 } Required Permissions: read Feature: nsx_dashboard Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Update View (Deprecated)

Request:

Method:

PUT

URI Path(s):

/api/v1/ui-views/{view-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

View+

View (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget.	string	Required Maximum length: 255
exclude_roles	Roles to which the shared view is not visible Comma separated list of roles to which the shared view is not visible. Allows user to prevent the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. If include_roles is specified then exclude_roles cannot be specified.	string	Maximum length: 1024
id	Unique identifier of this resource	string	Sortable
include_roles	Roles to which the shared view is visible Comma separated list of roles to which the shared view is visible. Allows user to specify the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles.	string	Maximum length: 1024
resource_type	Must be set to the value View	string
shared	Share the view with other users Defaults to false. Set to true to publish the view to other users. The widgets of a shared view are visible to other users.	boolean	Default: "False"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
weight	Weightage or placement of the view Determines placement of view relative to other views. The lower the weight, the higher it is in the placement order.	int	Default: "10000"
widgets	Widgets Array of widgets that are part of the view.	array of WidgetItem	Required Minimum items: 0

Example Request: PUT https://<nsx-mgr>/api/v1/ui-views/View_0de8406c { "resource_type": "View", "display_name": "My View 1 Updated", "shared": true, "weight": 19020, "widgets": [{ "widget_id": "DonutConfiguration_Host-Nodes-Deployment", "label": { "text": "Deployment" }, "weight": 9531 },{ "widget_id": "DonutConfiguration_Host-Nodes-Connectivity", "label": { "text": "Connectivity" }, "weight": 9535 }], "_revision": 0 } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

View+

View (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget.	string	Required Maximum length: 255
exclude_roles	Roles to which the shared view is not visible Comma separated list of roles to which the shared view is not visible. Allows user to prevent the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. If include_roles is specified then exclude_roles cannot be specified.	string	Maximum length: 1024
id	Unique identifier of this resource	string	Sortable
include_roles	Roles to which the shared view is visible Comma separated list of roles to which the shared view is visible. Allows user to specify the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles.	string	Maximum length: 1024
resource_type	Must be set to the value View	string
shared	Share the view with other users Defaults to false. Set to true to publish the view to other users. The widgets of a shared view are visible to other users.	boolean	Default: "False"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
weight	Weightage or placement of the view Determines placement of view relative to other views. The lower the weight, the higher it is in the placement order.	int	Default: "10000"
widgets	Widgets Array of widgets that are part of the view.	array of WidgetItem	Required Minimum items: 0

Example Response: { "id": "View_0de8406c", "resource_type": "View", "display_name": "My View 1 Updated", "shared": true, "weight": 19020, "widgets": [{ "widget_id": "DonutConfiguration_Host-Nodes-Deployment", "label": { "text": "Deployment" }, "weight": 9531 },{ "widget_id": "DonutConfiguration_Host-Nodes-Connectivity", "label": { "text": "Connectivity" }, "weight": 9535 }], "_create_user": "admin", "_create_time": 1496911709362, "_last_modified_user": "admin", "_last_modified_time": 1496911902685, "_system_owned": false, "_revision": 1 } Required Permissions: crud Feature: nsx_dashboard Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete View (Deprecated)

Request:

Method:

DELETE

URI Path(s):

/api/v1/ui-views/{view-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<nsx-mgr>/api/v1/ui-views/View_0de8406c Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: nsx_dashboard Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Returns the Widget Configurations based on query criteria defined in WidgetQueryParameters. (Deprecated)

If no query params are specified then all the Widget Configurations of
the specified view are returned.
Request:

Method:

GET

URI Path(s):

/api/v1/ui-views/{view-id}/widgetconfigurations

Request Headers:

n/a

Query Parameters:

WidgetQueryParameters+

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/ui-views/dashboard/widgetconfigurations Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

WidgetConfigurationList+

Example Response: { "widgetconfigurations": [ { "id": "LabelValueConfiguration_0de8406c-ab4a-4973-83ef-a1c7a6655c13", "resource_type": "LabelValueConfiguration", "display_name": "Backups", "datasources": [{ "urls": [{ "alias": "config", "url": "api/v1/cluster/backups/config" },{ "alias": "status", "url": "api/v1/cluster/backups/history" }], "display_name": "default" }], "feature_set": { "feature_list": ["utilities_backup"], "require_all_permissions": false }, "navigation": "nsxapi/index.html#view=systemAdmin/utilities/backup", "footer": { "actions": [{ "dock_to_container_footer": true, "label": { "text": "Configure Backups" }, "url": "nsxapi/index.html#view=systemAdmin/utilities/backup" }] }, "properties": [{ "condition": "#{default.config.backup_enabled} == true", "field": "\"Automatic Backups Enabled\"", "heading": true, "render_configuration": [{ "icons": [{ "type": "SUCCESS" }] }], "type": "String" },{ "condition": "#{default.config.backup_enabled} == false", "field": "\"Automatic Backups Disabled\"", "heading": true, "render_configuration": [{ "icons": [{ "type": "NOT_AVAILABLE" },{ "type": "DETAIL", "placement": "POST", "tooltip": [{ "text": "\"Please enable automatic backups\"" }] }] }], "type": "String" },{ "condition": "#{default.status.node_backup_statuses}.size() == 0", "field": "\"Not Configured\"", "heading": false, "render_configuration": [{ "icons": [{ "type": "WARNING" }] }], "label": { "text": "Node" }, "type": "String" },{ "condition": "#{default.status.node_backup_statuses}.size() != 0", "field": "#{default.status.node_backup_statuses[0].end_time}", "heading": false, "render_configuration": [{ "condition": "#{default.status.node_backup_statuses[0].success}", "icons": [{ "type": "SUCCESS" }] },{ "condition": "#{default.status.node_backup_statuses[0].success} == false", "icons": [{ "type": "ERROR" }] }], "label": { "text": "Node" }, "type": "Date" }], "_create_user": "admin", "_create_time": 1496911709362, "_last_modified_user": "admin", "_last_modified_time": 1496911709362, "_system_owned": false, "_revision": 0 },{ "resource_type": "DonutConfiguration", "id": "DonutConfiguration_1bc7406c-ab4a-4973-aed5-a1c7a6659a87", "display_name": "Transport Nodes", "datasources": [{ "urls": [{ "alias": "status", "url": "api/v1/transport-nodes/status" }], "display_name": "default" }], "navigation": "nsxapi/index.html#view=fabric/nodes/transportnodes&id=", "label": { "text": "Nodes" }, "sections": [{ "template": false, "parts": [{ "field": "#{default.status.degraded_count}", "tooltip": [{ "text": "\"Degraded\"" },{ "text": "#{default.status.degraded_count} + \" Nodes \"" }], "render_configuration": [{ "color": "YELLOW" }], "label": { "text": "Degraded" } },{ "field": "#{default.status.down_count}", "tooltip": [{ "text": "\"Down\"" },{ "text": "#{default.status.down_count} + \" Nodes \"" }], "render_configuration": [{ "color": "RED" }], "label": { "text": "Down" } },{ "field": "#{default.status.up_count}", "tooltip": [{ "text": "\"Up\"" },{ "text": "#{default.status.up_count} + \" Nodes \"" }], "render_configuration": [{ "color": "GREEN" }], "label": { "text": "Up" } },{ "field": "#{default.status.unknown_count}", "tooltip": [{ "text": "\"Unknown\"" },{ "text": "#{default.status.unknown_count} + \" Nodes \"" }], "render_configuration": [{ "color": "GREY" }], "label": { "text": "Unknown" } }] }], "_create_time": 1490707552434, "_create_user": "admin", "_last_modified_time": 1490707552434, "_last_modified_user": "admin", "_system_owned": true, "_revision": 3 }] } Required Permissions: read Feature: nsx_dashboard Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Creates a new Widget Configuration. (Deprecated)

Creates a new Widget Configuration and adds it to the specified view.
Supported resource_types are LabelValueConfiguration, DonutConfiguration,
GridConfiguration, StatsConfiguration, MultiWidgetConfiguration,
GraphConfiguration and ContainerConfiguration.

Note: Expressions should be given in a single line. If an expression spans
multiple lines, then form the expression in a single line.
For label-value pairs, expressions are evaluated as follows:
a. First, render configurations are evaluated in their order of
appearance in the widget config. The 'field' is evaluated at the end.
b. Second, when render configuration is provided then the order of
evaluation is
1. If expressions provided in 'condition' and 'display value' are
well-formed and free of runtime-errors such as 'null pointers' and
evaluates to 'true'; Then remaining render configurations are not
evaluated, and the current render configuration's 'display value'
is taken as the final value.
2. If expression provided in 'condition' of render configuration is
false, then next render configuration is evaluated.
3. Finally, 'field' is evaluated only when every render configuration
evaluates to false and no error occurs during steps 1 and 2 above.

If an error occurs during evaluation of render configuration, then an
error message is shown. The display value corresponding to that label is
not shown and evaluation of the remaining render configurations continues
to collect and show all the error messages (marked with the 'Label' for
identification) as 'Error_Messages: {}'.

If during evaluation of expressions for any label-value pair an error
occurs, then it is marked with error. The errors are shown in the report,
along with the label value pairs that are error-free.

Important: For elements that take expressions, strings should be provided
by escaping them with a back-slash. These elements are - condition, field,
tooltip text and render_configuration's display_value.
Request:

Method:

POST

URI Path(s):

/api/v1/ui-views/{view-id}/widgetconfigurations

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

ContainerConfiguration+

CustomFilterWidgetConfiguration+

CustomWidgetConfiguration+

DonutConfiguration+

DropdownFilterWidgetConfiguration+

FilterWidgetConfiguration+

GraphConfiguration+

GridConfiguration+

LabelValueConfiguration+

LegendWidgetConfiguration+

MultiWidgetConfiguration+

SpacerWidgetConfiguration+

StatsConfiguration+

TimeRangeDropdownFilterWidgetConfiguration+

WidgetConfiguration+

Example Request: POST https://<nsx-mgr>/api/v1/ui-views/dashboard_custom/widgetconfigurations { "resource_type": "LabelValueConfiguration", "display_name": "NETWORKING", "datasources": [ { "urls": [ { "alias": "overview", "url": "#urlPrefix/ui-controller/networking-overview?filter=overview&context=projects:#tenantContext" } ], "display_name": "default" } ], "is_drilldown": false, "sub_type": "VERTICALLY_ALIGNED", "properties": [ { "condition": "#isCustomProject == \"false\" && #{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_TIER0\")]}.size() > 0", "label": { "text": "Tier-0 Gateways", "navigation":"/app/networks/providers/home/providers" }, "field": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_TIER0\")].count}.sum()", "heading": true, "render_configuration": [], "type": "Number", "separator": false }, { "condition": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_TIER1\")]}.size() > 0", "label": { "text": "Tier-1 Gateways", "navigation":"/app/networks/networks/home/networks" }, "field": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_TIER1\")].count}.sum()", "heading": true, "render_configuration": [], "type": "Number", "separator": false }, { "condition": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_SEGMENTS\")]}.size() > 0", "label": { "text": "Segments", "navigation":"/app/networks/segments/module/home" }, "field": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_SEGMENTS\")].count}.sum()", "heading": true, "render_configuration": [], "type": "Number", "separator": false }, { "condition": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_DVPG_SEGMENTS\")]}.size() > 0", "label": { "text": "Distributed Port Groups", "navigation":"app/networks/segments/module/distributed-port-groups/home" }, "field": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_DVPG_SEGMENTS\")].count}.sum()", "heading": true, "render_configuration": [], "type": "Number", "separator": false } ], "weight": 10005 } Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

ContainerConfiguration+

CustomFilterWidgetConfiguration+

CustomWidgetConfiguration+

DonutConfiguration+

DropdownFilterWidgetConfiguration+

FilterWidgetConfiguration+

GraphConfiguration+

GridConfiguration+

LabelValueConfiguration+

LegendWidgetConfiguration+

MultiWidgetConfiguration+

SpacerWidgetConfiguration+

StatsConfiguration+

TimeRangeDropdownFilterWidgetConfiguration+

WidgetConfiguration+

Example Response: { "sub_type": "VERTICALLY_ALIGNED", "properties": [ { "label": { "text": "Tier-0 Gateways", "hover": false, "navigation": "/app/networks/providers/home/providers" }, "field": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_TIER0\")].count}.sum()", "heading": true, "type": "Number", "condition": "#isCustomProject == \"false\" && #{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_TIER0\")]}.size() > 0", "separator": false, "rowspan": 12 }, { "label": { "text": "Tier-1 Gateways", "hover": false, "navigation": "/app/networks/networks/home/networks" }, "field": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_TIER1\")].count}.sum()", "heading": true, "type": "Number", "condition": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_TIER1\")]}.size() > 0", "separator": false, "rowspan": 12 }, { "label": { "text": "Segments", "hover": false, "navigation": "/app/networks/segments/module/home" }, "field": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_SEGMENTS\")].count}.sum()", "heading": true, "type": "Number", "condition": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_SEGMENTS\")]}.size() > 0", "separator": false, "rowspan": 12 }, { "label": { "text": "Distributed Port Groups", "hover": false, "navigation": "app/networks/segments/module/distributed-port-groups/home" }, "field": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_DVPG_SEGMENTS\")].count}.sum()", "heading": true, "type": "Number", "condition": "#{default.overview.entities[?(@.key == \"POLICY_HOME_LABEL_DVPG_SEGMENTS\")]}.size() > 0", "separator": false, "rowspan": 12 } ], "resource_type": "LabelValueConfiguration", "id": "LabelValueConfiguration_48e1015a-8e9a-4d69-9af1-38149e71166d", "display_name": "NETWORKING", "show_header": false, "datasources": [ { "display_name": "default", "urls": [ { "alias": "overview", "url": "#urlPrefix/ui-controller/networking-overview?filter=overview&context=projects:#tenantContext", "request_method": "Get" } ] } ], "weight": 10005, "is_drilldown": false, "filter_value_required": true, "filters": [], "rowspan": 12, "_create_time": 1672752309346, "_create_user": "admin", "_last_modified_time": 1672752309346, "_last_modified_user": "admin", "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: nsx_dashboard Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Returns Widget Configuration Information (Deprecated)

Returns Information about a specific Widget Configuration.
Request:

Method:

GET

URI Path(s):

/api/v1/ui-views/{view-id}/widgetconfigurations/{widgetconfiguration-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/ui-views/dashboard/widgetconfigurations/ LabelValueConfiguration_BackupStatus Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ContainerConfiguration+

CustomFilterWidgetConfiguration+

CustomWidgetConfiguration+

DonutConfiguration+

DropdownFilterWidgetConfiguration+

FilterWidgetConfiguration+

GraphConfiguration+

GridConfiguration+

LabelValueConfiguration+

LegendWidgetConfiguration+

MultiWidgetConfiguration+

SpacerWidgetConfiguration+

StatsConfiguration+

TimeRangeDropdownFilterWidgetConfiguration+

WidgetConfiguration+

Example Response: { "id": "LabelValueConfiguration_0de8406c-ab4a-4973-83ef-a1c7a6655c13", "resource_type": "LabelValueConfiguration", "display_name": "Backups", "datasources": [{ "urls": [{ "alias": "config", "url": "api/v1/cluster/backups/config" },{ "alias": "status", "url": "api/v1/cluster/backups/history" }], "display_name": "default" }], "navigation": "nsxapi/index.html#view=systemAdmin/utilities/backup", "feature_set": { "feature_list": ["utilities_backup"], "require_all_permissions": false }, "footer": { "actions": [{ "dock_to_container_footer": true, "label": { "text": "Configure Backups" }, "url": "nsxapi/index.html#view=systemAdmin/utilities/backup" }] }, "properties": [{ "condition": "#{default.config.backup_enabled} == true", "field": "\"Automatic Backups Enabled\"", "heading": true, "render_configuration": [{ "icons": [{ "type": "SUCCESS" }] }], "type": "String" },{ "condition": "#{default.config.backup_enabled} == false", "field": "\"Automatic Backups Disabled\"", "heading": true, "render_configuration": [{ "icons": [{ "type": "NOT_AVAILABLE" },{ "type": "DETAIL", "placement": "POST", "tooltip": [{ "text": "\"Please enable automatic backups\"" }] }] }], "type": "String" },{ "condition": "#{default.status.node_backup_statuses}.size() == 0", "field": "\"Not Configured\"", "heading": false, "render_configuration": [{ "icons": [{ "type": "WARNING" }] }], "label": { "text": "Node" }, "type": "String" },{ "condition": "#{default.status.node_backup_statuses}.size() != 0", "field": "#{default.status.node_backup_statuses[0].end_time}", "heading": false, "render_configuration": [{ "condition": "#{default.status.node_backup_statuses[0].success}", "icons": [{ "type": "SUCCESS" }] },{ "condition": "#{default.status.node_backup_statuses[0].success} == false", "icons": [{ "type": "ERROR" }] }], "label": { "text": "Node" }, "type": "Date" }], "_create_user": "admin", "_create_time": 1496911709362, "_last_modified_user": "admin", "_last_modified_time": 1496911709362, "_system_owned": false, "_revision": 0 } Required Permissions: read Feature: nsx_dashboard Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Update Widget Configuration (Deprecated)

Updates the widget at the given view. If the widget is referenced by other
views, then the widget will be updated in all the views that it is part of.
Request:

Method:

PUT

URI Path(s):

/api/v1/ui-views/{view-id}/widgetconfigurations/{widgetconfiguration-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

ContainerConfiguration+

CustomFilterWidgetConfiguration+

CustomWidgetConfiguration+

DonutConfiguration+

DropdownFilterWidgetConfiguration+

FilterWidgetConfiguration+

GraphConfiguration+

GridConfiguration+

LabelValueConfiguration+

LegendWidgetConfiguration+

MultiWidgetConfiguration+

SpacerWidgetConfiguration+

StatsConfiguration+

TimeRangeDropdownFilterWidgetConfiguration+

WidgetConfiguration+

Example Request: PUT https://<nsx-mgr>/api/v1/ui-views/dashboard_custom/widgetconfigurations/ LabelValueConfiguration_0de8406c-ab4a-4973-83ef-a1c7a6655c13 { "id": "LabelValueConfiguration_0de8406c-ab4a-4973-83ef-a1c7a6655c13", "resource_type": "LabelValueConfiguration", "display_name": "Backups Updated", "datasources": [{ "urls": [{ "alias": "config", "url": "api/v1/cluster/backups/config" },{ "alias": "status", "url": "api/v1/cluster/backups/history" }], "display_name": "default" }], "navigation": "nsxapi/index.html#view=systemAdmin/utilities/backup", "feature_set": { "feature_list": ["utilities_backup"], "require_all_permissions": false }, "footer": { "actions": [{ "dock_to_container_footer": true, "label": { "text": "Configure Backups" }, "url": "nsxapi/index.html#view=systemAdmin/utilities/backup" }] }, "properties": [{ "condition": "#{default.config.backup_enabled} == true", "field": "\"Automatic Backups Enabled\"", "heading": true, "render_configuration": [{ "icons": [{ "type": "SUCCESS" }] }], "type": "String" },{ "condition": "#{default.config.backup_enabled} == false", "field": "\"Automatic Backups Disabled\"", "heading": true, "render_configuration": [{ "icons": [{ "type": "NOT_AVAILABLE" },{ "type": "DETAIL", "placement": "POST", "tooltip": [{ "text": "\"Please enable automatic backups\"" }] }] }], "type": "String" },{ "condition": "#{default.status.node_backup_statuses}.size() == 0", "field": "\"Not Configured\"", "heading": false, "render_configuration": [{ "icons": [{ "type": "WARNING" }] }], "label": { "text": "Node" }, "type": "String" },{ "condition": "#{default.status.node_backup_statuses}.size() != 0", "field": "#{default.status.node_backup_statuses[0].end_time}", "heading": false, "render_configuration": [{ "condition": "#{default.status.node_backup_statuses[0].success}", "icons": [{ "type": "SUCCESS" }] },{ "condition": "#{default.status.node_backup_statuses[0].success} == false", "icons": [{ "type": "ERROR" }] }], "label": { "text": "Node" }, "type": "Date" }], "_create_user": "admin", "_create_time": 1496911709362, "_last_modified_user": "admin", "_last_modified_time": 1496911709362, "_system_owned": false, "_revision": 0 } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ContainerConfiguration+

CustomFilterWidgetConfiguration+

CustomWidgetConfiguration+

DonutConfiguration+

DropdownFilterWidgetConfiguration+

FilterWidgetConfiguration+

GraphConfiguration+

GridConfiguration+

LabelValueConfiguration+

LegendWidgetConfiguration+

MultiWidgetConfiguration+

SpacerWidgetConfiguration+

StatsConfiguration+

TimeRangeDropdownFilterWidgetConfiguration+

WidgetConfiguration+

Example Response: { "id": "LabelValueConfiguration_0de8406c-ab4a-4973-83ef-a1c7a6655c13", "resource_type": "LabelValueConfiguration", "display_name": "Backups Updated", "datasources": [{ "urls": [{ "alias": "config", "url": "api/v1/cluster/backups/config" },{ "alias": "status", "url": "api/v1/cluster/backups/history" }], "display_name": "default" }], "navigation": "nsxapi/index.html#view=systemAdmin/utilities/backup", "feature_set": { "feature_list": ["utilities_backup"], "require_all_permissions": false }, "footer": { "actions": [{ "dock_to_container_footer": true, "label": { "text": "Configure Backups" }, "url": "nsxapi/index.html#view=systemAdmin/utilities/backup" }] }, "properties": [{ "condition": "#{default.config.backup_enabled} == true", "field": "\"Automatic Backups Enabled\"", "heading": true, "render_configuration": [{ "icons": [{ "type": "SUCCESS" }] }], "type": "String" },{ "condition": "#{default.config.backup_enabled} == false", "field": "\"Automatic Backups Disabled\"", "heading": true, "render_configuration": [{ "icons": [{ "type": "NOT_AVAILABLE" },{ "type": "DETAIL", "placement": "POST", "tooltip": [{ "text": "\"Please enable automatic backups\"" }] }] }], "type": "String" },{ "condition": "#{default.status.node_backup_statuses}.size() == 0", "field": "\"Not Configured\"", "heading": false, "render_configuration": [{ "icons": [{ "type": "WARNING" }] }], "label": { "text": "Node" }, "type": "String" },{ "condition": "#{default.status.node_backup_statuses}.size() != 0", "field": "#{default.status.node_backup_statuses[0].end_time}", "heading": false, "render_configuration": [{ "condition": "#{default.status.node_backup_statuses[0].success}", "icons": [{ "type": "SUCCESS" }] },{ "condition": "#{default.status.node_backup_statuses[0].success} == false", "icons": [{ "type": "ERROR" }] }], "label": { "text": "Node" }, "type": "Date" }], "_create_user": "admin", "_create_time": 1496911718391, "_last_modified_user": "admin", "_last_modified_time": 1496911718391, "_system_owned": false, "_revision": 1 } Required Permissions: crud Feature: nsx_dashboard Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete Widget Configuration (Deprecated)

Detaches widget from a given view. If the widget is no longer part of any
view, then it will be purged.
Request:

Method:

DELETE

URI Path(s):

/api/v1/ui-views/{view-id}/widgetconfigurations/{widgetconfiguration-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<nsx-mgr>/api/v1/ui-views/dashboard_custom/ widgetconfigurations/LabelValueConfiguration_BackupStatus Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: nsx_dashboard Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Monitoring: Finetuning

Associated URIs:

GET /policy/api/v1/fine-tuning/resources

For each type of entity what are the attributes owned by policy.

This API provides field names of attributes in NSX types that are owned by
Policy, as opposed to those owned by the enforcement point. For any type on NSX,
some of the attributes of that type may be owned and set by Policy when realizing
the intent, while some others may be owned and set by the enforcement point itself.
This information can be used to deactivate updates to Policy owned attributes by the
advanced networking UI, while allowing tweaking to the attributes owned by the
management plane.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/fine-tuning/resources

Request Headers:

n/a

Query Parameters:

ResourceInfoSearchParameters+

Request Body:

n/a

Example Request: https://<policy-mgr>/policy/api/v1/fine-tuning/resources?type=InstanceDeploymentConfigDto Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ResourceInfoListResult+

Example Response: { "result_count": 1, "results": [{ "resource_name": "InstanceDeploymentConfigDto", "fields": [{ "sub_type": { "resource_name": "VmNicInfoDto", "fields": [{ "sub_type": { "resource_name": "NicInfoDto", "fields": [{ "field_name": "gateway_address" }, { "field_name": "network_id" }, { "field_name": "subnet_mask" }, { "field_name": "ip_address" }] }, "field_name": "nic_infos" }] }, "field_name": "vm_nic_infos" }, { "field_name": "compute_id" }, { "field_name": "storage_id" }, { "field_name": "context_id" }] }] } Required Permissions: read Feature: policy_fine_tuning Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Monitoring: Health Check

Associated URIs:

GET /policy/api/v1/infra/auto-health-check-toggle
PUT /policy/api/v1/infra/auto-health-check-toggle
GET /policy/api/v1/infra/auto-health-checks
GET /policy/api/v1/infra/manual-health-checks
DELETE /policy/api/v1/infra/manual-health-checks/{manual-health-check-id}
GET /policy/api/v1/infra/manual-health-checks/{manual-health-check-id}
POST /policy/api/v1/infra/manual-health-checks/{manual-health-check-id}
GET /policy/api/v1/infra/manual-health-checks/{manual-health-check-id}/result

Update automatic health check toggle

Change status of automatic health check toggle to enabled/disabled. Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/auto-health-check-toggle

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

AutomaticHealthCheckToggle+

AutomaticHealthCheckToggle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Status of automatic health check	boolean	Required Default: "False"
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value AutomaticHealthCheckToggle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

Example Request: PUT https://<nsx-mgr>/policy/api/v1/infra/auto-health-check-toggle { "enabled": true } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

AutomaticHealthCheckToggle+

AutomaticHealthCheckToggle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Status of automatic health check	boolean	Required Default: "False"
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value AutomaticHealthCheckToggle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

Example Response: { "enabled": true } Required Permissions: crud Feature: policy_ops Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get automatic health check toggle

Get detailed info for automatic health check toggle. Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/auto-health-check-toggle

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/policy/api/v1/infra/auto-health-check-toggle Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

AutomaticHealthCheckToggle+

AutomaticHealthCheckToggle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Status of automatic health check	boolean	Required Default: "False"
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value AutomaticHealthCheckToggle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

Example Response: { "enabled": true } Required Permissions: read Feature: policy_ops Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get automatic health checks

Get health check performed by system automatically for all transport zones or
a specific transport zone.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/auto-health-checks

Request Headers:

n/a

Query Parameters:

HealthCheckTransportZoneRequest+

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/policy/api/v1/infra/auto-health-checks?transport_zone_path=/infra/sites/default/enforcement-points/default/transport-zones/overlay-tz Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyAutomaticHealthCheckListResult+

Example Response: { "results": [ { "transport_zone_path": "/infra/sites/default/enforcement-points/default/transport-zones/overlay-tz", "result": { "vlan_mtu_status": "TRUNKED", "transport_node_results": [ { "transport_node_path": "/infra/sites/default/enforcement-points/default/host-transport-nodes/192-164-128-2-4266fc86-26e7-434c-986c-5c35b5bcbe35host-26", "transport_node_name": "192.164.128.2", "result_status": "FINISHED", "result_on_host_switch": { "host_switch_name": "vds_1", "results_per_uplink": [ { "uplink_name": "uplink1", "vlan_and_mtu_allowed": [ { "start": 0, "end": 0 } ], "mtu_disallowed": [], "vlan_disallowed": [], "vlan_allowed": [ { "start": 0, "end": 0 } ] }, { "uplink_name": "uplink2", "vlan_and_mtu_allowed": [ { "start": 0, "end": 0 } ], "mtu_disallowed": [], "vlan_disallowed": [], "vlan_allowed": [ { "start": 0, "end": 0 } ] } ], "vlan_mtu_status": "TRUNKED", "updated_time": 1764137678223 } }, { "transport_node_path": "/infra/sites/default/enforcement-points/default/host-transport-nodes/192-164-128-64-4266fc86-26e7-434c-986c-5c35b5bcbe35host-14", "transport_node_name": "192.164.128.64", "result_status": "FINISHED", "result_on_host_switch": { "host_switch_name": "vds_1", "results_per_uplink": [ { "uplink_name": "uplink1", "vlan_and_mtu_allowed": [ { "start": 0, "end": 0 } ], "mtu_disallowed": [], "vlan_disallowed": [], "vlan_allowed": [ { "start": 0, "end": 0 } ] }, { "uplink_name": "uplink2", "vlan_and_mtu_allowed": [ { "start": 0, "end": 0 } ], "mtu_disallowed": [], "vlan_disallowed": [], "vlan_allowed": [ { "start": 0, "end": 0 } ] } ], "vlan_mtu_status": "TRUNKED", "updated_time": 1764137678275 } } ], "updated_time": 1764137678351 } } ] } Required Permissions: read Feature: policy_ops Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List all the manual health check config entities

Get a list of all the manual health check entities.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/manual-health-checks

Request Headers:

n/a

Query Parameters:

PolicyListRequestParameters+

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/policy/api/v1/infra/manual-health-checks Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyManualHealthCheckList+

Example Response: { "results": [ { "transport_zone_path": "/infra/sites/default/enforcement-points/default/transport-zones/1b3a2f36-bfd1-443e-a0f6-4de01abc963e", "vlans": { "vlan_ranges": [ { "start": 0, "end": 4094 } ] }, "is_transient": true, "resource_type": "PolicyManualHealthCheck", "id": "mhctest", "display_name": "mhctest", "path": "infra/manual-health-checks/mhctest", "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_time": 1726113220863, "_create_user": "admin", "_last_modified_time": 1726113381354, "_last_modified_user": "system", "_revision": 2 } ], "result_count": 1, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_ops Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create a new manual health check config

Create a new manual health check config with essential properties. It's
disallowed to create new one until the count of in-progress manual health
check is less than 50. A manual health check will be deleted automatically
after finished for 24 hours.
Request:

Method:

POST

URI Path(s):

/policy/api/v1/infra/manual-health-checks/{manual-health-check-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

PolicyManualHealthCheck+

PolicyManualHealthCheck (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPolicyManualHealthCheckResult
cluster_scope_filter	vCenter cluster scope filter The transport node scope is determined by the combination of specified vCenter cluster and specified host group (optional). The host switch scope is determined by the specified host switch. This property cannot be set together with the transport_zone_path property	HealthCheckClusterScopeFilter
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_transient	Marker to indicate if the intent is transient This field indicates whether the intent is transient. If it is set to true, intent will be cleaned up after 24 hours of inactivity.	boolean	Default: "True"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyManualHealthCheck	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_zone_path	Policy path of transport zone Policy path of transport Zone. The transport node scope is the host transport node under this specified transport zone. The host switch scope depends on which host switch applies to this transport zone. For now, a transport zone can only apply to one host switch for a certain node. In combination with the host transport node and transport zone, a unique host switch can be determined. This property cannot be set together with the cluster_scope_filter property.	string
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vlans	Specified VLANs VLANs specified for manual health check.	HealthCheckSpecVlans	Required

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/manual-health-checks/mhctest { "transport_zone_path": "/infra/sites/default/enforcement-points/default/transport-zones/1b3a2f36-bfd1-443e-a0f6-4de01abc963e", "vlans":{ "vlan_ranges":[{ "start": 0, "end": 4094 }] } } Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

PolicyManualHealthCheck+

PolicyManualHealthCheck (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPolicyManualHealthCheckResult
cluster_scope_filter	vCenter cluster scope filter The transport node scope is determined by the combination of specified vCenter cluster and specified host group (optional). The host switch scope is determined by the specified host switch. This property cannot be set together with the transport_zone_path property	HealthCheckClusterScopeFilter
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_transient	Marker to indicate if the intent is transient This field indicates whether the intent is transient. If it is set to true, intent will be cleaned up after 24 hours of inactivity.	boolean	Default: "True"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyManualHealthCheck	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_zone_path	Policy path of transport zone Policy path of transport Zone. The transport node scope is the host transport node under this specified transport zone. The host switch scope depends on which host switch applies to this transport zone. For now, a transport zone can only apply to one host switch for a certain node. In combination with the host transport node and transport zone, a unique host switch can be determined. This property cannot be set together with the cluster_scope_filter property.	string
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vlans	Specified VLANs VLANs specified for manual health check.	HealthCheckSpecVlans	Required

Example Response: { "transport_zone_path": "/infra/sites/default/enforcement-points/default/transport-zones/1b3a2f36-bfd1-443e-a0f6-4de01abc963e", "vlans": { "vlan_ranges": [ { "start": 0, "end": 4094 } ] }, "is_transient": true, "resource_type": "PolicyManualHealthCheck", "id": "mhctest", "display_name": "mhctest", "relative_path": "mhctest", "path": "infra/manual-health-checks/mhctest", "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_time": 1726113220863, "_create_user": "admin", "_last_modified_time": 1726113220863, "_last_modified_user": "admin", "_revision": 0 } Required Permissions: crud Feature: policy_ops Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get a manual health check config

Get manual health check config with the specified identifier.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/manual-health-checks/{manual-health-check-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/policy/api/v1/infra/manual-health-checks/mhctest Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyManualHealthCheck+

PolicyManualHealthCheck (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPolicyManualHealthCheckResult
cluster_scope_filter	vCenter cluster scope filter The transport node scope is determined by the combination of specified vCenter cluster and specified host group (optional). The host switch scope is determined by the specified host switch. This property cannot be set together with the transport_zone_path property	HealthCheckClusterScopeFilter
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_transient	Marker to indicate if the intent is transient This field indicates whether the intent is transient. If it is set to true, intent will be cleaned up after 24 hours of inactivity.	boolean	Default: "True"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyManualHealthCheck	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_zone_path	Policy path of transport zone Policy path of transport Zone. The transport node scope is the host transport node under this specified transport zone. The host switch scope depends on which host switch applies to this transport zone. For now, a transport zone can only apply to one host switch for a certain node. In combination with the host transport node and transport zone, a unique host switch can be determined. This property cannot be set together with the cluster_scope_filter property.	string
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vlans	Specified VLANs VLANs specified for manual health check.	HealthCheckSpecVlans	Required

Example Response: { "transport_zone_path": "/infra/sites/default/enforcement-points/default/transport-zones/1b3a2f36-bfd1-443e-a0f6-4de01abc963e", "vlans": { "vlan_ranges": [ { "start": 0, "end": 4094 } ] }, "is_transient": true, "resource_type": "PolicyManualHealthCheck", "id": "mhctest", "display_name": "mhctest", "path": "infra/manual-health-checks/mhctest", "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_time": 1726113220863, "_create_user": "admin", "_last_modified_time": 1726113381354, "_last_modified_user": "system", "_revision": 2 } Required Permissions: read Feature: policy_ops Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete an existing manual health check

Delete an existing manual health check by ID. Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/manual-health-checks/{manual-health-check-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<nsx-mgr>/policy/api/v1/infra/manual-health-checks/mhctest Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_ops Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get result for the specified manual health check ID

Get the manual health check result with the specified ID. Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/manual-health-checks/{manual-health-check-id}/result

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/policy/api/v1/infra/manual-health-checks/mhctest/result Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

PolicyManualHealthCheckResult+

PolicyManualHealthCheckResult (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
cluster_scope_filter	vCenter cluster scope filter The transport node scope is determined by the combination of specified vCenter cluster and specified host group (optional). The host switch scope is determined by the specified host switch. This property cannot be set together with the transport_zone_path property	HealthCheckClusterScopeFilter
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_transient	Marker to indicate if the intent is transient This field indicates whether the intent is transient. If it is set to true, intent will be cleaned up after 24 hours of inactivity.	boolean	Default: "True"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
operation_status	Operation status The operation status for health check. IN_PROGRESS - The VLAN MTU health check is in progress, and the result is not ready for check. FINISHED - The VLAN MTU health check is complete, and the result is ready for check. PARTIAL_FINISHED - The VLAN MTU health check is partial finished. This status is due to the VLAN MTU health check failing on some of target host transport nodes. FAILED - The VLAN MTU health check is failed. This status is due to the VLAN MTU health check failing on all target host transport nodes.	string	Required Readonly Enum: IN_PROGRESS, FINISHED, PARTIAL_FINISHED, FAILED
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyManualHealthCheckResult	string
result		PolicyHealthCheckResult	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_zone_path	Policy path of transport zone Policy path of transport Zone. The transport node scope is the host transport node under this specified transport zone. The host switch scope depends on which host switch applies to this transport zone. For now, a transport zone can only apply to one host switch for a certain node. In combination with the host transport node and transport zone, a unique host switch can be determined. This property cannot be set together with the cluster_scope_filter property.	string
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vlans	Specified VLANs VLANs specified for manual health check.	HealthCheckSpecVlans	Required

Example Response: { "operation_status": "FINISHED", "result": { "vlan_mtu_status": "UNTRUNKED", "transport_node_results": [ { "transport_node_path": "/infra/sites/default/enforcement-points/default/host-transport-nodes/192-164-128-2-4266fc86-26e7-434c-986c-5c35b5bcbe35host-26", "transport_node_name": "192.164.128.2", "result_status": "FINISHED", "result_on_host_switch": { "host_switch_name": "vds_1", "results_per_uplink": [ { "uplink_name": "uplink1", "vlan_and_mtu_allowed": [ { "start": 0, "end": 0 }, { "start": 101, "end": 102 } ], "mtu_disallowed": [], "vlan_disallowed": [ { "start": 1, "end": 100 }, { "start": 103, "end": 4094 } ], "vlan_allowed": [ { "start": 0, "end": 0 }, { "start": 101, "end": 102 } ] }, { "uplink_name": "uplink2", "vlan_and_mtu_allowed": [ { "start": 0, "end": 0 }, { "start": 101, "end": 102 } ], "mtu_disallowed": [], "vlan_disallowed": [ { "start": 1, "end": 100 }, { "start": 103, "end": 4094 } ], "vlan_allowed": [ { "start": 0, "end": 0 }, { "start": 101, "end": 102 } ] } ], "vlan_mtu_status": "UNTRUNKED", "updated_time": 1764143655892 } }, { "transport_node_path": "/infra/sites/default/enforcement-points/default/host-transport-nodes/192-164-128-64-4266fc86-26e7-434c-986c-5c35b5bcbe35host-14", "transport_node_name": "192.164.128.64", "result_status": "FINISHED", "result_on_host_switch": { "host_switch_name": "vds_1", "results_per_uplink": [ { "uplink_name": "uplink1", "vlan_and_mtu_allowed": [ { "start": 0, "end": 0 }, { "start": 101, "end": 102 } ], "mtu_disallowed": [], "vlan_disallowed": [ { "start": 1, "end": 100 }, { "start": 103, "end": 4094 } ], "vlan_allowed": [ { "start": 0, "end": 0 }, { "start": 101, "end": 102 } ] }, { "uplink_name": "uplink2", "vlan_and_mtu_allowed": [ { "start": 0, "end": 0 }, { "start": 101, "end": 102 } ], "mtu_disallowed": [], "vlan_disallowed": [ { "start": 1, "end": 100 }, { "start": 103, "end": 4094 } ], "vlan_allowed": [ { "start": 0, "end": 0 }, { "start": 101, "end": 102 } ] } ], "vlan_mtu_status": "UNTRUNKED", "updated_time": 1764143655970 } } ], "updated_time": 1764143656021 }, "resource_type": "PolicyManualHealthCheckResult", "marked_for_delete": false, "overridden": false, "transport_zone_path": "/infra/sites/default/enforcement-points/default/transport-zones/overlay-tz", "vlans": { "vlan_ranges": [ { "start": 0, "end": 4094 } ] }, "is_transient": true, "_protection": "NOT_PROTECTED" } Required Permissions: read Feature: policy_ops Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Monitoring: Healthchecks

Associated URIs:

GET /api/v1/automatic-health-check-toggle (Deprecated)
PUT /api/v1/automatic-health-check-toggle (Deprecated)
GET /api/v1/automatic-health-checks (Deprecated)
GET /api/v1/automatic-health-checks/transport-zones/{transport-zone-id} (Deprecated)
GET /api/v1/manual-health-checks (Deprecated)
POST /api/v1/manual-health-checks (Deprecated)
DELETE /api/v1/manual-health-checks/{manual-health-check-id} (Deprecated)
GET /api/v1/manual-health-checks/{manual-health-check-id} (Deprecated)

Get automatic health check toggle (Deprecated)

Get detailed info for automatic health check toggle. Request:

Method:

GET

URI Path(s):

/api/v1/automatic-health-check-toggle

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/automatic-health-check-toggle Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

AutomaticHealthCheckToggle+

AutomaticHealthCheckToggle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Status of automatic health check	boolean	Required Default: "False"
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value AutomaticHealthCheckToggle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

Example Response: { "enabled": false, "resource_type": "AutomaticHealthCheckToggle", "id": "b9339dce-cf1d-48a4-bd37-d708cfbf101d", "display_name": "automatic-health-check-toggle", "_protection": "NOT_PROTECTED", "_create_user": "system", "_create_time": 1558406740433, "_last_modified_user": "system", "_last_modified_time": 1558406740433, "_system_owned": false, "_revision": 0 } Required Permissions: read Feature: tools_health_check Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Update automatic health check toggle (Deprecated)

Change status of automatic health check toggle to enabled/disabled. Request:

Method:

PUT

URI Path(s):

/api/v1/automatic-health-check-toggle

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

AutomaticHealthCheckToggle+

AutomaticHealthCheckToggle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Status of automatic health check	boolean	Required Default: "False"
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value AutomaticHealthCheckToggle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

Example Request: PUT https://<nsx-mgr>/api/v1/automatic-health-check-toggle { "enabled": true, "resource_type": "AutomaticHealthCheckToggle", "id": "b9339dce-cf1d-48a4-bd37-d708cfbf101d", "display_name": "automatic-health-check-toggle", "_revision": 0 } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

AutomaticHealthCheckToggle+

AutomaticHealthCheckToggle (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Status of automatic health check	boolean	Required Default: "False"
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value AutomaticHealthCheckToggle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

Example Response: { "enabled": true, "resource_type": "AutomaticHealthCheckToggle", "id": "b9339dce-cf1d-48a4-bd37-d708cfbf101d", "display_name": "automatic-health-check-toggle", "_protection": "NOT_PROTECTED", "_create_user": "system", "_create_time": 1558406740433, "_last_modified_user": "admin", "_last_modified_time": 1558496184400, "_system_owned": false, "_revision": 1 } Required Permissions: crud Feature: tools_health_check Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List automatic health checks (Deprecated)

Query automatic health checks with list parameters.
Request:

Method:

GET

URI Path(s):

/api/v1/automatic-health-checks

Request Headers:

n/a

Query Parameters:

ListRequestParameters+

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/automatic-health-checks Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

AutomaticHealthCheckListResult+

Example Response: { "results": [ { "transport_zone_id": "57430c2c-2d54-4976-811d-80f734f0acc9", "result": { "vlan_mtu_status": "TRUNKED", "results_per_transport_node": [ { "transport_node_id": "1744d346-7b75-11e9-bbd3-3325c02eb651", "result_on_host_switch": { "host_switch_name": "nsxvswitch", "results_per_uplink": [ { "uplink_name": "uplink1", "vlan_and_mtu_allowed": [ { "start": 0, "end": 0 } ], "mtu_disallowed": [], "vlan_disallowed": [] } ], "vlan_mtu_status": "TRUNKED", "updated_time": 1558496244824 } }, { "transport_node_id": "2dd19d4c-7b75-11e9-a37e-dda5bd0f9e75", "result_on_host_switch": { "host_switch_name": "nsxvswitch", "results_per_uplink": [ { "uplink_name": "uplink1", "vlan_and_mtu_allowed": [ { "start": 0, "end": 0 } ], "mtu_disallowed": [], "vlan_disallowed": [] } ], "vlan_mtu_status": "TRUNKED", "updated_time": 1558496244850 } } ], "updated_time": 1558496244850 } } ], "result_count": 1 } Required Permissions: read Feature: tools_health_check Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get an automatic health check (Deprecated)

Get health check performed by system automatically for specific transport
zone.
Request:

Method:

GET

URI Path(s):

/api/v1/automatic-health-checks/transport-zones/{transport-zone-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/automatic-health-checks/transport-zones/ 57430c2c-2d54-4976-811d-80f734f0acc9 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

AutomaticHealthCheck+

Example Response: { "transport_zone_id": "57430c2c-2d54-4976-811d-80f734f0acc9", "result": { "vlan_mtu_status": "TRUNKED", "results_per_transport_node": [ { "transport_node_id": "1744d346-7b75-11e9-bbd3-3325c02eb651", "result_on_host_switch": { "host_switch_name": "nsxvswitch", "results_per_uplink": [ { "uplink_name": "uplink1", "vlan_and_mtu_allowed": [ { "start": 0, "end": 0 } ], "mtu_disallowed": [], "vlan_disallowed": [] } ], "vlan_mtu_status": "TRUNKED", "updated_time": 1558496425055 } }, { "transport_node_id": "2dd19d4c-7b75-11e9-a37e-dda5bd0f9e75", "result_on_host_switch": { "host_switch_name": "nsxvswitch", "results_per_uplink": [ { "uplink_name": "uplink1", "vlan_and_mtu_allowed": [ { "start": 0, "end": 0 } ], "mtu_disallowed": [], "vlan_disallowed": [] } ], "vlan_mtu_status": "TRUNKED", "updated_time": 1558496425079 } } ], "updated_time": 1558496457663 } } Required Permissions: read Feature: tools_health_check Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

List manual health checks (Deprecated)

Query manual health checks with list parameters.
Request:

Method:

GET

URI Path(s):

/api/v1/manual-health-checks

Request Headers:

n/a

Query Parameters:

ListRequestParameters+

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/manual-health-checks Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ManualHealthCheckListResult+

Example Response: { "sort_ascending" : true, "sort_by": "resource_type", "result_count": 2, "results": [ { "resource_type": "ManualHealthCheck", "id": "516ea614-6692-4dcb-9fa7-8304f9765a7f", "display_name": "health check 001", "operation_status": "IN PROGRESS", "transport_zone_id": "7f5e6a44-696d-401d-936a-d7138476acd3", "vlans":{ "vlan_ranges":[{ "start": 1, "end": 2 },{ "start": 4, "end": 5 }] }, "_protection" : "NOT_PROTECTED", "_create_user" : "admin", "_create_time" : 1507687895605, "_last_modified_user" : "admin", "_last_modified_time" : 1507705866588, "_system_owned" : false, "_revision" : 1 }, { "resource_type": "ManualHealthCheck", "id": "7e5d3a8c-8aa8-4df6-9a0f-b0456575b233", "display_name": "Manual Health Check 002", "operation_status": "IN PROGRESS", "transport_zone_id": "7f5e6a44-696d-401d-936a-d7138476acd3", "vlans":{ "vlan_ranges":[{ "start": 1, "end": 5 },{ "start": 11, "end": 11 }] }, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1507687895605, "_last_modified_user": "admin", "_last_modified_time": 1507705866588, "_system_owned": false, "_revision": 0 } ] } Required Permissions: read Feature: tools_health_check Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create a new manual health check request (Deprecated)

Create a new manual health check request with essential properties. It's
disallowed to create new one until the count of in-progress manual health
check is less than 50. A manual health check will be deleted automatically
after finished for 24 hours.
Request:

Method:

POST

URI Path(s):

/api/v1/manual-health-checks

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

ManualHealthCheck+

ManualHealthCheck (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
cluster_scope_filter	vCenter cluster scope filter The transport node scope is determined by the combination of specified vCenter cluster and specified host group (optional). The host switch scope is determined by the specified host switch. This property cannot be set together with the transport_zone_id property	HealthCheckClusterScopeFilter
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
operation_status	Operation Status The operation status for health check	string	Readonly Enum: IN_PROGRESS, FINISHED, PARTIAL_FINISHED, FAILED
resource_type	Must be set to the value ManualHealthCheck	string
result		HealthCheckResult	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_zone_id	Transport Zone ID The entity ID works as a filter param. Entity ID and entity type should be both provided or not at a query.	string
vlans	Specificied VLANs VLANs specificied for manual health check	HealthCheckSpecVlans	Required

Example Request: POST https://<nsx-mgr>/api/v1/manual-health-checks { "resource_type": "ManualHealthCheck", "display_name": "Manual HealthCheck 002", "transport_zone_id": "7f5e6a44-696d-401d-936a-d7138476acd3", "vlans":{ "vlan_ranges":[{ "start": 1, "end": 5 },{ "start": 11, "end": 11 }] }, } Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

ManualHealthCheck+

ManualHealthCheck (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
cluster_scope_filter	vCenter cluster scope filter The transport node scope is determined by the combination of specified vCenter cluster and specified host group (optional). The host switch scope is determined by the specified host switch. This property cannot be set together with the transport_zone_id property	HealthCheckClusterScopeFilter
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
operation_status	Operation Status The operation status for health check	string	Readonly Enum: IN_PROGRESS, FINISHED, PARTIAL_FINISHED, FAILED
resource_type	Must be set to the value ManualHealthCheck	string
result		HealthCheckResult	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_zone_id	Transport Zone ID The entity ID works as a filter param. Entity ID and entity type should be both provided or not at a query.	string
vlans	Specificied VLANs VLANs specificied for manual health check	HealthCheckSpecVlans	Required

Example Response: { "id": "2d5d3a9a-5bc7-4ad1-2f0a-a9836575d204", "resource_type": "ManualHealthCheck", "display_name": "Manual HealthCheck 002", "operation_status": "IN PROGRESS", "transport_zone_id": "7f5e6a44-696d-401d-936a-d7138476acd3", "vlans":{ "vlan_ranges":[{ "start": 1, "end": 5 },{ "start": 11, "end": 11 }] }, "_protection" : "NOT_PROTECTED", "_create_user" : "admin", "_create_time" : 1507687895605, "_last_modified_user" : "admin", "_last_modified_time" : 1507705866588, "_system_owned" : false, "_revision" : 0 } Required Permissions: crud Feature: tools_health_check Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get an existing manual health check (Deprecated)

Get an existing manual health check by health check ID. Request:

Method:

GET

URI Path(s):

/api/v1/manual-health-checks/{manual-health-check-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<nsx-mgr>/api/v1/manual-health-checks/ 7e5d3a8c-8aa8-4df6-9a0f-b0456575b233 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

ManualHealthCheck+

ManualHealthCheck (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
cluster_scope_filter	vCenter cluster scope filter The transport node scope is determined by the combination of specified vCenter cluster and specified host group (optional). The host switch scope is determined by the specified host switch. This property cannot be set together with the transport_zone_id property	HealthCheckClusterScopeFilter
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
operation_status	Operation Status The operation status for health check	string	Readonly Enum: IN_PROGRESS, FINISHED, PARTIAL_FINISHED, FAILED
resource_type	Must be set to the value ManualHealthCheck	string
result		HealthCheckResult	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_zone_id	Transport Zone ID The entity ID works as a filter param. Entity ID and entity type should be both provided or not at a query.	string
vlans	Specificied VLANs VLANs specificied for manual health check	HealthCheckSpecVlans	Required

Example Response: { "resource_type": "ManualHealthCheck", "id": "7e5d3a8c-8aa8-4df6-9a0f-b0456575b233", "display_name": "Manual Health Check 002", "operation_status": "IN PROGRESS", "transport_zone_id": "7f5e6a44-696d-401d-936a-d7138476acd3", "vlans":{ "vlan_ranges":[{ "start": 1, "end": 5 },{ "start": 11, "end": 11 }] }, "_protection" : "NOT_PROTECTED", "_create_user" : "admin", "_create_time" : 1507687895605, "_last_modified_user" : "admin", "_last_modified_time" : 1507705866588, "_system_owned" : false, "_revision" : 0 } Required Permissions: read Feature: tools_health_check Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete an existing manual health check (Deprecated)

Delete an existing manual health check by ID. Request:

Method:

DELETE

URI Path(s):

/api/v1/manual-health-checks/{manual-health-check-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: DELETE https://<nsx-mgr>/api/v1/manual-health-checks/ 7e5d3a8c-8aa8-4df6-9a0f-b0456575b233 Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: tools_health_check Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Monitoring: IPFIX (Firewall IPFIX Collectors)

Associated URIs:

GET /policy/api/v1/infra/ipfix-dfw-collector-profiles
DELETE /policy/api/v1/infra/ipfix-dfw-collector-profiles/{ipfix-dfw-collector-profile-id}
GET /policy/api/v1/infra/ipfix-dfw-collector-profiles/{ipfix-dfw-collector-profile-id}
PATCH /policy/api/v1/infra/ipfix-dfw-collector-profiles/{ipfix-dfw-collector-profile-id}
PUT /policy/api/v1/infra/ipfix-dfw-collector-profiles/{ipfix-dfw-collector-profile-id}

List IPFIX Collector profiles.

API will provide list of all IPFIX dfw collector profiles and
their details.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/ipfix-dfw-collector-profiles

Request Headers:

n/a

Query Parameters:

IPFIXDFWCollectorProfileListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/ipfix-dfw-collector-profiles/ Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

IPFIXDFWCollectorProfileListResult+

Example Response: { "results": [ { "ipfix_dfw_collectors": [ { "collector_ip_address": "230.90.90.90", "collector_port": 1569, "marked_for_delete": false, "_protection": "NOT_PROTECTED" } ], "resource_type": "IPFIXDFWCollectorProfile", "id": "profile1", "display_name": "profile1", "path": "/infra/ipfix-dfw-collector-profiles/profile1", "relative_path": "profile1", "parent_path": "/infra/ipfix-dfw-collector-profiles/profile1", "marked_for_delete": false, "_create_user": "admin", "_create_time": 1545256220232, "_last_modified_user": "admin", "_last_modified_time": 1545256220232, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ], "result_count": 1, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_ipfix_dfw Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or Replace IPFIX dfw collector profile

Create or Replace IPFIX dfw collector profile. IPFIX data will be sent to IPFIX
collector port.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/ipfix-dfw-collector-profiles/{ipfix-dfw-collector-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

IPFIXDFWCollectorProfile+

IPFIXDFWCollectorProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_dfw_collectors	IPFIX DFW Collectors. It accepts Multiple Collectors.	array of IPFIXDFWCollector	Required Minimum items: 1
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXDFWCollectorProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/ipfix-dfw-collector-profiles/profile1 { "ipfix_dfw_collectors": [ { "collector_ip_address": "230.90.90.90", "collector_port": 1570 } ], "_revision": 0 } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

IPFIXDFWCollectorProfile+

IPFIXDFWCollectorProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_dfw_collectors	IPFIX DFW Collectors. It accepts Multiple Collectors.	array of IPFIXDFWCollector	Required Minimum items: 1
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXDFWCollectorProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "ipfix_dfw_collectors": [ { "collector_ip_address": "230.90.90.90", "collector_port": 1570, "marked_for_delete": false, "_protection": "NOT_PROTECTED" } ], "resource_type": "IPFIXDFWCollectorProfile", "id": "profile1", "display_name": "profile1", "path": "/infra/ipfix-dfw-collector-profiles/profile1", "relative_path": "profile1", "parent_path": "/infra/ipfix-dfw-collector-profiles/profile1", "marked_for_delete": false, "_create_user": "admin", "_create_time": 1545256220232, "_last_modified_user": "admin", "_last_modified_time": 1545257032468, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } Required Permissions: crud Feature: policy_ipfix_dfw Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

IPFIX dfw collector profile id

Create a new IPFIX dfw collector profile if the IPFIX dfw collector profile with
given id does not already exist. If the IPFIX dfw collector profile with the
given id already exists, patch with the existing IPFIX dfw collector profile.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/ipfix-dfw-collector-profiles/{ipfix-dfw-collector-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

IPFIXDFWCollectorProfile+

IPFIXDFWCollectorProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_dfw_collectors	IPFIX DFW Collectors. It accepts Multiple Collectors.	array of IPFIXDFWCollector	Required Minimum items: 1
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXDFWCollectorProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/ipfix-dfw-collector-profiles/profile1 { "ipfix_dfw_collectors": [ { "collector_ip_address": "230.90.90.90", "collector_port": 1569 } ] } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_ipfix_dfw Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete IPFIX dfw Collector profile

API deletes IPFIX dfw collector profile. Flow forwarding to
collector will be stopped.
Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/ipfix-dfw-collector-profiles/{ipfix-dfw-collector-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/ipfix-dfw-collector-profiles/profile1 Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_ipfix_dfw Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get IPFIX dfw Collector profile

API will return details of IPFIX dfw collector profile. If profile
does not exist, it will return 404.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/ipfix-dfw-collector-profiles/{ipfix-dfw-collector-profile-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/ipfix-dfw-collector-profiles/profile1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

IPFIXDFWCollectorProfile+

IPFIXDFWCollectorProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_dfw_collectors	IPFIX DFW Collectors. It accepts Multiple Collectors.	array of IPFIXDFWCollector	Required Minimum items: 1
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXDFWCollectorProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "ipfix_dfw_collectors": [ { "collector_ip_address": "230.90.90.90", "collector_port": 1569, "marked_for_delete": false, "_protection": "NOT_PROTECTED" } ], "resource_type": "IPFIXDFWCollectorProfile", "id": "profile1", "display_name": "profile1", "path": "/infra/ipfix-dfw-collector-profiles/profile1", "relative_path": "profile1", "parent_path": "/infra/ipfix-dfw-collector-profiles/profile1", "marked_for_delete": false, "_create_user": "admin", "_create_time": 1545256220232, "_last_modified_user": "admin", "_last_modified_time": 1545256220232, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: policy_ipfix_dfw Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Monitoring: IPFIX (Firewall IPFIX Profiles)

Associated URIs:

GET /policy/api/v1/infra/ipfix-dfw-profiles
DELETE /policy/api/v1/infra/ipfix-dfw-profiles/{ipfix-dfw-profile-id}
GET /policy/api/v1/infra/ipfix-dfw-profiles/{ipfix-dfw-profile-id}
PATCH /policy/api/v1/infra/ipfix-dfw-profiles/{ipfix-dfw-profile-id}
PUT /policy/api/v1/infra/ipfix-dfw-profiles/{ipfix-dfw-profile-id}

List IPFIX DFW Profile

API provides list IPFIX DFW profiles available on
selected logical DFW.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/ipfix-dfw-profiles

Request Headers:

n/a

Query Parameters:

IPFIXDFWProfileListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/ipfix-dfw-profiles/ Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

IPFIXDFWProfileListResult+

Example Response: { "results": [ { "ipfix_dfw_collector_profile_path": "/infra/ipfix-dfw-collector-profiles/profile1", "active_flow_export_timeout": 40, "observation_domain_id": 344, "priority": 770, "resource_type": "IPFIXDFWProfile", "id": "profile1", "display_name": "profile1", "path": "/infra/ipfix-dfw-profiles/profile1", "relative_path": "profile1", "parent_path": "/infra/ipfix-dfw-profiles/profile1", "marked_for_delete": false, "_create_user": "admin", "_create_time": 1545257663086, "_last_modified_user": "admin", "_last_modified_time": 1545257663086, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ], "result_count": 1, "sort_by": "display_name", "sort_ascending": true } Required Permissions: read Feature: policy_ipfix_dfw Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or Replace IPFIX DFW collection Config.

Create or replace IPFIX DFW profile. Config will start
forwarding data to provided IPFIX DFW collector.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/ipfix-dfw-profiles/{ipfix-dfw-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

IPFIXDFWProfile+

IPFIXDFWProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
active_flow_export_timeout	Active timeout (Minutes) For long standing active flows, IPFIX records will be sent per timeout period in minutes.	int	Required Minimum: 1 Maximum: 60 Default: "1"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_dfw_collector_profile_path	IPFIX collector Paths Policy path for IPFIX collector profiles. IPFIX data from these logical segments will be sent to all specified IPFIX collectors.	string	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
observation_domain_id	Observation domain ID An identifier that is unique to the exporting process and used to meter the flows.	int	Minimum: 0 Maximum: 65536 Default: "0"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
priority	Config Priority This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only.	int	Minimum: 0 Maximum: 32000 Default: "0"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXDFWProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

IPFIXDFWProfile+

IPFIXDFWProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
active_flow_export_timeout	Active timeout (Minutes) For long standing active flows, IPFIX records will be sent per timeout period in minutes.	int	Required Minimum: 1 Maximum: 60 Default: "1"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_dfw_collector_profile_path	IPFIX collector Paths Policy path for IPFIX collector profiles. IPFIX data from these logical segments will be sent to all specified IPFIX collectors.	string	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
observation_domain_id	Observation domain ID An identifier that is unique to the exporting process and used to meter the flows.	int	Minimum: 0 Maximum: 65536 Default: "0"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
priority	Config Priority This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only.	int	Minimum: 0 Maximum: 32000 Default: "0"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXDFWProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "ipfix_dfw_collector_profile_path": "/infra/ipfix-dfw-collector-profiles/profile1", "active_flow_export_timeout": 40, "observation_domain_id": 344, "priority": 771, "resource_type": "IPFIXDFWProfile", "id": "profile1", "display_name": "profile1", "path": "/infra/ipfix-dfw-profiles/profile1", "relative_path": "profile1", "parent_path": "/infra/ipfix-dfw-profiles/profile1", "marked_for_delete": false, "_create_user": "admin", "_create_time": 1545257663086, "_last_modified_user": "admin", "_last_modified_time": 1545259987846, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } Required Permissions: crud Feature: policy_ipfix_dfw Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Patch IPFIX DFW profile

Create a new IPFIX DFW profile if the IPFIX DFW profile
with given id does not already exist. If the IPFIX DFW
profile with the given id already exists, patch with
the existing IPFIX DFW profile.
Request:

Method:

PATCH

URI Path(s):

/policy/api/v1/infra/ipfix-dfw-profiles/{ipfix-dfw-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

IPFIXDFWProfile+

IPFIXDFWProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
active_flow_export_timeout	Active timeout (Minutes) For long standing active flows, IPFIX records will be sent per timeout period in minutes.	int	Required Minimum: 1 Maximum: 60 Default: "1"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_dfw_collector_profile_path	IPFIX collector Paths Policy path for IPFIX collector profiles. IPFIX data from these logical segments will be sent to all specified IPFIX collectors.	string	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
observation_domain_id	Observation domain ID An identifier that is unique to the exporting process and used to meter the flows.	int	Minimum: 0 Maximum: 65536 Default: "0"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
priority	Config Priority This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only.	int	Minimum: 0 Maximum: 32000 Default: "0"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXDFWProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/ipfix-dfw-profiles/profile1 { "ipfix_dfw_collector_profile_path": "/infra/ipfix-dfw-collector-profiles/profile1", "observation_domain_id": 344, "active_flow_export_timeout":40, "priority":770, "_create_user": "admin", "_create_time": 1545257663086, "_last_modified_user": "admin", "_last_modified_time": 1545259987846, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_ipfix_dfw Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Delete IPFIX DFW Profile

API deletes IPFIX DFW Profile. Selected IPFIX Collectors will stop
receiving flows.
Request:

Method:

DELETE

URI Path(s):

/policy/api/v1/infra/ipfix-dfw-profiles/{ipfix-dfw-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/ipfix-dfw-profiles/profile1 Successful Response:

Response Code:

200 OK

Response Headers:

n/a

Response Body:

n/a

Required Permissions: crud Feature: policy_ipfix_dfw Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Get IPFIX DFW Profile

API will return details of IPFIX DFW profile.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/ipfix-dfw-profiles/{ipfix-dfw-profile-id}

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/ipfix-dfw-profiles/profile1 Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

IPFIXDFWProfile+

IPFIXDFWProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
active_flow_export_timeout	Active timeout (Minutes) For long standing active flows, IPFIX records will be sent per timeout period in minutes.	int	Required Minimum: 1 Maximum: 60 Default: "1"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_dfw_collector_profile_path	IPFIX collector Paths Policy path for IPFIX collector profiles. IPFIX data from these logical segments will be sent to all specified IPFIX collectors.	string	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
observation_domain_id	Observation domain ID An identifier that is unique to the exporting process and used to meter the flows.	int	Minimum: 0 Maximum: 65536 Default: "0"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
priority	Config Priority This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only.	int	Minimum: 0 Maximum: 32000 Default: "0"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXDFWProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Response: { "ipfix_dfw_collector_profile_path": "/infra/ipfix-dfw-collector-profiles/profile1", "active_flow_export_timeout": 40, "observation_domain_id": 344, "priority": 770, "resource_type": "IPFIXDFWProfile", "id": "profile1", "display_name": "profile1", "path": "/infra/ipfix-dfw-profiles/profile1", "relative_path": "profile1", "parent_path": "/infra/ipfix-dfw-profiles/profile1", "marked_for_delete": false, "_create_user": "admin", "_create_time": 1545257663086, "_last_modified_user": "admin", "_last_modified_time": 1545257663086, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: policy_ipfix_dfw Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Monitoring: IPFIX (Switch IPFIX Collectors)

Associated URIs:

GET /policy/api/v1/infra/ipfix-l2-collector-profiles
DELETE /policy/api/v1/infra/ipfix-l2-collector-profiles/{ipfix-l2-collector-profile-id}
GET /policy/api/v1/infra/ipfix-l2-collector-profiles/{ipfix-l2-collector-profile-id}
PATCH /policy/api/v1/infra/ipfix-l2-collector-profiles/{ipfix-l2-collector-profile-id}
PUT /policy/api/v1/infra/ipfix-l2-collector-profiles/{ipfix-l2-collector-profile-id}

List IPFIX Collector profiles.

API will provide list of all IPFIX collector profiles and their details.
Request:

Method:

GET

URI Path(s):

/policy/api/v1/infra/ipfix-l2-collector-profiles

Request Headers:

n/a

Query Parameters:

IPFIXL2CollectorProfileListRequestParameters+

Request Body:

n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/ipfix-l2-collector-profiles/ Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

IPFIXL2CollectorProfileListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "IPFIXL2CollectorProfile", "id": "profile", "display_name": "/infra/ipfix-l2-collector-profiles/profile", "path": "/infra/ipfix-l2-collector-profiles/profile", "parent_path": "/infra", "relative_path": "profile", "ipfix_l2_collectors":[ { "collector_ip_address": "10.24.24.23", "collector_port": 3569 } ], "_create_user": "admin", "_create_time": 1517354268091, "_last_modified_user": "admin", "_last_modified_time": 1517354315280, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_ipfix_switch Additional Errors:

301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
412 Precondition Failed
415 Unsupported Media Type
428 Precondition Required
429 Too Many Requests
500 Internal Server Error
503 Service Unavailable

Create or Replace IPFIX collector profile

Create or Replace IPFIX collector profile. IPFIX data will be sent to IPFIX
collector.
Request:

Method:

PUT

URI Path(s):

/policy/api/v1/infra/ipfix-l2-collector-profiles/{ipfix-l2-collector-profile-id}

Request Headers:

n/a

Query Parameters:

OverrideRequestParameters+

Request Body:

IPFIXL2CollectorProfile+

IPFIXL2CollectorProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_l2_collectors	It accepts Multiple Collector objects. It accepts Multiple Collector objects.	array of IPFIXL2Collector	Required Minimum items: 1 Maximum items: 4
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXL2CollectorProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/ipfix-l2-collector-profiles/profile1 { "ipfix_l2_collectors":[ { "collector_ip_address": "10.24.24.23", "collector_port": 3569 } ] } Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

IPFIXL2CollectorProfile+

IPFIXL2CollectorProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_l2_collectors	It accepts Multiple Collector objects. It accepts Multiple Collector objects.	array of IPFIXL2Collector	Required Minimum items: 1 Maximum items: 4
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string

NSX API Guide

NSX API Guide

Table of Contents

Introduction

API Data Types and Allowed Ranges

Formats

Request Failures

Request Authentication

HTTP Basic Authentication

Session-Based Authentication

Authentication using an X.509 certificate and a Principal Identity

Authentication in VMware Cloud on AWS (VMC)

API Pagination

Example Requests and Responses

Restrictions on Certain Fields in a Request

Collection List Pagination

Optimistic Concurrency Control and the _revision property

Overview

Exceptions for /policy APIs

PATCH and _revision for /policy APIs

PUT Operations

API Rate Limiting

Designing API client code to work gracefully with rate limits

OpenAPI Specification of NSX APIs

List enforcementpoints for infra (Deprecated)

Create/update a new Enforcement Point under infra (Deprecated)

Patch a new Enforcement Point under infra (Deprecated)

Read an Enforcement Point (Deprecated)

Delete EnforcementPoint (Deprecated)

List Cluster Profiles (Deprecated)

Create a Cluster Profile (Deprecated)

Get cluster profile by Id (Deprecated)

Update a cluster profile (Deprecated)

Delete a cluster profile (Deprecated)

Get infra segment cross site traffic statistics (Deprecated)

Get RTEP span and mac address-table (Deprecated)

Get RTEP mesh connectivity status (Deprecated)

Get segment cross site traffic statistics (Deprecated)

Get L2 forwarder remote mac addresses (Experimental)

Get L2 forwarder statistics (Experimental)

Get L2 forwarder status (Experimental) (Deprecated)

Get inter-site BGP summary of edge node (Deprecated)

List Deployment Zones for infra (Deprecated)

Read a DeploymentZone (Deprecated)