NSX-T Data Center REST API
Associated URIs:
| API Description | API Path |
|---|---|
Test a directory domain event log server connectivityThis API tests a event log server connectivity before the actual domain or event log server is configured. If the connectivity is good, the response will be HTTP status 200. Otherwise the response will be HTTP status 200 and a corresponding error message will be returned. Note - Query param 'enforcement_point_path' would be honoured only in case of Global manager. |
POST /policy/api/v1/infra/firewall-identity-store-event-log-servers/status
POST /policy/api/v1/global-infra/firewall-identity-store-event-log-servers/status |
Test a directory domain LDAP server connectivityThis API tests a LDAP server connectivity before the actual domain or LDAP server is configured. If the connectivity is good, the response will be HTTP status 200. Otherwise the response will be HTTP status 500 and corresponding error message will be returned. |
POST /policy/api/v1/infra/firewall-identity-store-ldap-server
POST /policy/api/v1/global-infra/firewall-identity-store-ldap-server |
Scan the size of a directory domainThis call scans the size of a directory domain. It may be very | expensive to run this call in some AD domain deployments. Please | use it with caution. |
POST /policy/api/v1/infra/firewall-identity-store-size
|
List all firewall identity storesList all firewall identity stores |
GET /policy/api/v1/infra/firewall-identity-stores
(Deprecated)
|
Fetch all organization units for a LDAP server. |
POST /policy/api/v1/infra/firewall-identity-stores-org-units
|
Delete firewall identity storeIf the firewall identity store is removed, it will stop the identity store synchronization. User will not be able to define new IDFW rules |
DELETE /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}
(Deprecated)
|
Read firewall identity storeReturn a firewall identity store based on the store identifier |
GET /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}
(Deprecated)
|
Create or update a firewall identity storeIf a firewall identity store with the firewall-identity-store-id is not already present, create a new firewall identity store. If it already exists, update the firewall identity store with specified attributes. |
PATCH /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}
(Deprecated)
|
Invoke full sync or delta sync for a specific domain, with additional delay in seconds if needed. Stop sync will try to stop any pending sync if any to return to idle state. |
POST /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}
(Deprecated)
POST /policy/api/v1/global-infra/firewall-identity-stores/{firewall-identity-store-id} (Deprecated) |
Create or update a firewall identity storeIf a firewall identity store with the firewall-identity-store-id is not already present, create a new firewall identity store. If it already exists, replace the firewall identity store instance with the new object. |
PUT /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}
(Deprecated)
|
Delete a Event Log server for Firewall Identity store |
DELETE /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/event-log-servers/{event-log-server-id}
(Deprecated)
|
Get a specific Event Log server for a given Firewall Identity store |
GET /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/event-log-servers/{event-log-server-id}
(Deprecated)
|
Create a Event Log server for Firewall Identity storeMore than one Event Log server can be created and only one event log server is used to synchronize directory objects. If more than one Event Log server is configured, NSX will try all the servers until it is able to successfully connect to one. |
PATCH /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/event-log-servers/{event-log-server-id}
(Deprecated)
|
Update a event log server for Firewall Identity store |
PUT /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/event-log-servers/{event-log-server-id}
(Deprecated)
|
Search for directory groups within a domain based on the substring of a distinguished name. (e.g. CN=User,DC=acme,DC=com) The search filter pattern can optionally support multiple (up to 100 maximum) search pattern separated by '|' (url encoded %7C). In this case, the search results will be returned as the union of all matching criteria. (e.g. CN=Ann,CN=Users,DC=acme,DC=com|CN=Bob,CN=Users,DC=acme,DC=com) |
GET /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/groups
GET /policy/api/v1/global-infra/firewall-identity-stores/{firewall-identity-store-id}/groups |
List members of a directory groupA member group could be either direct member of the group specified by group_id or nested member of it. Both direct member groups and nested member groups are returned. Directory group member sync must be enabled to get the correct results. |
GET /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/groups/{group-id}/member-groups
|
List all configured domain LDAP servers |
GET /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/ldap-servers
(Deprecated)
|
Delete a LDAP server for Firewall Identity store |
DELETE /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/ldap-servers/{ldap-server-id}
(Deprecated)
|
Get a specific LDAP server for a given Firewall Identity store |
GET /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/ldap-servers/{ldap-server-id}
(Deprecated)
|
Create a LDAP server for Firewall Identity storeMore than one LDAP server can be created and only one LDAP server is used to synchronize directory objects. If more than one LDAP server is configured, NSX will try all the servers until it is able to successfully connect to one. |
PATCH /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/ldap-servers/{ldap-server-id}
(Deprecated)
|
Test a LDAP server connection for directory domainThe API tests a LDAP server connection for an already configured domain. If the connection is successful, the response will be HTTP status 200. Otherwise the response will be HTTP status 500 and corresponding error message will be returned. |
POST /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/ldap-servers/{ldap-server-id}
(Deprecated)
POST /policy/api/v1/global-infra/firewall-identity-stores/{firewall-identity-store-id}/ldap-servers/{ldap-server-id} (Deprecated) |
Update a LDAP server for Firewall Identity store |
PUT /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/ldap-servers/{ldap-server-id}
(Deprecated)
|
Fetch all organization units for a Firewall Identity Store. |
GET /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/org-units
GET /policy/api/v1/global-infra/firewall-identity-stores/{firewall-identity-store-id}/org-units |
Get Firewall identity store sync statistics for the given identifier |
GET /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/sync-stats
GET /policy/api/v1/global-infra/firewall-identity-stores/{firewall-identity-store-id}/sync-stats |
List all firewall identity storesList all firewall identity stores |
GET /policy/api/v1/infra/identity-firewall-stores
GET /policy/api/v1/global-infra/identity-firewall-stores |
Delete firewall identity storeIf the firewall identity store is removed, it will stop the identity store synchronization. User will not be able to define new IDFW rules |
DELETE /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}
|
Read firewall identity storeReturn a firewall identity store based on the store identifier |
GET /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}
GET /policy/api/v1/global-infra/identity-firewall-stores/{identity-firewall-store-id} |
Create or update a firewall identity storeIf a firewall identity store with the firewall-identity-store-id is not already present, create a new firewall identity store. If it already exists, update the firewall identity store with specified attributes. |
PATCH /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}
|
Create or update a firewall identity storeIf a firewall identity store with the firewall-identity-store-id is not already present, create a new firewall identity store. If it already exists, replace the firewall identity store instance with the new object. |
PUT /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}
|
Delete a Event Log server for Firewall Identity store |
DELETE /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/event-log-servers/{event-log-server-id}
|
Get a specific Event Log server for a given Firewall Identity store |
GET /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/event-log-servers/{event-log-server-id}
GET /policy/api/v1/global-infra/identity-firewall-stores/{identity-firewall-store-id}/event-log-servers/{event-log-server-id} |
Create a Event Log server for Firewall Identity storeMore than one Event Log server can be created and only one event log server is used to synchronize directory objects. If more than one Event Log server is configured, NSX will try all the servers until it is able to successfully connect to one. |
PATCH /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/event-log-servers/{event-log-server-id}
|
Update a event log server for Firewall Identity store |
PUT /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/event-log-servers/{event-log-server-id}
|
List group's children groups and UsersA member group could be either direct member of the group specified by group_id or nested member of it. Both direct member groups and nested member groups are returned. |
GET /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/groups/{group-id}/children
GET /policy/api/v1/global-infra/identity-firewall-stores/{identity-firewall-store-id}/groups/{group-id}/children |
List group's all direct and grand parent groupsReturns all the direct and grand parent groups of a group. |
GET /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/groups/{group-id}/parent-groups
GET /policy/api/v1/global-infra/identity-firewall-stores/{identity-firewall-store-id}/groups/{group-id}/parent-groups |
List all configured domain LDAP servers |
GET /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/ldap-servers
GET /policy/api/v1/global-infra/identity-firewall-stores/{identity-firewall-store-id}/ldap-servers |
Delete a LDAP server for Firewall Identity store |
DELETE /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/ldap-servers/{ldap-server-id}
|
Get a specific LDAP server for a given Firewall Identity store |
GET /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/ldap-servers/{ldap-server-id}
GET /policy/api/v1/global-infra/identity-firewall-stores/{identity-firewall-store-id}/ldap-servers/{ldap-server-id} |
Create a LDAP server for Firewall Identity storeMore than one LDAP server can be created and only one LDAP server is used to synchronize directory objects. If more than one LDAP server is configured, NSX will try all the servers until it is able to successfully connect to one. |
PATCH /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/ldap-servers/{ldap-server-id}
|
Update a LDAP server for Firewall Identity store |
PUT /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/ldap-servers/{ldap-server-id}
|
List All site to ELS server mapping for given identity firewall storePaginated list of ELS servers associated with an identity store for a site. |
GET /policy/api/v1/global-infra/identity-firewall-stores/{identity-firewall-store-id}/site-to-els-server-mappings
|
Get Identity firewall store to ELS server mapping.Get ELS servers associated with an identity store for a site. |
GET /policy/api/v1/global-infra/identity-firewall-stores/{identity-firewall-store-id}/site-to-els-server-mappings/{site-mapping-id}
|
List all site to LDAP server mapping for given identity firewall storePaginated list of LDAP servers associated with an identity store for a site. |
GET /policy/api/v1/global-infra/identity-firewall-stores/{identity-firewall-store-id}/site-to-ldap-server-mappings
|
Get Identity firewall store to LDAP server mapping.Get ordered list of LDAP servers associated with an identity store for a site. |
GET /policy/api/v1/global-infra/identity-firewall-stores/{identity-firewall-store-id}/site-to-ldap-server-mappings/{site-mapping-id}
|
List users by user nameReturn all the users based on the user name. |
GET /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/users
GET /policy/api/v1/global-infra/identity-firewall-stores/{identity-firewall-store-id}/users |
List user's all direct and grand parent groupsReturns all the direct and grand parent groups of a user. |
GET /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/users/{user-id}/parent-groups
GET /policy/api/v1/global-infra/identity-firewall-stores/{identity-firewall-store-id}/users/{user-id}/parent-groups |
Initiate Delta Sync on Identity Firewall Store.Initiates a delta synchronization on the Identity Firewall Store. The objects that have changed since the last sync will be retrieved from the AD server and synchronized with NSX. |
POST /policy/api/v1/infra/identity-firewall-stores/action/delta-sync
|
Initiate Full Sync on Identity Firewall Store.Initiates a full synchronization on the Identity Firewall Store. All the objects will be retrieved from the AD server and synchronized with NSX. |
POST /policy/api/v1/infra/identity-firewall-stores/action/full-sync
|
Initiate Stop Sync on Identity Firewall Store.Stops the synchronization process on the Identity Firewall Store. |
POST /policy/api/v1/infra/identity-firewall-stores/action/stop-sync
|
Test LDAP Server connectivity for an Identity Firewall Store.Tests the LDAP server connectivity for an existing Identity Firewall Store. |
POST /policy/api/v1/infra/identity-firewall-stores/ldap-servers/action/connectivity-check
|
List compute cluster idfw ConfigurationAPI will list all compute cluster wise identity firewall configuration |
GET /policy/api/v1/infra/settings/firewall/idfw/cluster
|
Delete compute cluster idfw configurationDelete compute cluster identity firewall configuration. |
DELETE /policy/api/v1/infra/settings/firewall/idfw/cluster/{cluster-id}
|
Read compute cluster idfw configurationRead compute cluster identity firewall configuration |
GET /policy/api/v1/infra/settings/firewall/idfw/cluster/{cluster-id}
|
Patch compute cluster idfw configurationPatch compute cluster identity firewall configuration. |
PATCH /policy/api/v1/infra/settings/firewall/idfw/cluster/{cluster-id}
|
Create or update compute cluster idfw configurationUpdate the compute cluster idfw configuration |
PUT /policy/api/v1/infra/settings/firewall/idfw/cluster/{cluster-id}
|
Get IDFW status for a Compute CollectionGet IDFW status for a specific Compute Collection |
GET /policy/api/v1/infra/settings/firewall/idfw/compute-collections/{compute-collection-id}/status
|
List IDFW status for Transport Nodes in a Compute CollectionThis API will list all transport node and statuses based on idfw enabled compute collection ID. |
GET /policy/api/v1/infra/settings/firewall/idfw/compute-collections/{compute-collection-id}/transport-nodes/status
|
Get IDFW status for all Compute CollectionsGet IDFW status for all Compute Collections |
GET /policy/api/v1/infra/settings/firewall/idfw/compute-collections/status
|
Get all IDFW Group VM details for a given GroupGet all Identity Firewall Group VM details for a given Group. |
GET /policy/api/v1/infra/settings/firewall/idfw/group-vm-details
GET /policy/api/v1/global-infra/settings/firewall/idfw/group-vm-details |
Read idfw configuration for standalone hostRead identity firewall configuration for standalone host |
GET /policy/api/v1/infra/settings/firewall/idfw/standalone-host-switch-setting
|
Patch idfw configuration for standalone hostPatch identity firewall configuration for standalone host |
PATCH /policy/api/v1/infra/settings/firewall/idfw/standalone-host-switch-setting
|
Create or update idfw configuration for standalone hostUpdate the idfw configuration for standalone host |
PUT /policy/api/v1/infra/settings/firewall/idfw/standalone-host-switch-setting
|
Get IDFW system statistics dataIt will get IDFW system statistics data. |
GET /policy/api/v1/infra/settings/firewall/idfw/system-stats
GET /policy/api/v1/global-infra/settings/firewall/idfw/system-stats |
List IDFW status of VMs by transport node idThis API will list all VMs and statuses based on transport node ID of idfw enabled compute collection. |
GET /policy/api/v1/infra/settings/firewall/idfw/transport-nodes/{transport-node-id}/vms/status
|
Get user session dataIt will get user session data. |
GET /policy/api/v1/infra/settings/firewall/idfw/user-session-data
GET /policy/api/v1/global-infra/settings/firewall/idfw/user-session-data |
Get IDFW user login events for a given userIt will get IDFW user login events for a given user. |
GET /policy/api/v1/infra/settings/firewall/idfw/user-stats/{user-id}
|
Get IDFW user login events for a given VMIt will get IDFW user login events for a given VM (all active plus up to 5 most recent archived entries). |
GET /policy/api/v1/infra/settings/firewall/idfw/vm-stats/{vm-id}
GET /policy/api/v1/global-infra/settings/firewall/idfw/vm-stats/{vm-id} |
Post User Login/Logout events for IDFWAPI to receive User Login and Logout events for IDFW |
POST /policy/api/v1/system/input/login-logout-events
|