Provider Management Operations Index

Get the access-control list for the specified provider management entity.

Creates an access-control grant, giving the user the level of access for the provider management entity.

Get the specified access-control grant.

Updates the specified access-control grant.

Removes the specified access-control grant from the provider management entities access-control list.

Get all access levels.

Get the specified access level.

Get a list of all advisory definitions.

Create a new advisory definition.

Get the advisory definition with the specified id.

Delete the advisory with the associated specified id.

Get a list of all advisories accessible to the user.

Get the advisory with the specified id.

Updates an advisory for the active session using a specified id. Advisories that have a MANDATORY priority may not be updated.

Query all API filters.

Create an API filter.

Retrieve an API filter.

Update an API filter.

Delete an API filter.

Get list of audit trail events

Retrieves all registered Avi Load Balancer Controllers.

Register a new Avi Load Balancer Controller.

Retrieves a specific Avi Load Balancer Controller.

Update a Avi Load Balancer Controller.

Unregister a Avi Load Balancer Controller.

Syncs a specified Avi Load Balancer Controller along with associated Cloud and Service Engine Groups. Only NSX-T backed Clouds and Service Engine Groups under them are synced.

Retrieves all Avi Load Balancer Service Engine Groups.

Retrieves a specific Avi Load Balancer Service Engine Group.

Retrieves all Avi Load Balancer Service Engine Groups assignments. Filter with 'regionId' is supported: filter=regionId==URN.

Create a new Avi Service Engine Group Assignment. This assigns the PROVIDER_MANAGED Avi Service Engine Group to an Organization.

Retrieves a specific Avi Load Balancer Service Engine Group Assignment.

Delete an Avi Service Engine Group Assignment. This removes the assignment of the PROVIDER_MANAGED Avi Service Engine Group to an Organization.

Get a description of a theme to be applied. The response contains relative URLs to each file comprising the theme in its main flavor. To fetch each file, build a URL from filesRoot + files[i] and GET it. This resource is accessible without authentication.

Get a description of a theme to be applied. The response contains relative URLs to each file comprising the theme in the requested flavor. All mandatory resources are included, even if the theme does not explicitly define such flavor(in which case the main flavor is used). To fetch each file, build a URL from filesRoot + files[i] and GET it. This resource is accessible without authentication.

Load a file of a theme with the given id, if it exists. This resource is accessible without authentication and without the need to specify Accept header containing an api version.

Load a file of a theme with the given id, if it exists. This resource is accessible without authentication and without the need to specify Accept header containing an api version.

Gets the list of all available branding themes

Creates a new branding theme

Gets an existing branding theme

Updates existing branding theme

Deletes existing branding theme. If a theme is assigned to any organizations and forceDelete flag is specified it will delete the scoping as well. If a theme is assigned but forceDelete is not specified - error will be returned.

Gets theme resources as a zip archive.

Initiate an upload for the resources of this branding theme using the Transfer Service. A unique transfer service URL is returned where the plugin can be uploaded. The resources should be bundled in a zip, which may also contain a manifest.json describing the various resources bundled in this archive. Example manifest.json:

{
  Name: "cusome_name.zip",
  Description: "Autogenerated branding theme resources",
  Vendor: "Vmware",
  Version: 0.0.1
  Resources: {
    FavIcon: <name of the favIcon file>,
    Logo: <name of the logo file>,
    Background: <name of the background file>,
    Localizations: <name of the localization file>,
    CustomLinks: <name of the custom links file>,
    Styles: <name of the CSS file representing the overwritten styles>,
    PortalName: <id_of_localization_or_just_text_to_be_displayed>
  }
}

The resources in the zip should be organized in folders. The name of each folder represents a theme flavor, for ex. light or dark. If the archive does not contain a flavor folder matching the mainFlavor of the theme, the main flavor folder will be the root of the zip. The main flavor folder must contain all mandatory assets. Other flavor folders may override each asset. Mandatory assets not available in a non-main flavor will default to the ones from the main flavor. Not mandatory assets may or may not default, depending on each particular kind. All assets must have the same names under the different flavors.

Get organizations and their active themes

Gets organizations using this branding theme as active

Set active theme for a list of organizations

Remove active branding theme of organization. Organization will inherit the default branding theme. The branding theme instance is not deleted and can be set as active again at later point.

Retrieves the list of capabilities that are specific to this organization.

Retrieves the current capabilities of a namespace. These cannot be edited.

It lists the capabilities supported by the Region based on the underlying vCenter and supervisors and other factors. These capabilities cannot be edited.

Get a list of the certificate library items

Add an item to the certificate library

Retrieves the specified certificate library item. Note: This API also supports a former (erroneously spelt) alternate path /cetificateLibrary/{id} as a Deprecated API (deprecated-in and removed after API version 36.0)

Updates the specified certificate library item. Only the alias and description fields may be edited Note: This API also supports a former (erroneously spelt) alternate path /cetificateLibrary/{id} as a Deprecated API (deprecated-in and removed after API version 36.0)

Delete the specified certificate library item. Only items that are not in use can be deleted. Note: This API also supports a former (erroneously spelt) alternate path /cetificateLibrary/{id} as a Deprecated API (deprecated-in and removed after API version 36.0)

Get list of consumers (as references) of a particular certificate library item

Adds the specified consumer reference to a library item.

Replaces the existing consumer refs with the consumer references supplied.

Retrieves links to start navigation

Returns all configuration properties. At present this will always return an EMPTY list.

Get the current setting for the specified configuration property.

Sets a configuration property to the provided value.

Retrieves a list of Org-scoped content libraries. Results can be filtered by id, name, org, autoAttach, creationDate, and libraryType.

Creates a new Provider or Organization Content library based on the context of the user. A library created from System org is a Provider Content Library. A library created from an organization context is an Organization Content Library Response is a 202 with task URL in location header

Refreshes the VCF content library to reflect the new items added directly from a Namespace using Packer flow and remove the items that no longer exist in the library backing.

Syncs a subscribed content library to the external source it is subscribed to.

Retrieves a specific content library via URN.

Update content library.

Deletes a VCF Content Library via URN.

Retrieve a list of project permissions for a content library. By default, this list is sorted by permission type in ascending order.

Update the specified content library's project permissions.

Retrieves a list of Org-scoped items. Results can be filtered by id, name, imageIdentifier, isPublished, isSubscribed, status, creationDate, lastSuccessfulSync, contentLibrary, and org.

Creates a new content library item. Note that the item is not fully created until its files have been uploaded.

Retrieves a specific item via URN.

Updates the specified content library item. Unless the item is a placeholder, only name and description can be updated.

Delete a specific content library item via URN.

Retrieves a list of files for a content library item

Promotes the project content library item to a provider content library by capturing the item's underlying virtual machine as an OVF template and creating another item from it in the destination content library.

Create download bundle by packaging as OVA bundle with all provided VMIs and additional content supplied by the client. A task will be reported in the response and client needs to track the task for progress. Once Task completed successfully, download link will be reported in the Task's detail for downloading the final OVA.

Queries the set of allowed origins.

Sets allowed origins to the given set of origins.

Attempts to migrate Defined Entity instances of a Defined Entity Type (source entity type) to another version (upgrade/downgrade) of the Defined Entity Type (target entity type). Depending on potential concurrent updates, this operation might, or might not process all instances. If you seek to migrate all instances, you have a few options:

• run this operation, or individual RDE updates multiple times, as many as required (inspecting state after each run)
• make sure not to perform any upgrade/downgrade operations on Defined Entity instances of the source entity type while the migrate task is in progress. Only those Defined Entity instances which the user has modify access to are affected by the mass migrate operation.

Essentially the mass migrate operation is a batch update operation on the Defined Entity instances of the source entity type (each instance is updated with changing the "entityType" property to the target entity type). However, the underlying update operation on each Defined Entity instance is limited in terms of functionality compared to the API update operation on a Defined Entity instance. First of all, you can only update the "entityType" property of the Defined Entity instance. Also you cannot make use of the OCC functionality when executing a mass migrate - Defined Entity instances will be updated regardless of their current state. And lastly, a PostUpdate hook, defined in the target entity type, will not be executed on the Defined Entity instances after a mass migrate operation.

The mass migrate operation may also change the entityState of the Defined Entity instances:

• If an instance is in PRE_CREATED entityState before the migration - the instance will remain in PRE_CREATED entityState after the migration
• If an instance is in RESOLUTION_ERROR entityState before the migration - the instance will move into PRE_CREATED entityState after the migration
• If an instance is in IN_DELETION entityState before the migration - the instance will remain in IN_DELETION entityState after the migration
• If an instance is in RESOLVED entityState before the migration - the migration operation will try to resolve the instance after upgrading it to the target type's version. If the instance's entity contents validate against the target version's schema, the instance will remain in RESOLVED entityState. If the instance's entity contents cannot validate against the target version's schema, the instance will either remain unchanged (migration will be rolled back) or it will move into RESOLUTION_ERROR entityState depending on the value of the "forceMigrate" property (part of the body of the request). The default behavior is to roll back the migration. Generally in this case (when the instance's entity contents are incompatible with the target version's schema), the user must then individually update each of the incompatible instances according to their business logic.

A RDE modify event is emitted for each instance which is migrated with the 'definedEntity.type' and 'definedEntity.was.type' additional properties having different values (the same RDE modify event is emitted with the Defined Entity instance update operation).

The mass migrate operation is suitable for use when there are a lot of instances of a Defined Entity type which need to be migrated and a small fraction of them is expected to be incompatible with the target entity type's schema. In all other cases, the usual update Defined Entity instance operation is more appropriate.

Gets the defined entity with the unique identifier (URN)

Update the defined entity with the unique identifier (URN). This operation can also be used to upgrade/downgrade the entity to a different version of the defined entity type it is an instance of by setting the "entityType" property.

The update operation may change the entityState of the Defined Entity. If the entity's entityState is:

• PRE_CREATED before the update - the entity will remain in PRE_CREATED entityState after the update
• RESOLUTION_ERROR before the update - the entity will move to PRE_CREATED entityState after the update
• IN_DELETION before the update - the entity will remain in IN_DELETION entityState after the update
• RESOLVED before the update - the update operation will try to validate the entity content (value after the update) against the entity type's schema (value after the update). If validation is successful the entity will remain in RESOLVED state. Otherwise, the entity will move to RESOLUTION_ERROR entityState and the operation will fail with exception.

Deletes the defined entity with the unique identifier (URN). A multi-stage entity deletion process can achieved using the PreDelete and PostDelete RDE lifecycle hooks. When deleting a defined entity the PreDelete hook is executed first and if invocation fails, deletion is aborted and entity remains unchanged. If PreDelete hook execution succeeds, the entity is moved into IN_DELETION state and PostDelete hook execution is started. If the PostDelete hook succeeds, the entity is deleted. Otherwise, it remains in IN_DELETION state. An entity can always be deleted by setting the invokeHooks parameter to 'false'.

Gets the full defined entity with the unique identifier (URN) including secure fields.

Validates the defined entity against the entity type schema. If the validation is successful, the entity will transition to a "RESOLVED" state. Otherwise, it will transition to an "ERROR" state.

Retrieves all the metadata for the region. User can view the entries if user can view the region.

Creates a new metadata entry. This operation is allowed only if the user has at least a modify access level to the region object.

Get a single metadata entry.

Update the value of a single key-value metadata entry.

Delete a single metadata entry.

Download the binary content of a file entry

Gets the collection of defined entities for the provider management-defined type with the specified id. Depending on the requested items per page, and the number of returned entities, one or more metadata summary cursor links will be returned in the headers. In order to retrieve the summaries of all the entities, clients need to fetch each separate cursor and merge the results.

Gets the collection of defined entities for the provider management-defined type with the specified vendor, nss and version. The version can act as a wildcard. If only '1' is specified as the version, all entity types with a major version of '1' will be matched (e.g. 1.0.0, 1.1.2). If '1.0' is specified, all entity types with a major version of '1' and a minor version of '0' will be included (e.g. 1.0.0, 1.0.1). If the full semver is specified, then no search will be performed. Depending on the requested items per page, and the number of returned entities, one or more metadata summary cursor links will be returned in the headers. In order to retrieve the summaries of all the entities, clients need to fetch each separate cursor and merge the results.

Gets the collection of defined entities for the provider management-defined type with the specified vendor and nss without restrictions on the version.

Gets the collection of defined entities for the provider management-defined interface with the specified vendor, nss and version. The version can act as a wildcard. If only '1' is specified as the version, all entity types with a major version of '1' will be matched (e.g. 1.0.0, 1.1.2). If '1.0' is specified, all entity types with a major version of '1' and a minor version of '0' will be included (e.g. 1.0.0, 1.0.1). If the full semver is specified, then no search will be performed. Depending on the requested items per page, and the number of returned entities, one or more metadata summary cursor links will be returned in the headers. In order to retrieve the summaries of all the entities, clients need to fetch each separate cursor and merge the results.

Gets the collection of defined entities for the provider management-defined interface with the specified id. Depending on the requested items per page, and the number of returned entities, one or more metadata summary cursor links will be returned in the headers. In order to retrieve the summaries of all the entities, clients need to fetch each separate cursor and merge the results.

Gets the collection of entity types defined in the Provider Management instance. Allows collection refinement through traditional FIQL-based filtering

Creates a defined entity type.

Gets the entity type with the unique identifier (URN)

Creates a defined entity based on the entity type (URN).

Updates the entity type with the unique identifier (URN)

Deletes the entity type with the unique identifier (URN)

Gets the collection of interfaces defined in the provider management instance. Allows collection refinement through traditional FIQL-based filtering

Creates a defined interface. The version must follow semantic versioning rules.

Gets the interface with the unique identifier (URN)

Updates the interface with the unique identifier (URN) The version must follow semantic versioning rules.

Deletes the interface with the unique identifier (URN)

Retrieve the Behaviors of the specified Defined Entity Type.

Retrieve a specific Behavior in the Defined Type. The Behavior must be specified by ID.

Override the execution of the specified Behavior in the Defined Entity Type. The Behavior must be specified by ID.

Remove a Behavior override in the Defined Entity Type. The Behavior must be specified by ID.

Every entity returned by the API contains information about the scheduled behavior and execution state, where the execution state is used to persist and track the execution of the behavior.

Schedules execution of a behavior.

Retrives detals of scheduled behavior.

Edit execution state of a schedule on given behvior. After edit the behavior will be re-scheduled if the "cronExpression" or the "active" property is changed.

Un-schedules execution of behavior and deletes the scheduled behavior configuration.

Gets the access control configuration of the entity type's behaviors

Adds an access control configuration of an entity type's behavior

Sets the access control configuration of the entity type's behaviors

Retrieve the Behaviors of the specified Defined Interface.

Add a new Behavior to the Interface. Only allowed if the Interface is not in use.

Update all Behaviors, possibly adding or removing some if the Interface is not in use. If the Interface is in use, then only the executions of the existing Behaviors can be updated. The Behaviors can be specified by ID or by name.

Retrieve a specific Behavior in the specified Defined Interface.

Update the execution of the specified Behavior in the Defined Interface. The Behaviors can be specified by ID or by name.

Remove a Behavior from the Defined Interface. The Behaviors can be specified by ID or by name.

Invokes a static behavior defined in the specified interface. The contract of the behavior is specified in the behavior description. If an Activity behavior is invoked with an 'operationId' in the invocation metadata, then another invocation of the behavior with the same 'operationId' will be ignored within the next 1 hour.

Download the execution log from a behavior invocation

Invokes a behavior on a defined entity. The contract of the behavior is specified in the behavior description. If an Activity behavior is invoked with an 'operationId' in the invocation metadata, then another invocation of the behavior with the same 'operationId' will be ignored within the next 1 hour.

Download the execution log from a behavior invocation

Looks up a service account identified by the specified user code for processing its authorization request

Grants access to service account identified by the specified user code. Subsequent polling by the device will result in access token to be transmitted as per device code flow specification

A device's request for access on behalf of a service account, as identified by the specified user code, is denied

Get all Distributed VLAN Connections. Use the 'availableForRegionalNetworkingSettingId' filter to get connections that can be added to a specific Regional Networking Setting: filter=availableForRegionalNetworkingSettingId==URN.

Create a new Distributed VLAN Connection.

Retrieves the specified Distributed VLAN Connection.

Updates a specific Distributed VLAN Connection.

Deletes a specific Distributed VLAN Connection.

Retrieves all Edge Clusters in the system.

Retrieves a specific Edge Cluster.

Updates the specified Edge Cluster. Only QoS related config can be updated.

Retrieves the status of all member transport nodes associated with the Virtual Network Appliances of the specified Cluster.

Sync the Edge Clusters from all the NSX Managers to Provider Management. All the NSX Managers known to Provider Management will be queried for the Edge Clusters. Also creates default Gateway QoS profiles for each edge cluster in NSX. These Gateway QoS profiles will be used by Organizations, when regional networking is setup.

Tests that Email SMTP Settings are valid

Get specified entity object

Get the effective quotas applicable for the given organization.

Assign quotas to given target organization.

Query all external endpoints.

Creates an external endpoint. Vendor, name and version cannot be modified post-creation and must be unique. Each external endpoint will proxy its' requests to the configured rootUrl.

Retrieve an external endpoint.

Update an external endpoint. Vendor, name and version cannot be modified.

Delete an external endpoint. Only disabled endpoints (enabled = false) can be deleted.

Query all external services. Extensions, created from other APIs will not be returned.

Create an external service. Once created, the combination of vendor, name and version cannot be modified and must be unique. Each extension will have its own MQTT topics.

Extensions, created from other APIs will not be returned.

Update an external service. Vendor, name and version cannot be updated.

Delete an external service. The extension must be disabled or the deletion will fail.

Retrieves a specific feature flag.

Updates a specific feature flag to either enable or disable it.

Get list of all feature flags visible to the user. Note that users without feature management permission will not be able to see disabled feature flags.

Get list of global roles

Creates a new global role

Get specified global role

Update specified global role

Delete specified global role

Get list of rights (as references) contained by a particular global role

Adds the list of rights (passed as references) to a global role.

Replaces the existing set of rights in global role with the rights (as references) supplied.

Retrieves list of organizations for whom the global role is explicitly published

Resets list of organizations for whom the global role is explicitly published

Publishes the global role to the specified organizations

Revokes publication of the global role to the specified organizations

Publishes the global role to all organizations

Unpublishes the global role from all organizations

Get a list of groups.

Create a new group.

Get a specified group.

Modify details of the specified group.

Delete the specified group.

Get a list of users of any type that belong to the specified group.

Retrieves all the Guest Operating Systems available globally across all vCenters. The list includes only guest operating systems that are supported by the highest hardware version and deduplicated across all vCenters.

Retrieves a list of infra policies.

Creates a new infra policy.

Retrieves a specific infra policy by its URN.

Updates an existing infra policy.

Deletes an infra policy. The deletion is performed asynchronously and returns a task.

Retrieves a paginated list of vCenter infra policy statuses for a specific infra policy.

Synchronizes the VCFA infra policy definition to all vCenters that participate in this policy. A vCenter participates if it has a matching vCenter compute policy name defined in the VCFA infra policy. This operation is performed asynchronously and returns a task.

Get all the IP Blocks in the system. Use the custom filter cidr to find IP Blocks that overlap with a given CIDR. The cidr filter must be combined with regionRef.id or 'regionRef.name' filter, but no other filters are allowed. For example: cidr==10.17.20.0/24;regionRef.id==urn:vcloud:region:uuid

Create a new IP Block in the system.

Retrieves the specified IP Block.

Updates the specified IP Block.

Deletes the specified IP Block.

Retrieves the total IP utilization counts for the IP Block and utilization counts per IP Block.

Retrieves the Org Quotas for an IP Block. Either "ipSpaceRef" or "orgRef" filter is required.

Retrieves a specific IP Block Org Quota.

Updates a specific IP Block Org Quota. Only custom quotas applied to Organization can be modified.

Given a Regional Networking Settings identifier as a filter, this API retrieves IP Utilization for each IP Block within the Organization. Filter with 'regionalNetworkingSettingId' is required: filter=regionalNetworkingSettingId==URN. IP Utilization includes the IP Quota and the usage counts for IP addresses and CIDRs.

Get all the IP Block Associations for a specified Centralized Connection. Note that the filter parameter "providerGateway.id" or "ipSpaceRef.id" is required.

Create a new IP Block Association in the system.

Retrieves the specified IP Block Association.

Deletes the specified IP Block Association.

Tests that custom LDAP settings are valid, and that the system can use them to search for a user or group

Begins the LDAP sync task

Searches LDAP for given user(s)

Searches LDAP for given group(s)

Returns whether the VCFA product is currently licensed. The product is considered licensed if a VC9+ with a valid VCF license has ever been connected, or if the system is within a 90-day upgrade evaluation period.

Retrieves a map of entity ids to metadata summaries. Each entry carries only core entry data. Only entries available to the current user will be presented. If the user does not have access to the main entity, it will not be present in the map.

Creates an access token for monitoring all projects that a user has access to.

Creates an access token for monitoring a single project that a user has access to.

Creates an access token for monitoring all namespaces that a user has access to.

Creates an access token for monitoring a single namespace that a user has access to.

Creates an access token for monitoring all regions that a user has access to.

Creates an access token for monitoring a single region that a user has access to.

Creates an access token for monitoring the provided external resource entities. This is a privileged API that takes an existing VCF access token (JWT) and a set of external resource entities to monitor, and generates a new token that asserts the right to access those entities.

Get a list of all namedCredentials.

Create a new namedCredential in Provider Management.

Retrieve the specified namedCredential.

Update the given namedCredential.

Delete the namedCredential.The associated vCenter sessions will be terminated

Get the access-control list for the specified namedCredential.

Creates an access-control grant, giving the user the level of access for the namedCredential.

Get the specified access-control grant.

Updates the specified access-control grant.

Removes the specified access-control grant from the named credential type access-control list.

Get all the Namespace summaries of Namespaces created through Provider Management

Creates a new Namespace in Provider Management

Imports an existing namespace from vCenter

Retrieves the specified namespace

Updates a Namespace. The task is returned with the response. Completion of the task does not signify that the namespace has reached its desired state. The task completion just means that the system has successfully accepted the request to update the namespace. Clients should then rely on the status field of the namespace to know if it has reached its desired state.

Deletes the specified namespace

Get a paginated list of namespace storage class usage objects.

Get configured notification settings.

Updates notification settings.

Retrieves all NSX Managers.

Creates an NSX Manager.

Retrieves a specific NSX Manager.

Updates a specific NSX Manager.

Deletes a specific NSX Manager.

Get all Tier-0 routers that are accessible to an organization VDC. Routers that are already associated with a Provider Gateway are filtered out. Tier-0 routers must be retrieved with either the "networkProviderId" or "regionId" filter key set with the id of the NSX Manager or Region respectively.

Get all importable third-party IPAM IP blocks. IP blocks must be retrieved with either the "networkProviderId" or "regionId" filter key set with the id of the NSX Manager or Region respectively. IP blocks that are already imported as IP Spaces can be filtered out with the filter "alreadyImported==false".

Query all object extensions. Required right: "Object Extensions: View".

Create a new object extension. Required right: "Object Extensions: Manage". Objects extensions are unique on:

• (namespace, vendor) - these values are extracted from the channel urn
• channel For further details, see the description of the data structure ObjectExtension.

View an object extension. Required right: "Object Extensions: View".

Update an object extension. Required right: "Object Extensions: Manage".

Remove an object extension. Required right: "Object Extensions: Manage".

Get a list of all OIDC relying parties meeting the query parameters.

Registers a new OIDC relying party.

Get a specific OIDC relying party.

Updates an OIDC relying party.

Delete a specific OIDC relying party.

Regenerates the client secret of an OIDC relying party.

Get the OpenID Provider configuration.

Updates the OpenID Provider configuration.

Query the list of all configured OpenID Provider keys.

Adds the provided private and public key pairs to the list of configured signing keys. This key is NOT automatically made the active signing key. The existing active key will continue to be used.

The provided keys, in addition to being of one of acceptable types, will be validated to confirm that they are a cryptographic pair and that they conform to the minimum key size in the SSL settings for the product.

Get the specified OpenID Provider key.

The description of the specified key entry can be updated. Attempt to modify any other field will result in a bad request error.

Delete the specified OpenID Provider key.

Ingest OPS notifications to be published later to any subscribers on the message bus.

Get list of all orgs accessible to the user.

Create a new organization. If the API version is 40 or above, the operation is asynchronous and a task is returned in the location header. Otherwise, the operation is synchronous.

Get specified organization.

Updates an organization. If the managedBy field is being updated, the operation is asynchronous and a task is returned in the location header. Otherwise, the operation is synchronous.

Delete the specified org.

Retrieves all the metadata for the region. User can view the entries if user can view the region.

Creates a new metadata entry. This operation is allowed only if the user has at least a modify access level to the region object.

Replaces all metadata entries for the region with the provided desired state. All existing entries are deleted and all provided entries are created. Operation is atomic - either all succeed or all fail with rollback.

Note: This operation only supports simple key-value metadata entries (string, number, boolean). File metadata entries are not supported and will result in an error.

Get a single metadata entry.

Update the value of a single key-value metadata entry.

Delete a single metadata entry.

Get the networking-specific settings for the given organization.

Update networking-specific settings for the given organization.

Get all organization LDAP settings.

Updates the organization LDAP settings.

Get all organization settings accessible to the user.

Updates the organization settings accessible to the user.

Get list of preference definitions

Get specified preference definition.

Query user preferences for the logged in user

Query user preferences for the logged in user with sorting, paging, and filtering support.

Get specified user preference.

Update specified user preference

Query user preferences for a specific user

Get a preference for a specific user.

Update a preference for a specific user.

Retrieves all Project Access Levels.

Retrieves all Project Assignments.

Creates a new Project Assignment.

Retrieves a Project Assignment with the given ID.

Updates a Project Assignment with the given ID.

Deletes a Project Assignment with the given ID.

Retrieves all Project Assignment Members for the given project ID.

Updates all Project Assignment Members for the given project ID.

Get all Centralized Connections. Use the 'availableForRegionalNetworkingSettingId' filter to get Centralized Connections that can be added to a specific Regional Networking Setting: filter=availableForRegionalNetworkingSettingId==URN.

Create a Centralized Connection

Retrieves a specific Centralized Connection.

Updates a specific Centralized Connection.

Deletes a specific Centralized Connection.

Gets a paged list of proxy configurations.

Creates a proxy configuration.

Retrieves a specific proxy configuration.

Update a specific proxy configuration.

Delete a specific proxy configuration.

Gets a paged list of proxy rules.

Creates a proxy rule.

Retrieves a specific proxy rule.

Update a specific proxy rule.

Delete a specific proxy rule.

Get a paged list of all Region level storage policies in the system

Creates a new Region Storage Policy in Provider Management

Get specified Region storage policy.

Deletes the given Region Storage Policy.

Sync resources for all Regional Networking Settings associated with the organization from NSX Manager to Provider Management. Resources associated with the Regional Networking Settings that have been modified in NSX directly or through Organization Portal will be synchronized.

Retrieves all Regional Networking Settings.

Creates a Regional Networking Setting.

Retrieves a Regional Networking Setting.

Updates an existing Regional Networking Setting. Only Name and Edge Cluster fields are updateable

Delete a Regional Networking Setting.

Retrieves default VPC connectivity profile for networking workloads running within the region and Organization specified by Regional Networking Setting.

Update the default VPC connectivity profile for networking workloads running within the region and Organization specified by Regional Networking Setting.

Get all the Centralized Connections Connections assigned to the Regional Networking Setting.

Create a new Centralized Connection Connection assignment to the Regional Networking Setting.

Retrieves a specific Centralized Connection assigned to the Regional Networking Setting.

Remove a specific Centralized Connection Connection assignment from the Regional Networking Setting.

Get all the Shared Subnets for this Regional Networking Setting.

Create a new Shared Subnet assignment to the Regional Networking Setting.

Retrieves a specific Shared Subnet assigned to the Regional Networking Setting.

Remove a specific Shared Subnet Connection assignment from the Regional Networking Setting.

Get all the Distributed VLAN Connections assigned to the Regional Networking Setting.

Create a new Distributed VLAN Connection assignment to the Regional Networking Setting.

Retrieves a specific Distributed VLAN Connection assigned to the Regional Networking Setting.

Remove a specific Distributed VLAN Connection assignment from the Regional Networking Setting.

Retrieves the regional Avi Load Balancer setting.

Updates the the regional Avi Load Balancer setting.

Retrieves all the Regions.

Creates a new Region.

Retrieves a region with the given ID.

Updates a Region

Deletes a given Region.

Retrieves all the metadata for the region. User can view the entries if user can view the region.

Creates a new metadata entry. This operation is allowed only if the user has at least a modify access level to the region object.

Replaces all metadata entries for the region with the provided desired state. All existing entries are deleted and all provided entries are created. Operation is atomic - either all succeed or all fail with rollback.

Note: This operation only supports simple key-value metadata entries (string, number, boolean). File metadata entries are not supported and will result in an error.

Get a single metadata entry.

Update the value of a single key-value metadata entry.

Delete a single metadata entry.

Retrieves a List of compatible zones that can be used together in a Namespace in this Region.

Retrieves all the Guest Operating Systems available for the specified Region. The list includes only guest operating systems that are supported by the highest hardware version common to all vCenters in the region.

Retrieves a paginated list of infra policies for a specific region.

Get list of rights

Creates a new right associated with a service.

Retrieves the requested Right by id.

Deletes the requested Custom Right by id.

Get list of rights bundles

Creates a new rights bundle

Get specified rights bundle

Update specified rights bundle

Delete specified rights bundle

Get list of rights (as references) contained by a particular bundle

Adds the list of rights (passed as references) to a rights bundle.

Replaces the existing set of rights in bundle with the rights (as references) supplied.

Retrieves list of organizations for whom the rights bundle is explicitly published

Resets list of organizations for whom the rights bundle is explicitly published

Publishes the rights bundle to the specified organizations

Revokes publication of the rights bundle to the specified organizations

Publishes the rights bundle to all organizations

Unpublishes the rights bundle from all organizations

Get list of Rights Categories

Creates a new custom rights category.

Retrieves the requested Rights Category by id.

Deletes the requested Custom Rights Category by id.

Get list of roles for an organization

Creates a new role

Get specified role

Update specified role

Delete specified role

Get list of rights (as references) contained by a particular role

Adds the list of rights (passed as references) to a role.

Replaces the existing set of rights in role with the rights (as references) supplied.

Get a list of all service accounts.

Retrieves a specific service account

Updates a service account

Deletes a service account

Revokes the token associated with given service account URN, invalidates any existing sessions.

Transfer ownership of this user's owned entities (vApps, media, etc) to the caller.

List all sessions for current user

Logs in a user

Returns the specified session for current user

Logs out the current user

Returns the specified session for the authorization token

Logs out and terminates the current session identified by credentials supplied using the Authorization header

Returns the rights associated with the current session.

Gets locations accessible to this session.

Logs in a user (Provider only)

Get all the Shared Subnets for this Regional Networking Setting.

Create a new Shared Subnet assignment to the Regional Networking Setting.

Retrieves a specific Shared Subnet assigned to the Regional Networking Setting.

Updates a specific Shared Subnet.

Remove a specific Shared Subnet Connection assignment from the Regional Networking Setting.

Retrieves site information

Get list of site associations accessible to the user.

Get specified site association.

Retrieve settings for a site and links for navigating to more specific site settings (e.g., CORS)).

Sets settings for a site.

Get the current VCD SSL settings

Retrieves a list of Org-scoped storage classes. If no Org context is supplied then all available storage classes are retrieved. Results can be filtered by id, name, and region.

Retrieves a specific storage class via URN.

Get a paged list of all standalone Datastores and Datastore Clusters in the system

Get specified Datastore or Datastore Cluster.

Retrieves all Datastores associated with the specified Datastore Cluster.

Retrieves all peer datastores of the specified local Datastore.

Retrieves all Supervisors.

Retrieves a Supervisor.

Retrieves all compute Clusters.

Retrieves a Compute Cluster.

Retrieves all supervisor zones.

Retrieves a Zone.

Retrieves a paginated list of virtual machine class reservations.

Initiates quick start. This can only be run once, if something fails, no rollback is attempted. The following prerequisites are required.

1. A supervisor and its associated NSX manager are present in Provider Management
2. No region or organization exists in Provider Management

Quick start will do the following with sensible defaults.

1. Create a region
2. Rename the provider default org to the specified name
3. Configure regional networking settings
4. Create a default Virtual Data Center
5. Create a default Namespace

Retrieves system status information and overview statistics of system components such as Provider Gateways, Ip Spaces, Regions, Supervisors, Regional Networking Setting, and Content Library

Tests a connection, including SSL handshake and hostname verification.

Retrieves all restricted connections.

Adds a restricted connection.

Retrieves the restricted connection with the given ID.

Updates the restricted connection with the given ID.

Deletes the restricted connection with the given ID.

Retrieve tokens

Creates a new token. Proxy tokens are tied to the current user and can be used to access the set of proxies available to the user.

Retrieves a specific token

Update a token

Delete a specific token. Use this to revoke the current token in case of a leak.

Get list of active transfer sessions.

Get specified transfer session

Get list of transfer session items associated with this transfer session.
Results can be filtered by:

• name

Get all Transit Gateways.

Get currently trusted certificates

Add to list of currently trusted certificates

Get the PEM-encoded certificate with the requested URN

Updates an existing trusted certificate

Revoke trusting specified certificate

Get the access-control list for the specified Provider Management entity type.

Creates an access-control grant, giving the user the level of access for the Provider Management entity type.

Get the specified access-control grant.

Updates the specified access-control grant.

Removes the specified access-control grant from the Provider Management entity type access-control list.

Retrieve the plugin metadata for this extension

Update the plugin metadata for this extension clobbering existing information and returns the updated plugin metadata

Delete the system level logo, forcing the get method to return the vCloud Director default logo.

Retrieves a map of extension Points and an ordered list of items registered with that extension point

Customizes the order and enables/disables extension Points

Initiates an upload for the plugin for this extension using the Transfer service A unique transfer service URL is returned where the plugin may be uploaded.

Deletes the actual plugin for this extension

Retrieves list of organizations for whom the plugin is explicitly published

Publishes the UI plugin to the specified organizations

Revokes publication of the UI plugin to the specified organizations

Publishes the UI plugin to all organizations

Unpublishes the UI plugin from all organizations

Get a list of all UI Extensions

Creates a new UI extension and sets the provided plugin metadata for it.

Get a list of users.

Create a new user.

Get a specified user by id.

Modify basic details of the specified user.

Delete the specified user.

Get a list of references of groups that the user with the given id belongs to.

Adds a list of group references that the user with the given id belongs to. This endpoint allows for the group membership info to be pre-populated before a user logs in for the first time.

Modify an existing user's own password

Transfer ownership of this user's owned entities (vApps, media, etc) to the caller.

Retrieves a list of vCenter compute policies.

Retrieves a specific vCenter compute policy by its URN.

Retrieves a paginated list of tags for a specific vCenter compute policy.

Retrieves a list of unique vCenter compute policy names across all vCenters.

Get list of all VCF infra endpoints registered in VCFA.

Register a VCF infra endpoint (SDDC Manager) in VCFA.

Retrieve the registered VCF infra endpoint in VCFA.

Update the registered VCF infra endpoint in VCFA.

Delete the registered VCF infra endpoint in VCFA.

The refresh method will connect to SDDC Manager, and updates VCFA with any new workload domains (vCenter/NSX/Avi Load Balancer) to register.

The rotate-service-accounts method will delete and recreate the login service accounts of vCenter/NSX/Avi Load Balancer registered in VCFA.

The rotate-api-key method will delete and recreate the apikey used by VCFA to login to SDDCManager

Retrieve the password for a registered VCF infra endpoint.

Get list of all VCF Management Service Capabilities.

Create a list of VCF Management Service Capabilities.

Modify a list of VCF Management Service Capabilities.

Delete list of VCF Management Service Capabilities.

Get the registered VCF Management Service Capability.

Update the registered VCF Management Service Capability.

Delete the registered VCF Management Service Capability.

Gets the vIDB integration for the provider org

Configures the vIDB integration for the provider org

Deletes the vIDB integration for the provider org

Retrieves a paged list of all Virtual Center servers in the system.

Attach a Virtual Center server.

Retrieve the representation of a vCenter server registered and managed by Provider Management.

Update the representation of a registered vCenter server. This operation is asynchronous and returns a task that you can monitor to track the progress of the request. Starting with API version 36.0, a null nsxVManager will attempt to remove the NSX-V Manager from the vCenter, and a non-null nsxVManager will attempt to add the NSX-V Manager to the vCenter if there is none registered or update the NSX-V Manager if there is one already registered to the vCenter. If you don't want to update the NSX-V Manager, provide the same NSX-V Manager settings as the existing one. For API versions before 36.0, no changes or updates to the nsxVManager will be made, regardless of whether an nsxVManger is provided or if it's different than the existing one.

Unregister a vCenter server. This operation is asynchronous and returns a task that you can monitor to track the progress of the request.

Retrieve the metrics of a registered vCenter server.

Retrieve the networking configuration of a registered vCenter server.

Update the network settings of a registered vCenter server. This operation is asynchronous and returns a task that you can monitor to track the progress of the request.

Get a list of all root resource pools that are eligible for consumption. If a resource pool is ineligible but is in the response, this means it has children which are eligible for consumption. A resource pool will be ineligible, unless the cluster has an ESXi host on it. The list will be sorted by name, case insensitive.

Get list of child resource pools of the specified parent that are eligible for consumption. If a resource pool is ineligible but is in the response, this means it has children which are eligible for consumption. A resource pool will be ineligible, unless the cluster has an ESXi host on it. The list will be sorted by name, case insensitive.

Get a list of all resource pools in the specified vCenter.

Get a set of all supported hardware versions by the ESXi hosts in the resource pool.

Get Kubernetes configuration for a resource pool which is backed by a Kubernetes enabled cluster.

Get the list of Virtual Machine Classes

Get a list of all storage profiles for a VC. Supported contexts are: Resource Pool Moref (_context==moref) - | Returns all the storage profiles which are related to a specific Resoure Pool. Example: /cloudapi/{ver}/virtualCenters/{urn}/storageProfiles?filter=_context==resgroup-N

Retrieves the current capabilities configured on a specific Virtual Center storage policy. These cannot be edited.

Get a list of unmanaged virtual machines from vCenter Server

Get the list of disks of a unmanaged virtual machine from vCenter.

Within VSphere's Certificate management, the VMCA is a designated CA certificate that signs vsphere infrastructure endpoint certificates.
This API retrieves that certificate

Retrieves all Virtual Datacenters.

Create a new virtual datacenter.

Get a specific virtual datacenter

Updates the details of a virtual datacenter.

Deletes a virtual datacenter via URN.

Retrieves a paginated list of Virtual Machine Classes associated with this VDC.

Adds the list of Virtual Machine Classes to the VDC.The request will fail if Virtual Machine Classes are added to a Region Quota with Full Allocation.

Replaces the existing set of Virtual Machine Classes in the VDC with the Virtual Machine Classes (as references) supplied. The request will fail if Virtual Machine Classes are being replaced for a Region Quota with Full Allocation.

Retrieves a paged list of VM class reservations associated with this VDC.

Updates all reserved VM classes for this VDC. This API is used to add/remove VM class reservation to the VDC and also to update reserved count of an already reserved VM class.

Get namespaces belonging to a particular virtual datacenter.

Retrieves all the metadata for the region. User can view the entries if user can view the region.

Creates a new metadata entry. This operation is allowed only if the user has at least a modify access level to the region object.

Replaces all metadata entries for the region with the provided desired state. All existing entries are deleted and all provided entries are created. Operation is atomic - either all succeed or all fail with rollback.

Note: This operation only supports simple key-value metadata entries (string, number, boolean). File metadata entries are not supported and will result in an error.

Get a single metadata entry.

Update the value of a single key-value metadata entry.

Delete a single metadata entry.

Updates all storage policies for this VDC. This API is used to add/remove storage policy to the VDC and also to update limit of an existing storage policy.

Retrieves a paged list of infra policies associated with this VDC.

Updates all infra policies for this VDC. This API is used to add/remove infra policy assignments to the VDC and also to update the status of an already assigned infra policy.

Retrieves all Virtual Datacenters Storage Policies.

Creates new Virtual Datacenter Storage Policies in a Virtual Datacenter. The request will fail if more than one Virtual Datacenter is specified or the list of Virtual Datacenter Storage Policies is empty.

Retrieves a specific Virtual Datacenters Storage Policy.

Update a specific Virtual Datacenters Storage Policy.

Deletes an existing Virtual Datacenter storage policy.

Get the list of Virtual Machine Classes

Retrieves the specified virtualMachineClass

Get the paginated list of reserved Virtual Machine Classes

Retrieves all Virtual Network Appliance Clusters in the system.

Retrieves a specific Virtual Network Appliance Cluster.

Retrieves the status of all member transport nodes associated with the Virtual Network Appliances of the specified Cluster.

Sync the Virtual Network Appliance Clusters from all the NSX Managers to the Provider Management. All the NSX Managers known to the Provider Management will be queried for the Virtual Network Appliance Clusters.

Retrieves all Virtual Private Clouds.

This operation validates the provided 'userToken', such that: 1- It is a properly formatted JWT. 2- This token is not expired. 3- It has a valid signature. It then exchanges this token for one that includes the following changes: 1- Add an 'aud' claim using provided 'audience' parameter. 2- Add an optional pseudo-group to the 'groups' claim' if the 'userToken' maps to an account with EDIT privileges. 3- Expand the 'groups' claim list to its maximum.

Create a WebMKS ticket allowing to open a VM console in a browser.

Retrieves all zones known to Provider Management.

Retrieves a Zone.