VMware Cloud Foundation Operations API Operations Index

Performing a POST /api/actions/{id} will attempt to trigger the
action with specified id. It is considered a best practice to use the actionExecution field from the
POST /api/action/{id}/query that has been previously executed to populate
the body of the request. Please note that additional values may be required in order to make
the populateAction response body valid.

The response contains information about the action status by the given taskId

Performing a GET /api/actiondefinitions call will query for
available Actions defined in the system. This includes the data needed
to populate an Action in the system.

Get Adapter Types identified by the specified identifiers or all if 'null' is specified

Contains optional parameter that specifies whether there is a need to report names in all localizations

This API provides the Adapter Kinds by passing specified identifier

This API provides the Resources by passing specified Adapter Kind Key

Get a specific Resource Kind supported by a specific Adapter Kind

Supports optional parameters to get specific Resource Type Attributes

Optionally filter these resources based on resource name. The resource name (specified as a query parameter) will be used for doing a partial match. However, if the resource identifiers and their values are specified, name is ignored and the API enforces all the mandatory (both uniquely identifying and required) identifiers are specified. This allows for looking up a single resource using a ResourceKey and allows the translation between a ResourceKey and a Resource UUID.

Example how to use the identifiers parameter (currently it cannot be used in our Swagger documentation):
/api/adapterkinds/{adapterKindKey}/resourcekinds/{resourceKindKey}/resources?identifiers[key1]=value1&identifiers[key2]=value2

Supports optional parameters to get specific Resource Type Properties

If Adapter Kind is passed as parameter, the API returns only the instances of that Adapter Kind

The request body can accept a collectorId or a collectorGroupId, but not both.

Pass the not-required parameters to indicate whether need to return default value or null in a result for identifiers that have no/null value in request body and continue instantiating adapter even if no connection is established.
In case of VCenter adapter instance, UI/license extension registration should be run separately.

This is typically used to indicate VMware Cloud Foundation operations that the certificates presented by
the (data source for which the adapter instance) was created are indeed valid
certificates.
Typically the response of the POST /api/adapters API in its entirety needs to be
sent as request body when making this PATCH /api/adapters API invocation.
NOTE: In case the provided certificate list is empty, the adapter instance self-signed certificates will be reset.

Stop the adapter instance from monitoring its resources

Start the adapter instance from monitoring its resources

After the duration expires, the adapter instance state is automatically set to STARTED.

Removes the adapter instance from being in an maintenance window. The adapter instance will be notified to start collection process immediately.

Test Adapter Instance connection

This is typically used to indicate VMware Cloud Foundation operations that the certificates presented by
the (data source for which the adapter instance) was tested are indeed valid
certificates.
Typically the response of the POST /api/adapters API in its entirety needs to be
sent as request body when making this PATCH /api/adapters API invocation.

Returns a specific adapter instance identified by the specified UUID.

NOTE: Deleting an adapter instance is not synchronous. In case of VCenter adapter instance, UI/license extension un-registration should be run separately.

Get all resources that are managed by specific Adapter Instance

Get Notification Plugins, optionally filtered for a specific type

Before updating a notification plugin, the plugin should be disabled. During the update process
if there are any untrusted certificates returned by the server the patchAlertPlugin call should be made.
Once the update is successfully completed, use modifyAlertPluginState API to enable the plugin.

If the Notification plugin is a standard email plugin, then any untrusted certificates from the secure SMTP server
is returned as part of the response, the api client should invoke a PATCH call to store these certificates.
By default the notification plugin is in disabled state after being created.
Use the modifyAlertPluginState API to enable the plugin.

Patch a new Notification Plugin Instance

Start or stop an existing Notification Plugin Instance

Test existing Notification Plugin Instance connectivity

Get Notification Plugin specified by Plugin ID

The field checkDependencies is added to preserve the initial behavior. By default it is set to false.

Case 1: When checkDependencies is false, the API has the following behavior:
Dependent Notification Rules are cascade deleted.
Dependent Report Schedules are unreferenced.
Dependent Tenant Email Configurations are always checked. If any then deletion is failed.

Case 2: When checkDependencies is true, the API has the following behavior:
All dependencies are checked. If any then deletion is failed.

To successfully delete the notification plugin, all conflicting dependencies must be removed.

Retrieve all the notification rules of the plugin instance

Get the available Notification Plugin Types

Get the Notification Plugin Type Metadata specified by Plugin Type ID

If the search criteria is not satisfied, the API will return all Alert Definitions

Update an existing Alert Definition

Once the Alert Definition is created, a unique identifier will be generated by the system for the Alert Definition

Enable alert definition in policies

Disable alert definition in policies

Example: GET /api/alerts?id={id1}&id={id2}&resourceId={resId1}&resourceId={resId2}

Modify multiple Alerts by looking them up using their identifiers and performing one of the following actions - Suspend, Cancel,Take Ownership, Release Ownership
Examples:
POST /api/alerts?action=suspend&minutes=1
POST /api/alerts?action=cancel
POST /api/alerts?action=takeownership
POST /api/alerts?action=releaseownership
POST /api/alerts?action=assignownership

Data includes a Collection of Alert Notes
Example: GET /api/alerts/{id}/notes

Data returned is the Alert Note created in the system.
Example: POST /api/alerts/{id}/notes

Data returned includes a Collection of Alert Notes.
Example: POST /api/alerts/query

Data returned includes a Collection of Alert Notes

Example: POST /api/alerts/group/{groupingCondition}/query

Query collection of alert definitions matching the search criteria specified

Example: GET /api/alerts/{id}

Example: GET /api/alerts/{id}/notes/{noteId}

Example: DELETE /api/alerts/{id}/notes/{noteId}

Examples:

GET /api/alerts/types returns the Problem Alerts specific Alert Types & Subtypes
GET /api/alerts/types?ignoreLegacy=false returns all the Alert Types & Subtypes

Get the list of triggered symptoms for the requested alerts
NOTE: This API only reports the symptoms that are defined on 'SELF'.

Using this method, you can look up details about a particular alert definition

Using this method, you can delete a particular alert definition

Example: DELETE /api/alerts/bulk

NOTE: Application Monitoring configuration will be deleted after removing last mapped vCenter from it.

Add a vCenter for monitoring with specified application monitoring configuration

Bootstrap Bundle primarily contains client certificates, Grains File containing configuration of
ARC Agent Components (ucp-minion, salt-minion, Telegraf) and seeder script.

Bootstrap Bundle primarily contains client certificates, Grains File containing configuration of
ARC Agent Components (ucp-minion, salt-minion, Telegraf) and seeder script.
This API also preseeds salt minion keys in ARC.
In SAAS, it also creates adapter if adapter does not exist.

Get all services on a specified resource

Update application service configuration on the specified resource

Save application service configuration on the specified resource

Remove application service configuration from the specified resource

Upgrade app monitoring agent on the specified resources

Stop agent on the specified resources

Start agent on the specified resources

Create mappings between collector or collectorGroup and vCenters

Delete vCenters mapping info

Get vCenter mappings based on the specified query

Query to sign the Arc Client certificate

Install app monitoring agent on specified resource.
vCenters mapping should be present for this API to work.

Correct configuration for vCenters mapping -
vCenter is mapped to individual CP or CP part of non HA collector group.
vCenter is mapped to HA enabled collector group.

vCenters mapping APIs -
Create vCenters mappings API POST /api/applications/vccpmappings.
Delete vCenters mapping API DELETE /api/applications/vccpmappings.

Uninstall app monitoring agent from the specified resource

Save application service configuration on multiple resources.

Get all the created application monitoring configurations

Provides a template for the specified service

Get all available resources for application monitoring

Download Client Certificates

The response contains information about the bootstrap action status by the given taskId.

Get all configurations by service name on a specified resource

The response contains information about the application action status by the given taskId.

Get system audit report

If both ids and roleNames are not specified, information about all the local users are being returned.

Modify the details of a particular user

Create a new user

If the user which is being deleted is an SSO/LDAP/AD user, then it gets deleted(removed) from VMware Cloud Foundation Operations ONLY and does not get actually deleted.

Traversal specifications assigned through this API will add the specified traversal specification to a role permission for the ReadOnly role. It will also update the user's existing role permissions with this traversal specification.
This API is replaced by the assignRolePermissionToUser and unassignRolePermissionFromUser APIs which are PUT and DELETE operations respectively at the /auth/usergroups/{groupId}/permissions endpoint.Note: mixing current and deprecated APIs is not recommended and may result in undefined behavior.

Get assigned role permissions for a specified user

Replaces the existing role permission entirety if it exists already for the named role.

Change the password of the active user

If none of the parameters are specified, all the user groups in the system are returned.

You can add or remove users from the group. Name and id of the group cannot be changed.

If the authSourceId is specified(in the request), then the user group will be imported from the corresponding auth source (LDAP/AD/SSO/VIDM/VIDB).Note that the id of the user group has to be null.
For LDAP/AD groups the distinguishedName should be provided in the name field.
The value of displayName is used only while importing LDAP/AD groups, and if it is not provided then the value of name will be assigned to it. For SSO/VIDM groups the value of name is assigned to displayName.
NOTE: Before importing please make sure that the group exists in the specified authSource by using the following API - /api/auth/sources/{id}/usergroups/search . Otherwise, if you try to import a non-existing group, a new one will be created with the specified authSourceId.
NOTE: In the case of vIDB user group, the import occurs based on the provided externalId. If other provided details are incorrect, they will be asynchronously updated with the correct values right after the import operation is completed.

Delete a list of user groups using their identifiers

Traversal specifications assigned through this API will add the specified traversal specification to a role permission for the ReadOnly role. It will also update the user's existing role permissions with this traversal specification.
This API is replaced by the assignRolePermissionToUser and unassignRolePermissionFromUser APIs which are PUT and DELETE operations respectively at the /auth/usergroups/{groupId}/permissions endpoint.Note: mixing current and deprecated APIs is not recommended and may result in undefined behavior.

Get assigned role permissions for the specified user group

Replaces existing role permission entirety if it exists already for the named role.

Get all the available authentication sources in the system.
NOTE: This API works both for authenticated and un-authenticated access. In case of authenticated access (by providing the Authorization header) it will return more information including auth source properties. Please also note that while triggering the API through Swagger interface it will work in un-authenticated scenario (Swagger will not send the Authorization header).

If the host is an ldap host and if host/port is changed, then the response will contain a list of certificates found matching with the host. It is the duty of the caller to call the PATCH (/sources) api with the certificate details. Once the PATCH api call is successful, the authentication source is available for use.

If the authentication source is of type LDAP or AD and if ssl is enabled, the response object will contain a list of certificates found matching with the provided host.If the authentication source is not of type LDAP or AD (or) if ssl is not enabled, then the authentication source is available for use as soon as the api call is successful.It is the duty of the caller to call the PATCH (/sources) api with the certificate details. Once the PATCH api call is successful, the authentication source is available for use.

Patch an already added authentication source with the certificate data

Synchronize user groups by specified Auth Source ID

Get all scopes available in the environment

Modify a Scope

Create a new Scope.

Delete scopes.

Find list of application roles using the role names

Name of the role cannot be changed.

Create a user role

Get the privileges for a user role

Replaces any previous privileges.

New privileges union with any previous privileges.

Remove specified privileges from the user role

Terminate the current Session ID

Performing a POST /api/auth/token/acquire would yield a response object that includes token and its validity.
HTTP Status 401 will be sent back if the authentication operation has failed.
NOTE: The validity of the acquired token is extended after each call and is set to 6 hours from the last call.

Auth source can be SSO/VIDM/LDAP/AD/VIDB.
When a user is being re-imported, make sure to populate the "id" field of the user.
NOTE: In the case of vIDB users, the import occurs based on the provided externalId. If other provided details are incorrect, they will be asynchronously updated with the correct values right after the import operation is completed.

The auth source can be SSO/LDAP/AD/VIDM.
For the LDAP/AD auth source, the request should contain the name of the user.
For the SSO/VIDM auth source, request should contain the name of the user and the SSO/VIDM domain.
Username can contain wildcards. Maximum of 25 users are returned for SSO auth source.

The auth source can be SSO/VIDM/LDAP/AD.
For the LDAP/AD auth source, the request should contain the name of the group.
For the SSO/VIDM auth source, request should contain the name of the group and the SSO/VIDM domain.
User-group's name can contain wildcards. Maximum of 25 user-groups are returned for SSO auth source.

Test a new or an existing authentication source in the system

Patch an already tested authentication source with the certificate data

Using this method, you can look up details about a particular local user

If the user being deleted is an SSO/LDAP/AD user, the user gets deleted(removed) from VMware Cloud Foundation Operations ONLY and does not get actually deleted.

Look up a local user group using its identifier

Delete a local user group

If no optional parameters passed, the API will return all traversal specification templates in the system

Get all the available authentication source types

Retrieve information about a particular authentication source type

The auth source can be SSO/LDAP/AD.
For the LDAP/AD auth source, the request should contain the name of the user.
For the SSO auth source, request should contain the name of the user and the sso domain.
User-group's username can contain wildcards. Maximum of 25 user-groups are returned for SSO auth source.

During the deletion of the SSO SAML/VCF SSO auth source, the same 'username' and 'password' which has been used while the creating this sso auth source, should be sent to the payload object.
Note: Force flag is applicable only for VCF SSO auth source. If force is true, VMware Cloud Foundation Operations continues to attempt to delete the VCF SSO auth source even when errors occur.
If you set it to false, VMware Cloud Foundation Operations stops attempting to removethe auth source if VCF SSO server fails

Get the scope by its id

Look up a role with the given name

Remove role with given role name

If no privilege key is set, all available Privileges will be granted

If no privilege key is set, all available Privilege Groups will be granted

Using this method, one can look up the details of a user initiated this API method.


Note: The provided hrefs are functional for the users with 'administration.accesscontrol.viewpage' (View Access Control Page) privilege.

Note:The provided hrefs are functional for the users with 'administration.accesscontrol.viewpage' (View Access Control Page) privilege.

Note: The provided hrefs are functional for the users with 'administration.accesscontrol.viewpage' (View Access Control Page) privilege.

Unassign role permission from a user

Unassign role permission from a user group

Get all certificates

Import the given certificate file.

Delete a certificate

Create and save the Bills based on the Bill Generate Request

Get metering Bills summary based on the Request

Get bill for the specified bill identifier

Delete generated bill for the specified bill identifier

The date and time values configured within the Report Schedule are converted to GMT time zone.

The update of a schedule is a "Replace" operation.
If a schedule with the specified
schedule id is present in the system it will be replaced else the API returns a 404 error.

To specify the time zone add X-Ops-API-Timezone header with value of format e.g. Asia/Yerevan.
All the schedules created using this API will be configured to use GMT time zone.

If the query spec is not provided, all Chargeback Reports present in the system are returned.

Generate (create) a Chargeback Report using the specified Report Definition and for the specified Resource

Get the detail of a Chargeback Report given its identifier

Delete a chargeback report by its identifier

The supported formats for Chargeback Reports are PDF, CSV. If the format is not
specified the downloaded report will be in PDF format.
NOTE: In case the Accept header is provided, ensure that its value corresponds to the 'format' request parameter (including the default value when the request parameter is omitted).

The date and time values configured within the Report Schedule are converted to GMT time zone.

Delete Chargeback Report Schedule associated with the specific Report Definition and for the specified Schedule identifier

Get all the Collector Groups defined in the system

This Replaces all existing configuration of a Collector Group
with the data specified as part of the Request.

Create a new Collector Group in the system

Add a Collector to the specified Collector Group

Remove a Collector from the specified Collector Group

Get details of a particular Collector Group in the system

Delete a Collector Group from the system using collector specified identifier

Using this method, you can enable data persistence on cloud proxy.

Using this method, you can disable data persistence on cloud proxy.

If no filters set, the API returns all the Collectors registered with the VMware Cloud Foundation Operations system

Get all the Collectors registered with the VMware Cloud Foundation Operations system

Get details of the specified configuration file.

The "Content-Type" of the request is multipart/form-data.

The response contains information about the last import operation details

The "Content-Type" of the request is multipart/form-data. If the force option is set to true, content will be overwritten. By default the flag is true.
NOTE: If the content file contains integration accounts, then upon completion of the import process, it is recommended to check them. Some collectors or collector groups may have become unbound from the accounts they serve and should be reconnected. Additionally, you will need to re-accept all untrusted certificates manually. Finally ensure that all your adapter instances are started as some of these may not have been restarted automatically.

The response contains information about the last export operation details

Export content for current user. This takes scope of the export. The content types that need to be exported can be specified as a list.

Backup content for current user

Get restore data report for current user

Get content progress

Downloads the content data as a file.

Download backup for current user

Get details of currently selected currency such as display name, code, etc.

Set currency

Gets all the Credential Instances in the system. Optionally filter by adapter kind keys or credential instance identifiers.

Update an existing Credential Instance

Create a new Credential Instance

Partial update an existing Credential Instance

Get a Credential Instance using the identifier specified

Delete a Credential Instance using the identifier specified. Requires the authenticated user to have correct privilege.

Gets the Objects using the Credential Instance specified by the identifier.

Gets the Adapter Instances using the Credential Instance specified by the identifier.

Gets all the Credential Kinds defined in the system. Optionally filter by adapter kind keys.

The deprecation info and all key-name mappings can be found in the /api/deployment/config/globalsettings/metadata API's description.

Currently one can Start or Stop a DT Run.
Sample URI:
PUT /api/deployment/cluster/dt?action=start
PUT /api/deployment/cluster/dt?action=stop

The status is ONLINE, if all the services are running and responsive, else status is OFFLINE.

The information returned includes the Health of the Service, uptime, start time of the service and etc.
Specifically the Health of the Service is 'OK', when the Service is running and responsive, otherwise it is 'Error'.

The information returned includes the Health of the Service, uptime, when the service was started and etc.
Specifically the Health of the Service is 'OK', when the Service is running and responsive, otherwise it is 'Error'.

The deprecation info and all key-name mappings can be found in the /api/deployment/config/globalsettings/metadata API's description.

The deprecation info and all key-name mappings can be found in the /api/deployment/config/globalsettings/metadata API's description.

Find all the name-key mappings here:

Action History - ACTION_RETENTION_IN_DAYS,
Deleted Objects - DELETED_OBJECTS_RETENTION_IN_HOURS,
Deletion Scheduling Interval - DELETION_SCHEDULING_INTERVAL_IN_HOURS,
Object History - OBJECT_HISTORY_RETENTION_IN_DAYS,
Generated Reports Retention - GENERATED_REPORTS_RETENTION_TIME_IN_MONTHS,
Session Timeout - SESSION_TIMEOUT_IN_MINUTES,
Symptoms/Alerts - CANCELLED_ALERTS_SYMPTOMS_RETENTION_TIME_IN_DAYS,
Time Series Data Retention - TIME_SERIES_DATA_RETENTION_IN_MONTHS,
Additional Time Series Retention - ROLLUP_TIME_SERIES_DATA_RETENTION_IN_MONTHS,
Deleted Users - DELETED_USERS_RETENTION_IN_DAYS,
External Event Based Active Symptoms - OUTDATED_EVENT_BASED_SYMPTOMS_CANCELING_ENABLED,
External Event Based Active Symptoms - ACTIVE_EVENT_BASED_SYMPTOMS_RETENTION_TIME_IN_DAYS,
Dynamic Threshold Calculation - DYNAMIC_THRESHOLDING_UPDATE_TIME_IN_MINUTES,
Cost Calculation - COST_CALCULATION_TIME_IN_MINUTES,
Deprecated from VMware Aria Operations 8.14: Customer Experience Improvement Program - TELEMETRY_ENABLED,
Allow vCenter users to log in to individual vCenters from VMware Cloud Foundation Operations - VC_USER_LOGIN_TO_INDIVIDUAL_VC_ALLOWED,
Allow vCenter users to log into VMware Cloud Foundation Operations from vCenter clients - VC_USER_LOGIN_FROM_VC_WEBUI_ALLOWED,
Allow vCenter users to log in to all vCenters from VMware Cloud Foundation Operations - VC_USER_LOGIN_TO_ALL_VC_ALLOWED,
System access URL - BASE_URL,
Automated Actions - AUTOMATED_ACTIONS_ENABLED,
Enable Standard Certification Validation - ENABLE_CERTIFICATE_VALIDATION_STANDARD_WAY,
Concurrent UI login sessions - ALLOW_CONCURRENT_LOGIN_SESSIONS,
Allow non-imported vIDM user access - ALLOW_NON_IMPORTED_VIDM_USERS_ACCESS,
Dynamic Threshold Calculation - DYNAMIC_THRESHOLDING_ENABLED,
Cost Calculation - COST_CALCULATION_ENABLED,
Deleted Objects - DELETED_OBJECTS_RETENTION_IN_HOURS_EXPANSION,
Generated Reports Retention - GENERATED_REPORTS_RETENTION_ENABLED,
Docker image default registry URL - DOCKER_IMAGE_REGISTRY_URL,
Tag Based Pricing Metrics - PRICING_TAG_DETAILED_METRICS,
Tag based Costing Metrics - COSTING_TAG_DETAILED_METRICS,
Cluster Utilization Ceiling Factor - CLUSTER_UTILIZATION_ROUND_OFF,
Generated Reports Retention - GENERATED_REPORTS_RETENTION_TIME_IN_DAYS,
Threshold For Adapters Certificate Expiration Alert - CERTIFICATE_ALARM_DAYS,
Show Cost Savings - SHOW_COST_SAVINGS_RECLAMATION_SETTING,
Include Powered off VMs for Reclamation (flag) - RECLAIM_POWERED_OFF_VMS_ENABLED,
Include Powered off VMs for Reclamation (days) - RECLAIM_POWERED_OFF_VMS_DAYS,
Include Idle VMs for Reclamation - RECLAIM_IDLE_VMS_ENABLED,
Minimum number of days that VM has been idle for - RECLAIM_IDLE_VMS_DAYS,
Exclude VM provisioned in last - EXCLUDE_IDLE_VMS_PROVISIONED_IN_LAST_DAYS,
VM Idleness Criteria (MHz) - IDLENESS_INDICATOR_THRESHOLD_MHZ,
VM Idleness Criteria (%) - IDLENESS_INDICATOR_THRESHOLD_PERCENT,
Include Snapshots for Reclamation (flag) - RECLAIM_SNAPSHOTS_ENABLED,
Include Snapshots for Reclamation (days) - RECLAIM_SNAPSHOTS_DAYS,
Include Orphaned Disks for Reclamation (flag) - RECLAIM_ORPHANED_DISKS_ENABLED,
Include Orphaned Disks for Reclamation (days) - RECLAIM_ORPHANED_DISKS_DAYS,
Orphaned Disks Collection Time - ORPHANED_VMDK_COLLECTION_TIME_IN_MINUTES,
Near Real-Time Monitoring Data Retention - NEAR_REAL_TIME_OBJECT_HISTORY_RETENTION,
Credential Ownership Enforcement - ACTIVATE_CREDENTIAL_OWNERSHIP.

Push a single Event into the system

Push one or more Events into the system

If the adapter kind specified is not present in the system, it will be created dynamically. However,
if the adapter kind specified does already exist, then it must be of OPENAPI adapter kind type.
Also the API sanitizes the Push Adapter Kind key by removing invalid characters (e.g.: Embedded HTML & JS)

If the adapter kind specified is not present in the system, it will be created dynamically. However,
if the adapter kind specified does already exist, then it must be of OPENAPI adapter kind type.
Also the API sanitizes the Push Adapter Kind key by removing invalid characters (e.g.: Embedded HTML & JS)

Update existing VCF integration with provided parameters

vCenter,vSAN and NSXT adapter instances will be generated, upon VCF integration creation, but service discovery is still needed to be enabled manually

NOTE: The un-registration of some of the VCs under the VCF may fail because of different issues, e.g. connection issue. In such cases response will be returned with http 200 status code, however the failed resources id's will be reported in the response body. Please check the status field of the response after executing this API, in order to make sure that the operation has fully succeeded.