VMware Cloud Director OpenAPI Operations Index

Get the access-control list for the specified vCD entity.

Creates an access-control grant, giving the user the level of access for the vCD entity.

Get the specified access-control grant.

Updates the specified access-control grant.

Removes the specified access-control grant from the vCD entities access-control list.

Get all access levels.

Get the specified access level.

Get a list of all advisory definitions.

Create a new advisory definition.

Get the advisory definition with the specified id.

Delete the advisory with the associated specified id.

Get a list of all advisories accessible to the user.

Get the advisory with the specified id.

Updates an advisory for the active session using a specified id. Advisories that have a MANDATORY priority may not be updated.

Query all API filters.

Create an API filter.

Retrieve an API filter.

Update an API filter.

Delete an API filter.

Retrieves a list of Org-scoped (if applicable) apps. Results can be filtered by id, name. If no organization scope is provided, items are returned from all the organizations.

Creates a new App in the provided organization. If appType is ContainerApp, and field kubernetes.paused is set to false, this API returns 202 with task URL in location header. If appType is ContainerApp, and field kubernetes.paused is set to false, this API returns 201 with the paused ContainerApp in response body. If appType is VmApp, then this method throws 400 BadRequest exception. VM based apps cannot be created using this API. Returns 400 if an app with the same name already exists.

Retrieves a specific app via its URN.

Updates a specific app. When package info for the specified container app has been updated, and the container app deployment is not paused, this API will response 202 with task URL in location header. Otherwise this API returns 200.

Deletes a specific app. If force parameter has been set to true, this API will response 204. Otherwise this API returns 202 with task URL in location header.

Retrieves the custom changes used to override default values in values.yaml. Returns 400 if app type is anything but ContainerApp.

Sets the custom changes used to override default values in values.yaml. These custom changes should be in YAML format. E.g. for Helm charts, user-supplied custom changes will be applied to override default values stored in Helm chart's values.yaml. If the container app deployment is not paused, this API will response 202 with task URL in location header. Otherwise this API returns 200 for a ContainerApp. Returns 400 if app type is anything but ContainerApp.

Retrieves a list of Kubernetes resources allocated for a container app. Returns 400 if app type is anything but ContainerApp.

Retrieves a list of revisions generated for a container app. Returns 400 if app type is anything but ContainerApp.

Retrieves a specific revision via container app's URN and revision number. Returns 400 if app type is anything but ContainerApp.

Retrieves the custom changes stored in revision via container app's URN and revision number. Returns 400 if app type is anything but ContainerApp.

Rollback to a revision specified by container app's URN and revision number. A 202 response is returned along with a task URL in the location response header. Returns 400 if app type is anything but ContainerApp.

Retrieves a list of Org-scoped (if applicable) appTemplates. Results can be filtered by id, name. If no organization scope is provided, items are returned from all the organizations.

Creates a new AppTemplate in the provided catalog.

Retrieves a specific appTemplate via URN.

Updates appTemplate definition. If new application or chart versions are added in the appTemplate definition, those versions will be imported. The response is a 202 with task URL in location header. if versions are removed then corresponding catalog items are deleted.

Deletes the specified appTemplate and all its backing catalog items for all the versions. The response is a 202 with task URL in location header

Retrieves a list of AppTemplateEula objects.

Retrieves a specific user-defined Application Port Profile

Updates a specific user-defined Application Port Profile

Deletes a specific user-defined Application Port Profile

Retrieves all Application Port Profiles. This includes user-defined profiles and default system profile. Supported filters are:

• Org vDC ID (orgVdcId==[ID]) - | Return all the application port profiles which are available to a specific Org vDC.
• Network Provider ID (networkProviderId==[ID]) - | Returns all the application port profiles which are available under a specific network provider.
• VDC Group ID (vdcGroupId==[ID]) - | Returns all the application port profiles which are available to a specific vDC Group.
• Provider Gateway ID (providerGatewayId==[ID]) - | Returns all the application port profiles which are available to a specific Provider Gateway.

Create a user-defined application port profile.

Sync the application port profiles from the network provider to VCD. The network provider is required to be specified as a filter: (networkProviderId==[ID]) The following context is deprecated as of API version 38.0: Network Provider ID (_context==networkProviderId)

Get list of audit trail events

Get the system level branding information including the portal name, portal color, selected theme and custom URLs.

Sets the branding information including the portal name, portal color, selected theme and custom URLs for a specific org or system default.

Get the system level logo as raw image data suitable for use in an image tag's src attribute.

If a custom logo is not set then the vCloud Director default logo is sent.

Set the system logo data.

Delete the system level logo, forcing the get method to return the vCloud Director default logo.

Get the system level icon as raw image data suitable for use in an image tag's src attribute.

If a custom icon is not set then the vCloud Director default icon is sent.

Set the system icon data.

Delete the system level icon, forcing the get method to return the vCloud Director default icon.

Get org-specific branding information including the portal name, portal color, selected theme and custom URLs. If no org branding has been specified, retrieve the default system branding.

Sets the branding information including the portal name, portal color, selected theme and custom URLs for a specific org.

Removes org-specific branding information if specified

Get the org-specific logo as raw image data suitable for use in an image tag's src attribute. If an org-specific logo is not set, get the default system logo.

If a custom logo is not set then the vCloud Director default logo is sent.

Set the org-specific data.

Delete the org-specific logo, forcing the get method to return the system default logo.

Get the system level icon as raw image data suitable for use in an image tag's src attribute.

If a custom icon is not set then the vCloud Director default icon is sent.

Set the system icon data.

Delete the system level icon, forcing the get method to return the vCloud Director default icon.

Gets the list of all available branding themes

Creates a new branding theme

Gets an existing branding theme

Updates existing branding theme

Deletes existing branding theme. If a theme is assigned to any organizations and forceDelete flag is specified it will delete the scoping as well. If a theme is assigned but forceDelete is not specified - error will be returned.

Retrieve the CSS for this theme if it has been set

Update an existing custom theme's contents, uniquely identified by name. Currently, this is limited to a single CSS file.

Delete a custom theme's contents

Gets the list of all available branding themes

Creates a new branding theme

Gets an existing branding theme

Updates existing branding theme

Deletes existing branding theme. If a theme is assigned to any organizations and forceDelete flag is specified it will delete the scoping as well. If a theme is assigned but forceDelete is not specified - error will be returned.

Gets theme resources as a zip archive.

Initiate an upload for the resources of this branding theme using the Transfer Service. A unique transfer service URL is returned where the plugin can be uploaded. The resources should be bundled in an archive, which must also contain a manfiest.json describing the various resources bundled in this archive. Example manifest.json { Name: "cusome_name.zip", Description: "Autogenerated branding theme resources", Vendor: "Vmware", Version: 0.0.1 Resources: { FavIcon: , Logo: , Background: , Localizations: , CustomLinks: , Styles: , PortalName: } }

Gets the logo resource for the active theme for the current organization.

Gets the background resource for the active theme for the current organization.

Gets the favIcon resource for the active theme for the current organization.

Gets the custom links for the active theme for the current organization.

Gets the CSS resource for the active theme for the current organization.

Gets the portal name for the active theme for the current organization.

The response will contain a link to the button icon, if available.

The theme may optionally define an icon/logo to be associated with a particular identity provider alias.

Get organizations and their active themes

Gets organizations using this branding theme as active

Set active theme for an organization

Set active theme for a list of organizations

Remove active branding theme of tenant. Tenant will inherit the default branding theme. The branding theme instance is not deleted and can be set as active again at later point.

Initiates converting for the old branding api themes

Retrieves capabilities for quotaPolicy feature.

Retrieves the supported capabilities of the specified vDC Group.

Retrieves capabilities for the given Organization vDC.

Retrieves the current capabilities configured on a specific provider VDC storage policy. These cannot be edited.

Retrieves the current capabilities configured on a specific organization VDC storage policy. These cannot be edited.

Retrieves a list of Org-scoped (if applicable) catalogs. Results can be filtered by id, name. If no organization scope is provided, catalogs from all organizations are returned.

Retrieves a specific catalog via URN.

Refreshes a distributed catalog by checking the underlying storage for items which have been updated, items which have been deleted, and new items to be created.

Returns any issues of the Catalog. This can range from distribution issues caused by a misconfiguration of the Catalog's Storage Policy, an underlying infrastructure issue that results in the catalog not being in sync with its peers, or issues related to the items within the Catalog such as failed creation.

Retrieves all peer catalogs of the specified local catalog.

Get list of registered catalog content sources.
Results can be filtered by:

• id
• name
• sourceType
  
  

Create a new CatalogContentSource entity in VCD by registering the provided source information. If the sourceType is "HelmchartRepo" then the response is a 202 with task URL in location header. Otherwise, the response is 201 with CatalogContentSouce in response body.

Get specified catalog content source

Update the definition of existing catalog content source entity. If the sourceType is "HelmchartRepo" and the URL is changed then the response is a 202 with task URL in location header. This task tracks the replication process of the corresponding remote source items. Otherwise, the response is 201 with the updated CatalogContentSouce in response body.

Deletes a registered catalog content source.

Fetch content from the source repository and cache the results. When the operation is successful, a 202 response is returned, along with a task URL in location header.

Get a list of SourceItems from the given CatalogContentSource. If the 'sourceType' of CatalogContentSource is 'VmwareMarketplace', then 'itemType' of listed SourceItem results can be 'HelmSourceItem' or 'VmSourceItem'. Otherwise, if 'sourceType' is 'HelmchartRepo', 'itemType' results can only be 'HelmSourceItem'.

Get the SourceItem with given identifier from the given CatalogContentSource.

Get the reference to the EULA for a version of a SourceItem with given identifier from the given CatalogContentSource.

Retrieves the access-control list for the specified Kubernetes namespace.

Creates an access-control grant, giving the user the level of access for the Kubernetes namespace.

Resets list of access-control grants, giving the users the level of access for the Kubernetes namespace.

Get a specific access-control grant for the Kubernetes namespace.

Updates the specified access-control grant for the Kubernetes namespace.

Removes the specified access-control grant from the Kubernetes namespace entities access-control list.

Retrieve a list of cells

Presents an overview of the latest snapshot(according to the filter, if specified) of each cell. The filter and the sort query parameters apply towards the topologies in the values field.

Presents an overview of the latest snapshot(according to the filter, if specified) of each currently active cell. This resource can be used as a health check for the cell group. The filter and the sort query parameters apply towards the topologies in the values field.

Retrieves details of the cell based on it's URN

Updates the cell, allowing the cell's status to be changed. This can be used to place an active cell into maintenance mode or quiesced mode, or vice versa.

Removes the specified cell from installation. This operation can only be performed on a cell whose status is 'INACTIVE'.

Retrieves the cell's endpoint information and secure parameters.

Updates the cell's endpoint certificates. Updates will cause a brief interruption in connectivity as the reconfiguration is applied. It is recommended (though not required) that the affected cell be put into maintenance mode prior to updating the cell's endpoint certificates. This is so that existing connections can gracefully handle a certificate update.

This represents all past cell topology states of a particular cell(up to 100).

Get a list of the certificate library items

Add an item to the certificate library

Retrieves the specified certificate library item. Note: This API also supports a former (erroneously spelt) alternate path /cetificateLibrary/{id} as a Deprecated API (deprecated-in and removed after API version 36.0)

Updates the specified certificate library item. Only the alias and description fields may be edited Note: This API also supports a former (erroneously spelt) alternate path /cetificateLibrary/{id} as a Deprecated API (deprecated-in and removed after API version 36.0)

Delete the specified certificate library item. Only items that are not in use can be deleted. Note: This API also supports a former (erroneously spelt) alternate path /cetificateLibrary/{id} as a Deprecated API (deprecated-in and removed after API version 36.0)

Get list of consumers (as references) of a particular certificate library item

Adds the specified consumer reference to a library item.

Replaces the existing consumer refs with the consumer references supplied.

Retrieves links to start navigation

This endpoint will not produce results. It is a placeholder to enforce code generation of Page.

Returns all configuration properties. At present this will always return an EMPTY list.

Get the current setting for the specified configuration property.

Sets a configuration property to the provided value.

Queries the set of allowed origins.

Sets allowed origins to the given set of origins.

Retrieves a specific Cross vDC network.

Updates a specific Cross vDC network.

Deletes a specific Cross vDC network

Sync/repair the specific cross vdc network

Get all Cross vDC networks of a vDC group.

Get all Cross vDC networks in the system.

Creates a Cross vDC network.

Get list of custom entity types.

Creates a new custom entity type

Get specified custom entity type

Update specified custom entity type

Delete specified custom entity type.

Retrieves list of item for whom the custom entity type is explicitly published

Resets list of tenants for whom the custom entity type is explicitly published

Publishes the custom entity type to the specified tenants

Revokes publication of the custom entity type to the specified tenants

Publishes the custom entity type to all tenants

Unpublishes the custom entity type from all tenants

Retrieves list of item for whom the custom entity type is explicitly published

Resets list of tenants for whom the custom entity type is explicitly published

Publishes the custom entity type to the specified tenants

Revokes publication of the custom entity type to the specified tenants

Publishes the custom entity type to all tenants

Unpublishes the custom entity type from all tenants

Get all actions associated with this custom entity type

Creates a new custom entity type action

Delete specified custom entity type action

Get list of custom entities

Get specified custom entity

Get specified custom entity represented as on Sdk-Object

Attempts to migrate Defined Entity instances of a Defined Entity Type (source entity type) to another version (upgrade/downgrade) of the Defined Entity Type (target entity type). Depending on potential concurrent updates, this operation might, or might not process all instances. If you seek to migrate all instances, you have a few options:

• run this operation, or individual RDE updates multiple times, as many as required (inspecting state after each run)
• make sure not to perform any upgrade/downgrade operations on Defined Entity instances of the source entity type while the migrate task is in progress. Only those Defined Entity instances which the user has modify access to are affected by the mass migrate operation.

Essentially the mass migrate operation is a batch update operation on the Defined Entity instances of the source entity type (each instance is updated with changing the "entityType" property to the target entity type). However, the underlying update operation on each Defined Entity instance is limited in terms of functionality compared to the API update operation on a Defined Entity instance. First of all, you can only update the "entityType" property of the Defined Entity instance. Also you cannot make use of the OCC functionality when executing a mass migrate - Defined Entity instances will be updated regardless of their current state. And lastly, a PostUpdate hook, defined in the target entity type, will not be executed on the Defined Entity instances after a mass migrate operation.

The mass migrate operation may also change the entityState of the Defined Entity instances:

• If an instance is in PRE_CREATED entityState before the migration - the instance will remain in PRE_CREATED entityState after the migration
• If an instance is in RESOLUTION_ERROR entityState before the migration - the instance will move into PRE_CREATED entityState after the migration
• If an instance is in IN_DELETION entityState before the migration - the instance will remain in IN_DELETION entityState after the migration
• If an instance is in RESOLVED entityState before the migration - the migration operation will try to resolve the instance after upgrading it to the target type's version. If the instance's entity contents validate against the target version's schema, the instance will remain in RESOLVED entityState. If the instance's entity contents cannot validate against the target version's schema, the instance will either remain unchanged (migration will be rolled back) or it will move into RESOLUTION_ERROR entityState depending on the value of the "forceMigrate" property (part of the body of the request). The default behavior is to roll back the migration. Generally in this case (when the instance's entity contents are incompatible with the target version's schema), the user must then individually update each of the incompatible instances according to their business logic.

A RDE modify event is emitted for each instance which is migrated with the 'definedEntity.type' and 'definedEntity.was.type' additional properties having different values (the same RDE modify event is emitted with the Defined Entity instance update operation).

The mass migrate operation is suitable for use when there are a lot of instances of a Defined Entity type which need to be migrated and a small fraction of them is expected to be incompatible with the target entity type's schema. In all other cases, the usual update Defined Entity instance operation is more appropriate.

Gets the defined entity with the unique identifier (URN)

Update the defined entity with the unique identifier (URN). This operation can also be used to upgrade/downgrade the entity to a different version of the defined entity type it is an instance of by setting the "entityType" property.

The update operation may change the entityState of the Defined Entity. If the entity's entityState is:

• PRE_CREATED before the update - the entity will remain in PRE_CREATED entityState after the update
• RESOLUTION_ERROR before the update - the entity will move to PRE_CREATED entityState after the update
• IN_DELETION before the update - the entity will remain in IN_DELETION entityState after the update
• RESOLVED before the update - the update operation will try to validate the entity content (value after the update) against the entity type's schema (value after the update). If validation is successful the entity will remain in RESOLVED state. Otherwise, the entity will move to RESOLUTION_ERROR entityState and the operation will fail with exception.

Deletes the defined entity with the unique identifier (URN). A multi-stage entity deletion process can achieved using the PreDelete and PostDelete RDE lifecycle hooks. When deleting a defined entity the PreDelete hook is executed first and if invocation fails, deletion is aborted and entity remains unchanged. If PreDelete hook execution succeeds, the entity is moved into IN_DELETION state and PostDelete hook execution is started. If the PostDelete hook succeeds, the entity is deleted. Otherwise, it remains in IN_DELETION state. An entity can always be deleted by setting the invokeHooks parameter to 'false'.

Gets the full defined entity with the unique identifier (URN) including secure fields.

Validates the defined entity against the entity type schema. If the validation is successful, the entity will transition to a "RESOLVED" state. Otherwise, it will transition to an "ERROR" state.

Retrieves all the metadata for the entity. User can view the entries if user can view the entity.

Creates a new entry. This operation is allowed only if the user has at least a read access level to the main entity. Additionally file entries require the user to have the 'Metadata File Entry: Create/Modify' right.

Get a single metadata entry.

Update the value of a single key-value metadata entry.

Delete a single metadata entry.

Download the binary content of a file entry

Gets the collection of defined entities for the vCD-defined type with the specified id. Depending on the requested items per page, and the number of returned entities, one or more metadata summary cursor links will be returned in the headers. In order to retrieve the summaries of all the entities, clients need to fetch each separate cursor and merge the results.

Gets the collection of defined entities for the vCD-defined type with the specified vendor, nss and version. The version can act as a wildcard. If only '1' is specified as the version, all entity types with a major version of '1' will be matched (e.g. 1.0.0, 1.1.2). If '1.0' is specified, all entity types with a major version of '1' and a minor version of '0' will be included (e.g. 1.0.0, 1.0.1). If the full semver is specified, then no search will be performed. Depending on the requested items per page, and the number of returned entities, one or more metadata summary cursor links will be returned in the headers. In order to retrieve the summaries of all the entities, clients need to fetch each separate cursor and merge the results.

Gets the collection of defined entities for the vCD-defined type with the specified vendor and nss without restrictions on the version.

Gets the collection of defined entities for the vCD-defined interface with the specified vendor, nss and version. The version can act as a wildcard. If only '1' is specified as the version, all entity types with a major version of '1' will be matched (e.g. 1.0.0, 1.1.2). If '1.0' is specified, all entity types with a major version of '1' and a minor version of '0' will be included (e.g. 1.0.0, 1.0.1). If the full semver is specified, then no search will be performed. Depending on the requested items per page, and the number of returned entities, one or more metadata summary cursor links will be returned in the headers. In order to retrieve the summaries of all the entities, clients need to fetch each separate cursor and merge the results.

Gets the collection of defined entities for the vCD-defined interface with the specified id. Depending on the requested items per page, and the number of returned entities, one or more metadata summary cursor links will be returned in the headers. In order to retrieve the summaries of all the entities, clients need to fetch each separate cursor and merge the results.

Gets the collection of entity types defined in the vCD instance. Allows collection refinement through traditional FIQL-based filtering

Creates a defined entity type.

Gets the entity type with the unique identifier (URN)

Creates a defined entity based on the entity type (URN).

Updates the entity type with the unique identifier (URN)

Deletes the entity type with the unique identifier (URN)

Gets the collection of interfaces defined in the vCD instance. Allows collection refinement through traditional FIQL-based filtering

Creates a defined interface. The version must follow semantic versioning rules.

Gets the interface with the unique identifier (URN)

Updates the interface with the unique identifier (URN) The version must follow semantic versioning rules.

Deletes the interface with the unique identifier (URN)

Retrieve the Behaviors of the specified Defined Entity Type.

Retrieve a specific Behavior in the Defined Type. The Behavior must be specified by ID.

Override the execution of the specified Behavior in the Defined Entity Type. The Behavior must be specified by ID.

Remove a Behavior override in the Defined Entity Type. The Behavior must be specified by ID.

Every entity returned by the API contains information about the scheduled behavior and execution state, where the execution state is used to persist and track the execution of the behavior.

Schedules execution of a behavior.

Retrives detals of scheduled behavior.

Edit execution state of a schedule on given behvior. After edit the behavior will be re-scheduled if the "cronExpression" or the "active" property is changed.

Un-schedules execution of behavior and deletes the scheduled behavior configuration.

Gets the access control configuration of the entity type's behaviors

Adds an access control configuration of an entity type's behavior

Sets the access control configuration of the entity type's behaviors

Retrieve the Behaviors of the specified Defined Interface.

Add a new Behavior to the Interface. Only allowed if the Interface is not in use.

Update all Behaviors, possibly adding or removing some if the Interface is not in use. If the Interface is in use, then only the executions of the existing Behaviors can be updated. The Behaviors can be specified by ID or by name.

Retrieve a specific Behavior in the specified Defined Interface.

Update the execution of the specified Behavior in the Defined Interface. The Behaviors can be specified by ID or by name.

Remove a Behavior from the Defined Interface. The Behaviors can be specified by ID or by name.

Invokes a static behavior defined in the specified interface. The contract of the behavior is specified in the behavior description. If an Activity behavior is invoked with an 'operationId' in the invocation metadata, then another invocation of the behavior with the same 'operationId' will be ignored within the next 1 hour.

Download the execution log from a behavior invocation

Invokes a behavior on a defined entity. The contract of the behavior is specified in the behavior description. If an Activity behavior is invoked with an 'operationId' in the invocation metadata, then another invocation of the behavior with the same 'operationId' will be ignored within the next 1 hour.

Download the execution log from a behavior invocation

Looks up a service account identified by the specified user code for processing its authorization request

Grants access to service account identified by the specified user code. Subsequent polling by the device will result in access token to be transmitted as per device code flow specification

A device's request for access on behalf of a service account, as identified by the specified user code, is denied

Retrieves the current state of DFW along with all the DFW security policies for a given networking and security domain.

Updates the DFW security policies for a given networking and security domain. A default security policy will be created when DFW is enabled. Removing a security policy will result in removal of the policy and all of its associated firewall rules.

Retrieves a specific DFW security policy.

Updates a specific DFW security policy.

Deletes a specific DFW security policy. Removing a security policy will result in removal of the policy and all of its associated firewall rules.

Retrieves all firewall rules for a given DFW security policy. The rules are returned in the order of precedence.

Creates a Firewall Rule for a given DFW Security Policy.

Updates all the firewall rules for a given DFW security policy. If a rule with the ruleId is not already present, a new rule will be created. If it already exists, the rule will be updated. Any existing rule that is not specified in the update payload will be deleted. The order of rules in payload will define the actual order in which this rules will be applied.

Retrieves a specific firewall rule for a given DFW security policy.

Updates a specific firewall rule for a given DFW security policy.

Deletes a specific firewall rule for a given DFW security policy.

Log filters are encapsulated in a FIQL filter query parameter. Sample filter: filter=(timestamp=gt=2020-07-24T00:00:00,timestamp=lt=2020-08-24T00:00:00;ruleId==a4ec73d6-9937-4b32-bdc7-b4dda5366391) Supported filters are:

• timestamp. Log timestamp. This is optional. Must be in ISO 8601 format (i.e. 2020-07-24T00:00:00.000Z). Defaults to the current time.
• ruleId. Id of the firewall rule. This is optional. This field is responsible for filtering logs based on rule firewall rule id.
• ruleName. Name of the firewall rule. This is optional. This field is responsible for filtering logs based on firewall rule name.
• loggingId. Logging Id of the firewall rule. This is optional. This field is responsible for filtering logs based on firewall rule logging Id. Logging Id is unique ID assigned by the backing NSX-T network provider, and is used for logging by NSX-T. Only applies to NSX-T.
• addressFamily. IP address family. Either IPV4 or IPV6. This is optional.
• reason. Criteria for which an action is taken by the firewall rule. This is optional.
• action. Action taken by the firewall rule. This is optional.
• direction. Direction of network traffic on the distributed firewall. Can be IN or OUT. This is optional.
• protocol. The protocol used for communication between source and destination hosts. Can be TCP, UDP or PROTO. This is optional.
• sourceIpAddress. IP address of the source host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified source IP.
• sourcePort. Port of the source host. This is optional. This field is responsible for filtering logs based on the specified source port.
• destinationIpAddress. IP address of the destination host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified destination IP.
• destinationPort. Port of the destination host. This is optional. This field is responsible for filtering logs based on the specified destination port.

Returns the DVPG properties, such as promiscuous mode and forged transmit, of a specific Org vDC network. This is a SysAdmin only API.

Toggles the DVPG properties of a specific Org vDC network. Allows for update of promiscuous mode and forged transmit. This is a SysAdmin only API.

Retrieves a specific Edge Cluster

Updates a specific Edge Cluster

Deletes a specific Edge Cluster

Retrieves all Edge Clusters. Results can be filtered by id, name, vCenter (resourcePool.vcId), externalNetworkId and orgVdcId.

• externalNetworkId - | The URN of external Network. Filters all edgeClusters that are accessible to externalNetworkId. externalNetworkId filter is supported from version 35.2 Example: (externalNetworkId==urn:vcloud:network:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
• orgVdcId - | The URN of Org vDC. Filters all edgeClusters that are available to an Org vDC. orgVdcId filter is supported from version 36.0 Example: (orgVdcId==urn:vcloud:vdc:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
• vdcGroupId - | The URN of vDC Group. Filters all edgeClusters that are available to a vDC Group. vdcGroupId filter is supported from version 39.0 Example: (vdcGroupId==urn:vcloud:vdcGroup:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
• isProjectedToOrg - | The URN of the organization. Filters all edge clusters that are projected to a given Organization. Filtering for only non-projected edge clusters is also supported. isProjectedToOrg is supported from version 39.0 Example: (isProjectedToOrg==urn:vcloud:organizaton:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

Create a new Edge Cluster. An Edge Cluster is defined by a Resouce Pool and Storage Profile for deploying Edge Gateways. It can subsequently be assigned to a given vDC Network Profile as a Primary or Secondary Edge Cluster.

Get all projections of this edge cluster across all organizations.

This API projects the edge cluster to the sub-provider tenant organization.

Get projection with the given identifier.

This API allows update of projection name of the given edge cluster. All other properties are ignored.

This API deletes the edge cluster projection.

Retrieves a specific Edge Gateway

Update a specific Edge Gateway. Only NSX-T Edge Gateways can be created with this endpoint.

Deletes a specific Edge Gateway. Only NSX-T Edge Gateways can be deleted with this endpoint.

Get all the used IPs for a given external network. This returns all the IP addresses of network which are being used by a vApp VM or by an edge gateway connected to this external network. Results can be filtered by IP address.

Retrieves the general BGP configuration for a Provider Gateway.

Updates the general BGP configuration on a Provider Gateway.

Retrieves a specific BGP neighbor of Provider Gateway.

Updates a specific BGP neighbor of Provider Gateway.

Deletes a specific BGP neighbor of Provider Gateway.

Retrieves status of a specific BGP neighbor configured on a Provider Gateway.

Retrieves all BGP neighbors configured for the Provider Gateway.

Creates a new BGP neighbor for the Provider Gateway.

Retrieves the DHCP Forwarder configuration on an Edge Gateway. A routed Org vDC network connected to this edge can choose to configure its DHCP configuration in RELAY mode which will use this DHCP forwarder.

Updates the DHCP Forwarder configuration on an Edge Gateway.

Retrieves DNS configuration of the edge gateway.

Updates DNS configuration of the edge gateway.

Deletes DNS configuration of the edge gateway.

Retrieves a specific firewall rule based on the rule ID provided.

Updates a specific firewall rule based on the rule ID provided.

Deletes a specific firewall rule based on the rule ID provided.

Retrieves all user-defined and default firewall rules for a given Provider Gateway. The rules are returned in the order of precedence.

Creates a single firewall rule based on a given Provider Gateway.

Updates all the firewall rules for a given Provider Gateway. If a rule with the ruleId is not already present, a new rule will be created. If it already exists, the rule will be updated. Any existing rule that is not specified in the update payload will be deleted. The order of rules in payload will define the actual order in which this rules will be applied.

Deletes all firewall rules for a given Provider Gateway.

Log filters are encapsulated in a FIQL filter query parameter. Sample filter: filter=(timestamp=gt=2020-07-24T00:00:00,timestamp=lt=2020-08-24T00:00:00;ruleId==a4ec73d6-9937-4b32-bdc7-b4dda5366391) Supported filters are:

• timestamp. Log timestamp. This is optional. Must be in ISO 8601 format (i.e. 2020-07-24T00:00:00.000Z). Defaults to the current time.
• ruleId. Id of the firewall rule. This is optional. This field is responsible for filtering logs based on rule firewall rule id.
• ruleName. Name of the firewall rule. This is optional. This field is responsible for filtering logs based on firewall rule name.
• loggingId. Logging Id of the firewall rule. This is optional. This field is responsible for filtering logs based on firewall rule logging Id. Logging Id is unique ID assigned by the backing NSX-T network provider, and is used for logging by NSX-T. Only applies to NSX-T.
• addressFamily. IP address family. Either IPV4 or IPV6. This is optional.
• reason. Criteria for which an action is taken by the firewall rule. This is optional.
• action. Action taken by the firewall rule. This is optional.
• direction. Direction of network traffic on the provider gateway. Can be IN or OUT. This is optional.
• protocol. The protocol used for communication between source and destination hosts. Can be TCP, UDP or PROTO. This is optional.
• sourceIpAddress. IP address of the source host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified source IP.
• sourcePort. Port of the source host. This is optional. This field is responsible for filtering logs based on the specified source port.
• destinationIpAddress. IP address of the destination host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified destination IP.
• destinationPort. Port of the destination host. This is optional. This field is responsible for filtering logs based on the specified destination port.

Retrieves all user-defined and default firewall rules for a given Provider Gateway. The rules are returned in the order of precedence.

Creates a single firewall rule based on a given Provider Gateway.

Updates all the firewall rules for a given Provider Gateway. If a rule with the ruleId is not already present, a new rule will be created. If it already exists, the rule will be updated. Any existing rule that is not specified in the update payload will be deleted. The order of rules in payload will define the actual order in which this rules will be applied.

Deletes all firewall rules for a given Provider Gateway.

Retrieves a specific firewall rule based on the rule ID provided.

Updates a specific firewall rule based on the rule ID provided.

Deletes a specific firewall rule based on the rule ID provided.

Retrieves the firewall state for a given Provider Gateway. Firewall state defines whether the firewall is currently enabled for the gateway.

Updates the firewall state for a given Provider Gateway.

Retrieves a specific IPSec tunnel for a given Provider Gateway.

Updates a specific IPSec tunnel for a given Provider Gateway.

Deletes a specific IPSec tunnel for a given Provider Gateway.

Retrieves the default connection properties that are used for a given IPSec Tunnel when security type is default, or is unspecified.

Retrieves status of a given IPSec VPN Tunnel configured on an Provider Gateway.

Retrieves connection statistics for a given IPSec VPN Tunnel configured on an Provider Gateway.

Retrieves connection properties for a given IPSec VPN Tunnel configured on an Provider Gateway.

Updates the connection properties for a given IPSec VPN Tunnel configured on an Provider Gateway.

Retrieves all IPSec VPN tunnels that are configured for an Provider Gateway. Pagination is supported, use response header to get the next page. Results can be sorted by only a single parameter. Sorting by combination of parameters (sortAsc=foo&sortDesc=bar) is not allowed.

Creates an IPSec tunnel on the Provider Gateway.

Retrieves all IPSec VPN tunnels that are configured for an Provider Gateway. Pagination is supported, use response header to get the next page. Results can be sorted by only a single parameter. Sorting by combination of parameters (sortAsc=foo&sortDesc=bar) is not allowed.

Creates an IPSec tunnel on the Provider Gateway.

Retrieves a specific IPSec tunnel for a given Provider Gateway.

Updates a specific IPSec tunnel for a given Provider Gateway.

Deletes a specific IPSec tunnel for a given Provider Gateway.

Retrieves the allowed IPSec VPN Tunnel security types for the specified Provider Gateway. The security types allowed are set by the System Administrator for the VCD site via the Config Management Tool (CMT). The final set of security types returned are the intersection of those set by the System Administrator and those supported by the gateway's backing network provider.

Retrieves the default connection properties that are used for a given IPSec Tunnel when security type is default, or is unspecified.

Retrieves the connection properties that are used for a given security type preset on a Provider Gateway's backing network provider. Allowed security types are:

• DEFAULT
• PROVIDER_PREFERRED
• CNSA
• FIPS
• FOUNDATION
• PRIME
• SUITE_B_GCM_128
• SUITE_B_GCM_256

Retrieves connection properties for a given IPSec VPN Tunnel configured on an Provider Gateway.

Updates the connection properties for a given IPSec VPN Tunnel configured on an Provider Gateway.

Retrieves status of a given IPSec VPN Tunnel configured on an Provider Gateway.

Retrieves connection statistics for a given IPSec VPN Tunnel configured on an Provider Gateway.

Retrieves a specific L2 VPN tunnel for a given edge gateway.

Updates a specific L2 VPN tunnel for a given edge gateway.

Deletes a specific L2 VPN tunnel for a given edge gateway.

Retrieves status of a given L2 VPN Tunnel.

Retrieves connection statistics for a given L2 VPN Tunnel configured on an Edge Gateway.

Retrieves all L2 VPN tunnels that are configured for an edge gateway. Results can be sorted by only a single parameter. Sorting by combination of parameters (sortAsc=foo&sortDesc=bar) is not allowed.

Creates an L2 VPN tunnel on the Edge Gateway.

Retrieves the current state of Load Balancer service on Edge Gateway.

Updates the Load Balancer service configuration on Edge Gateway.

Retrieves analytics for a specific load balancer. Metrics are specified in the filter query along with time period and series resolution. Up to 5 metric series can be specified per report. All reports will span the same time period.

Report filters are encapsulated in a fiql filter query parameter. Sample filter: filter=(componentId==urn:vcloud:virtualservice:7d38ad7f-cd93-4501-8c40-6f61650ccda0; metric==l4_server.avg_total_rtt;metric==l7_server.avg_application_response_time;step==500;limit==100) Supported filters are:

componentId==urn:vcloud:virtualservice:7d38ad7f-cd93-4501-8c40-6f61650ccda0
• componentId. The URN of the virtual service or pool for which metrics will be gathered. Only one should be specified. This is required.
• metric. One or more metrics of interest. filter=(metric==l4_server.avg_total_rtt;metric==l7_server.avg_application_response_time) - This is required. Supported metrics can be found at the analytics/supportedMetrics endpoint.
• step. The time resolution of the report, in seconds. This is required. Minimum supported resolution is 300 seconds (5 minutes).
• limit. Optional. The number of data points to be returned. This is optional. Defaults to 59 where it can't be calculated.
• startTime. Start time of the series. This is optional. Must be in ISO 8601 format (i.e. 2020-07-24T00:00:00). If not provided, start time is calculated from the step and end time.
• endTime. End period of the series. This is optional. Must be in ISO 8601 format (i.e. 2020-07-24T00:00:00). Defaults to the time of latest collected data point.

Retrieves all the supported metrics for load balancer analytic reports. These metrics can be used to create runtime reports of load balancer virtual services and pools. Supported filters are:

• componentId. The URN of the load balancer virtual service or pool for which we want supported metrics. Only one should be specified. This is required.

Retrieves all Load Balancer Pool Health Monitors assignments. Health Monitor filters are encapsulated in a fiql filter query parameter. One of the filters, "healthMonitorRef.id" or "loadBalancerPoolRef.id" is required. Sample filter: filter=(healthMonitorRef.id==urn:vcloud:loadBalancerHealthMonitor:cfa7d4bf-73d7-4214-adc3-e45ff42121e4) filter=(loadBalancerPoolRef.id==urn:vcloud:loadBalancerPool:7d38ad7f-cd93-4501-8c40-6f61650ccda0) Supported filters are:

• healthMonitorRef.id. The URN of the health monitor which is assigned to pools. Only one should be specified. If not specified, all health monitors assigned to pools are returned.
• loadBalancerPoolRef.id. The URN of the pool with which the health monitors are associated. Only one should be specified.

Create a new Load Balancer Pool Health Monitor assignment. The assignment links a Load Balancer Health Monitor with a Pool to monitor member servers' health.

Retrieves a specific Load Balancer Pool Health Monitor assignment.

Deletes a specific Load Balancer Pool Health Monitor assignment.

Retrieves summaries for all of the Load Balancer Pool Health Monitors that are available for association with Load Balancer Pools belonging to an Edge Gateway. Health Monitor filters are encapsulated in a fiql filter query parameter. Sample filter: filter=(loadBalancerPoolId==urn:vcloud:loadBalancerPool:7d38ad7f-cd93-4501-8c40-6f61650ccda0) Supported filters are:

loadBalancerPoolId==urn:vcloud:loadBalancerPool:7d38ad7f-cd93-4501-8c40-6f61650ccda0
• loadBalancerPoolId. The URN of the pool with which the health monitors are associated. Only one should be specified. If not specified, all health monitors associated with this gateway are returned.

Creates a Load Balancer Pool Health Monitor.

Retrieves a specific Load Balancer Pool Health Monitor.

Updates a specific Load Balancer Pool Health Monitor.

Deletes a specific Load Balancer Pool Health Monitor.

Retrieves a specific Load Balancer Pool.

Updates a specific Load Balancer Pool.

Deletes a specific Load Balancer Pool.

Retrieves summaries for all of the Load Balancer Pools that are configured for an Edge Gateway.

Use healthMonitorId filter to retrieve Load Balancer Pools which are associated with the specified Health Monitor. filter=(healthMonitorId==urn:vcloud:loadBalancerHealthMonitor:cfa7d4bf-73d7-4214-adc3-e45ff42121e4)

Creates a Load Balancer Pool.

Retrieves a specific Virtual Service.

Update a Virtual Service.

Delete a Virtual Service.

Retrieves HTTP request rules of a Virtual Service.

Update HTTP request rules of a Virtual Service.

Retrieves HTTP response rules of a Virtual Service.

Update HTTP response rules of a Virtual Service.

Retrieves HTTP security rules of a Virtual Service.

Update HTTP security rules of a Virtual Service.

Retrieves HTTP log summaries for a Virtual Service.

Log filters are encapsulated in a fiql filter query parameter. Sample filter: filter=(duration==900;endTime=2020-07-24T00:00:00) Supported filters are:

• duration. Duration of the series. This is optional. If start time is not specified (or set to zero), this field determines the duration from end for which logs are returned. Default value is zero (no limit).
• startTime. Start time of the logs. This is optional. Must be in ISO 8601 format (i.e. 2020-07-24T00:00:00). Defaults to zero.
• endTime. End time of the logs. This is optional. Must be in ISO 8601 format (i.e. 2020-07-24T00:00:00). Defaults to the current time.
• type. Type of logs to display in a comma-separated list. Can be CRITICAL or NON_CRITICAL. This is optional. Default value is CRITICAL.
• clientIpAddress. IP address of the client. This is optional. Must be in IPv4 format. This field is responsible for filtering logs based on the specified client IP.
• ipV6ClientIpAddress. IPv6 address of the client. This is optional. Must be in IPv6 format. This field is responsible for filtering logs based on the specified client IP.
• method. HTTP request method. This is optional. This field is responsible for filtering logs based on the specified request method.
• responseCode. The HTTP response status code. This is optional. Must be a valid response code in range 100-599. This field is responsible for filtering logs based on the specified response code.
• uriPath. The URI path of the request from the client. This is optional. This field is responsible for filtering logs based on the specified URI path.

Retrieves log details for a HTTP Virtual Service.

Retrieves WAF recommendations for a WAF violated HTTP log for a specified Virtual Service.

Apply WAF recommendations obtained for a WAF violated HTTP log on a specified Virtual Service.

Retrieves L4 logs for a Virtual Service.

Log filters are encapsulated in a fiql filter query parameter. Sample filter: filter=(duration==900;endTime=2020-07-24T00:00:00) Supported filters are:

• duration. Duration of the series. This is optional. If start time is not specified (or set to zero), this field determines the duration from end for which logs are returned. Default value is zero (no limit).
• startTime. Start time of the logs. This is optional. Must be in ISO 8601 format (i.e. 2020-07-24T00:00:00.000Z). Defaults to zero.
• endTime. End time of the logs. This is optional. Must be in ISO 8601 format (i.e. 2020-07-24T00:00:00.000Z). Defaults to the current time.
• type. Type of logs to display in a comma-separated list. Can be CRITICAL or NON_CRITICAL. This is optional. Default value is CRITICAL.
• clientIpAddress. IP address of the client. This is optional. Must be in IPv4 format. This field is responsible for filtering logs based on the specified client IP.
• ipV6ClientIpAddress. IPv6 address of the client. This is optional. Must be in IPv6 format. This field is responsible for filtering logs based on the specified client IP.
• applicationPort. Application port on which load balancer connection has been made. This is optional. This field is responsible for filtering logs based on the specified application port.

Retrieves WAF configuration for a Virtual Service.

Updates WAF configuration for a Virtual Service.

This will reset WAF config to its default state.

Retrieves WAF allowlist for a Virtual Service.

Updates WAF allowlist for a Virtual Service.

Retrieves WAF signature groups for a Virtual Service.

This will reset all the overridden WAF signature groups to their default state.

Retrieves a specific WAF signature group for a Virtual Service.

Updates a WAF signature group.

Get the signatures which are part of a virtual service WAF signature group.

Update the signatures for a virtual service WAF signature group.

Retrieves current and latest available WAF Core Rule Set upgrade information for a Virtual Service.

Upgrades the current CRS version to the latest available version.

Retrieves all Virtual Service Summaries for an Edge Gateway.

Create a new Virtual Service for a specific Edge Gateway.

Retrieves a specific NAT Rule configuration of the Provider Gateway based on the rule ID passed in.

Update a specific NAT Rule configuration of the Provider Gateway based on the rule ID passed in.

Deletes a specific NAT Rule configuration of the Provider Gateway based on the rule ID passed in.

Retrieves all NAT Rules on the Provider Gateway. Pagination is supported to get the next page in the header response. Results can be sorted by only a single parameter. Sorting by combination of parameters (sortAsc=foo&sortDesc=bar) is not allowed. By default, if no sort parameter is set, the NAT rules are sorted by the priority, starting with the lowest value (highest priority).

Creates a NAT Rule on the Provider Gateway.

Retrieves all NAT Rules on the Provider Gateway. Pagination is supported to get the next page in the header response. Results can be sorted by only a single parameter. Sorting by combination of parameters (sortAsc=foo&sortDesc=bar) is not allowed. By default, if no sort parameter is set, the NAT rules are sorted by the priority, starting with the lowest value (highest priority).

Creates a NAT Rule on the Provider Gateway.

Retrieves a specific NAT Rule configuration of the Provider Gateway based on the rule ID passed in.

Update a specific NAT Rule configuration of the Provider Gateway based on the rule ID passed in.

Deletes a specific NAT Rule configuration of the Provider Gateway based on the rule ID passed in.

Log filters are encapsulated in a FIQL filter query parameter. Sample filter: filter=(timestamp=gt=2020-07-24T00:00:00,timestamp=lt=2020-08-24T00:00:00;ruleId==a4ec73d6-9937-4b32-bdc7-b4dda5366391) Supported filters are:

• timestamp. Log timestamp. This is optional. Must be in ISO 8601 format (i.e. 2020-07-24T00:00:00.000Z). Defaults to the current time.
• ruleId. Id of the NAT rule. This is optional. This field is responsible for filtering logs based on rule NAT rule id.
• addressFamily. IP address family. Either IPV4 or IPV6. This is optional.
• reason. Criteria for which an action is taken by the NAT rule. This is optional.
• action. Action taken by the NAT rule. This is optional.
• direction. Direction of network traffic on the provider gateway. Can be IN or OUT. This is optional.
• protocol. The protocol used for communication between source and destination hosts. Can be TCP, UDP or PROTO. This is optional.
• sourceIpAddress. IP address of the source host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified source IP.
• sourcePort. Port of the source host. This is optional. This field is responsible for filtering logs based on the specified source port.
• sourceTranslatedIpAddress. Translated IP address of the source host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified source IP.
• sourceTranslatedPort. Translated Port of the source host. This is optional. This field is responsible for filtering logs based on the specified source port.
• destinationIpAddress. IP address of the destination host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified destination IP.
• destinationPort. Port of the destination host. This is optional. This field is responsible for filtering logs based on the specified destination port.
• destinationTranslatedIpAddress. Translated IP address of the destination host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified destination IP.
• destinationTranslatedPort. Translated Port of the destination host. This is optional. This field is responsible for filtering logs based on the specified destination port.

Retrieves a specific Prefix list for a given Provider Gateway.

Updates a specific Prefix list for a given Provider Gateway.

Deletes a specific Prefix list for a given Provider Gateway.

Retrieves all Prefix lists for a given Provider Gateway. Results can be sorted by only a single parameter. Sorting by combination of parameters (sortAsc=foo&sortDesc=bar) is not allowed.

Creates a new Prefix list on the Provider Gateway.

Retrieves the Rate Limiting (QoS) configuration on an Edge Gateway.

Updates the Rate Limiting (QoS) configuration on an Edge Gateway. Allows configuration of rate limits for traffic passing through this gateway. This defines QoS profiles which contains configuration which can be applied in ingress and egress directions on Edge Gateway.

Retrieve the list of subnets that will be advertised so that the Edge Gateway can route out to the connected external network. Org vDC networks that are in any of these subnets can then be routed out to the external networks.

Updates the list of subnets that will be advertised so that the Edge Gateway can route out to the connected external network.

Retrieves the SLAAC profile on the edge gateway.

Creates a SLAAC profile or updates the existing one if it already exists.

Retrieves all static routes configured for the Edge Gateway.

Creates a new static route configured on an Edge Gateway.

Retrieves a specific static route configured on an Edge Gateway.

Updates a specific static route configured on an Edge Gateway.

Deletes a specific static route of an Edge Gateway.

Retrieves all static routes configured for the Edge Gateway.

Creates a new static route configured on an Edge Gateway.

Retrieves a specific static route configured on an Edge Gateway.

Updates a specific static route configured on an Edge Gateway.

Deletes a specific static route of an Edge Gateway.

Get all edge gateways. If "ownerRef.id" filter is not specified, then user will see all the edge gateways in the organization they have the right to view. Results can be filtered by ownerRef. Combination of ownerRef and includeAccessible (includeAccessible==true) can be used to get all the edge gateways which are available to an Org vDC including the gateways which are owned by datacenter groups but available to Org vDC. The filter "candidatesForVdcGroup" (candidatesForVdcGroup==vdcGroupId>) can be used to return only edge gateways that can be associated with that VDC Group. The following context is deprecated as of API version 38.0: Combination of ownerRef and _context. (_context==includeAccessible) The filter "loadBalancerCloudId" (loadBalancerCloudId==[ID]) can be used to return the edge gateways that are associated with that Load Balancer Cloud.

Create a new edge gateway for a vDC. Only NSX-T Edge Gateways can be created with this endpoint.

Retrieves a specific Universal Egress Point.

Deletes a specific Universal Egress Point.

Sync/repair the egress point.

Get a list of Universal Egress Points for a Universal Router.

Creates a new Universal Egress Point from a specified Edge Gateway and Org vDC.

Tests that Email SMTP Settings are valid

Get specified entity object

Get the effective quotas applicable for the given service account.

Assign quotas to given target service account.

Get the effective quotas applicable for the given organization.

Assign quotas to given target organization.

Get the effective quotas applicable for the given user.

Assign quotas to given target user.

Get the effective quotas applicable for the given group.

Assign quotas to given target group.

Get the effective quotas applicable for the given vapp.

Query all external endpoints.

Creates an external endpoint. Vendor, name and version cannot be modified post-creation and must be unique. Each external endpoint will proxy its' requests to the configured rootUrl.

Retrieve an external endpoint.

Update an external endpoint. Vendor, name and version cannot be modified.

Delete an external endpoint. Only disabled endpoints (enabled = false) can be deleted.

Retrieves a specific external network.

Updates a specific external network.

Deletes a specific external network.

Get all the used IPs for a given external network. This returns all the IP addresses of network which are being used by a vApp VM or by an edge gateway connected to this external network. Results can be filtered by IP address.

Get all the available IPs for a given external network.

Get all the Edge Gateways which are associated with this Provider Gateway.

Get all the IP Space uplinks which are associated with this Provider Gateway.

Retrieve information about the violations which are required to be fixed in order to migrate the existing Provider Gateway to use IP Spaces. Only the first 10 violations will be returned in the response. 'category' filter is required. This endpoint is only supported for Provider Gateways which are backed by NSX-T Tier-0 router.

Migrate the existing Provider Gateway from using IP Blocks to IP Spaces. This endpoint is only supported for Provider Gateways which are backed by NSX-T Tier-0 router.

Get all external networks. Supported filters are:

• id
• name
• backing type (networkBackings.values.backingType)
• vDC Group ID (vdcGroupId==[ID]) - | Returns all the external networks which are accessible to a specific NSX-T vDC Group.
• Provider vDC ID (providerVdcId==[ID]) - | Returns all the external networks which are available to a specific Provider vDC.
• Org vDC ID (orgVdcId==[ID]) - | Returns all the external networks which are available to a specific Org vDC.
• vCenter ID And Resource Pool Moref (vCenterId==[ID];rpMoref==[moref]) - | Returns all the external networks accessible to a given vCenter resource pool.
• Org vDC ID And Edge Deployment Mode (orgVdcId==[ID];edgeDeploymentMode==[deploymentMode) - | Returns all the external networks to which an edge gateway can connect. Edge Deployment Mode can be 'standaloneEdgeDeployment' or 'haEdgeDeployment'. Deployment mode specifies whether to use both primary edge cluster and secondary edge cluster or just primary edge cluster to determine external network accessibility. Edge clusters are determined via vDC Network Profile for input Org vDC.
• Org vDC ID And Dedicatable External Networks (orgVdcId==[ID];dedicatable==true) - | Dedicatable only shows external networks that have no connected Edge Gateways.
• OrgAssociated orgAssociated==true filter can be specified to get the list of external networks which are already associated with the Organization. An External network is already associated with the Organization, if either the Organization is the owner of the external network or if the Organization has an Edge Gateway which is connected to the external network.

The following contexts are deprecated as of API version 38.0: vDC Group ID (_context==vdcGroupId), Provider vDC ID (_context==providerVdcId), Org vDC ID (_context==orgVdcId), vCenter ID And Resource Pool Moref (_context==vCenterId;_context==rpMoref), Org vDC ID And Edge Deployment Mode (_context==orgVdcId;_context==anEdgeDeploymentMode), Org vDC ID And Dedicatable External Networks (_context==orgVdcId;_context==dedicatable)

Create an external network

Query all external services. Extensions, created from other APIs will not be returned.

Create an external service. Once created, the combination of vendor, name and version cannot be modified and must be unique. Each extension will have its own MQTT topics.

Extensions, created from other APIs will not be returned.

Update an external service. Vendor, name and version cannot be updated.

Delete an external service. The extension must be disabled or the deletion will fail.

Retrieves a specific feature flag.

Updates a specific feature flag to either enable or disable it.

Get list of all feature flags visible to the user. Note that users without feature management permission will not be able to see disabled feature flags.

Retrieves a specific firewall group.

Updates the Firewall Group.

Deletes a Firewall Group.

Get all associated VMs for a specific firewall group. Associated VM members can only be obtained for firewall groups with typeValue STATIC_MEMBERS or VM_CRITERIA.

Get all firewall groups. Supported filters are:

• Org Vdc Network ID (networkId==[ID]) - Returns all the firewall groups which the specified network is a member of.
• Edge Gateway ID (edgeGatewayId==[ID]) - Returns all the firewall groups which are available to the specific edge gateway.
• Network Provider ID (networkProviderId==[ID]) - Returns all the firewall groups which are available under a specific network provider. This filter requires system admin privilege.
• Provider Gateway ID (providerGatewayId==[ID]) - | Returns all the firewall groups which are available to a specific Provider Gateway.

Create a firewall group.

Get list of global roles

Creates a new global role

Get specified global role

Update specified global role

Delete specified global role

Get list of rights (as references) contained by a particular global role

Adds the list of rights (passed as references) to a global role.

Replaces the existing set of rights in global role with the rights (as references) supplied.

Retrieves list of tenants for whom the global role is explicitly published

Resets list of tenants for whom the global role is explicitly published

Publishes the global role to the specified tenants

Revokes publication of the global role to the specified tenants

Publishes the global role to all tenants

Unpublishes the global role from all tenants

Get a list of groups.

Create a new group.

Get a specified group.

Modify details of the specified group.

Delete the specified group.

Get a list of users of any type that belong to the specified group.

Retrieves the Org assignments for an IP Space. Either "ipSpaceRef" or "orgRef" filter is required. "ipSpaceRef" filter can also be combined with onlyIncludeCustomQuotas==true filter to filter out only those Org Assignments where custom quotas are applied.

Create a new IP Space Org Assignment. The assignment links an Organization to an IP Space by providing the Organization access to the specified IP Space. It also defines the various IP Space quotas applied to an Organization.

Retrieves a specific IP Space Org Assignment.

Updates a specific IP Space Org Assignment. Only custom quotas applied to Organization can be modified.

Deletes a specific IP Space Org Assignment. The organization will no longer be able to use the IP Space.

Get all the IP Space Uplinks for a specified Provider Gateway. Note that the filter parameter "externalNetworkRef.id" is required. An External Network is used to reference the Provider Gateway since the External Network is backed by a Provider Gateway. Supports the optional filter "requireInterfaces", which will only return uplinks with at least one interface. (requireInterfaces==true)

Create a new IP Space Uplink in the system.

Retrieves the specified IP Space Uplink.

Updates the specified IP Space Uplink.

Deletes the specified IP Space Uplink.

Apply the default gateway services such as NAT and Firewall rules on the Edge Gateway based on the IP Spaces associated with the connected Provider Gateway. This is a convenient operation to setup the Edge Gateway's services to allow for more seamless networking such as allowing traffic to/from private Organization vDC Networks out to the IP Space's External Scope CIDR in a NAT-routed topology or allowing traffic to/from Organization vDC Networks within an IP Space's Internal Scope CIDRs out to the IP Space's External Scope CIDR in a fully-routed topology. Note that if there's any existing NAT rules on the Edge Gateway, the operation will fail.

Get all the IP space summaries in the system.

Create a new IP Space in the system.

Suggests IP addresses to use for networking services on Edge Gateway or Provider Gateway. "gatewayId" filter is required. Based on the specified Gateway, VCD will query all the applicable IP Spaces and suggest some IP addresses which can be utilized to configure the network services on the Gateway. IP Space IP addresses which are are allocated but not currently used for any network services are considered. Results can also be filtered by IPV4 or IPV6 IP address types. Filter examples:(filter=gatewayId==URN), (filter=gatewayId==URN;ipType==IPV6)

Suggests IP Prefixes to use for network definitions. "orgVdcId"/"vdcGroupId" and "networkType" filters are required. Based on the specified Org VDC ID/vDC Group ID and network type, VCD will query all the applicable IP Spaces and suggest some IP prefixes which can be utilized for creation of network definition. IP Space IP prefixes which are are allocated but not currently used for any network definitions are considered. Allowed values for networkType filter are ISOLATED and ROUTED. If the networkType is ROUTED, "gatewayId" filter must be specified. For ROUTED networks, VCD will query all the IP Spaces associated with the Edge Gateway. For ISOLATED networks, VCD will query all the available private IP Spaces. Results can also be filtered by IPV4 or IPV6 IP address types. Filter examples:(filter=orgVdcId==URN;networkType==ROUTED;gatewayId==URN), (filter=vdcGroupId==URN;networkType==ISOLATED), (filter=orgVdcId==URN;networkType==ROUTED;gatewayId==URN;ipType==IPV4)

Get the sequences of network addresses which can be generated from an IP Prefix. "startingPrefixIpAddress", "prefixLength" and "prefixCount" filters are required. For Example: An IP Prefix with startingPrefixIpAddress 192.168.0.0 and prefixLength 30 and prefixCount 3 will result in generation of 3 sequences each with 4 IP addresses as: 192.168.0.0/30, 192.168.0.4/30 and 192.168.0.8/30 Filter example:(filter=startingPrefixIpAddress==192.168.0.0;prefixLength==30;prefixCount==3)

Retrieves the specified IP Space.

Updates the specified IP Space.

Deletes the specified IP Space.

Allocate floating IP addresses or IP Prefix blocks from an IP Space. This results in reserving the IP address or IP Prefix block for the specified organization. The organization can then use the IP address for network services such as NAT or use the IP Prefix as the network CIDR definition during Org VDC network creation. An IP Space IP allocation request can either request a specific IP address or IP prefix, or a request can allocate a given number of any free IP Addresses or IP Prefixes within an IP Space. These two types of requests cannot be combined to request both a specific IP Address/Prefix or any number of IP Addresses/Prefixes simultaneously. Please either request a specific value or request a variable number of IP Addresses/Prefixes with different POST requests.

Retrieves all the allocated IP addresses or IP Prefixes of an IP Space. The allocation type is required to be specified in the filter. example: (type==FLOATING_IP).

Retrieves the specified IP Space IP Allocation.

Updates the specified IP Space IP Allocation.

Deletes the specified IP Space IP Allocation.

Apply the default gateway services such as NAT and Firewall rules on the Provider Gateway based on the associated IP Space's configuration. This is a convenient operation to setup the Provider Gateway's services to allow for more seamless networking such as allowing traffic to/from private Organization vDC Networks out to the IP Space's External Scope CIDR in a NAT-routed topology or allowing traffic to/from Organization vDC Networks within an IP Space's Internal Scope CIDRs out to the IP Space's External Scope CIDR in a fully-routed topology. For Dedicated Provider Gateway that are in Active-Standby mode, the user can apply the default services on the Provider Gateway itself. For all other Provider Gateway configurations, VCD will throw an error. Note that if there's any existing NAT rules on the Provider Gateway, the operation will fail.

Retrieves all K8s clusters

Creates a new Kubernetes cluster. This operation is asynchronous and returns a task that you can monitor to track the progress of the request.

Get specified Kubernetes Cluster

Update the desired state of the Kubernetes cluster. This operation is asynchronous and returns a task that you can monitor to track the progress of the request.

Deletes the Kubernetes cluster with the unique identifier (URN). This operation is asynchronous and returns a task that you can monitor to track the progress of the request.

Generate kubeconfig file for corresponding cluster

Retrieves a list of Kubernetes namespaces. Results can be filtered by name.

Retrieves a specific Kubernetes namespace via its URN.

Retrieves the access-control list for the specified Kubernetes namespace.

Creates an access-control grant, giving the user the level of access for the Kubernetes namespace.

Resets list of access-control grants, giving the users the level of access for the Kubernetes namespace.

Get a specific access-control grant for the Kubernetes namespace.

Updates the specified access-control grant for the Kubernetes namespace.

Removes the specified access-control grant from the Kubernetes namespace entities access-control list.

Tests that custom LDAP settings are valid, and that the system can use them to search for a user or group

Begins the LDAP sync task

Searches LDAP for given user(s)

Searches LDAP for given group(s)

Retrieves a specific Load Balancer Cloud.

Update an Load Balancer Cloud.

Unregister an Load Balancer Cloud.

Retrieves all registered Load Balancer Clouds.

Register a new Load Balancer Cloud to be used with vCloud Director. If the Load Balancer Cloud is backed by NSXALB, DHCP on the NSXALB Cloud is required. vCloud Director will enable DHCP on the NSXALB Cloud if needed.

Retrieves a specific Load Balancer Controller.

Update an Load Balancer Controller.

Unregister an Load Balancer Controller.

Retrieves all registered Load Balancer Controllers.

Register a new Load Balancer Controller to be used with vCloud Director.

Retrieves a specific Load Balancer Service Engine Group.

Update a Load Balancer Service Engine Group.

Delete a Load Balancer Service Engine Group.

Syncs a specified Load Balancer Service Engine Group. Requests the HA mode and the maximum number of supported Virtual Services for this Service Engine Group from the Load Balancer, and updates vCD's local record of these properties.

Retrieves a specific Load Balancer Service Engine Group Assignment.

Update a Load Balancer Service Engine Group Assignment. Updates are not allowed if the associated Load Balancer Service Engine Group has reservation type 'DEDICATED'.

Delete a Load Balancer Service Engine Group Assignment. The Edge Gateway will no longer be able to use the Load Balancer Service Engine Group for load balancing resources.

Retrieves the service engine group assignments for the Load Balancer Service Engine Group.

Create a new Load Balancer Service Engine Group Assignment. The assignment links a Load Balancer Service Engine Group with an Edge Gateway to provide load balancing resources to the Edge Gateway.

Retrieves all Load Balancer Service Engine Groups. Supported filters are:

• Gateway ID (gatewayId==[ID]) - | Returns all Load Balancer Service Engine Groups that are accessible to the gateway.
• Assignable Gateway ID (gatewayId==[ID];assignable==true) - | Returns all Load Balancer Service Engine Groups that are assignable to the gateway. This filters out any Load Balancer Service Engine groups that are already assigned to the gateway or assigned to another gateway if the reservation type is 'DEDICATED'. If the gateway supports 'PREMIUM' features for load balancing, this will also filter out the Service Engine groups which has 'STANDARD' max supported feature set.

Create a new Load Balancer Service Engine Group to be used with VMware Cloud Director.

Lists all Log Providers.

Create a new Log Provider.

Retrieves a specific Log Provider.

Updates a specific Log Provider.

Deletes a specific Log Provider.

Tests connection and authentication parameters for the specified Log Provider server.

Get list of logical vm groups.

Creates a new logical vm group

Get specified logical vm group

Update specified logical vm group

Delete specified logical vm group.

Get all named vm groups associated with logical vm group

Assign named vm groups to logical vm group.

Get all pvdc policies associated with logical vm group

Retrieves a map of entity ids to metadata summaries. Each entry carries only core entry data. Only entries available to the current user will be presented. If the user does not have access to the main entity, it will not be present in the map.

Get all Multi VC VMs in the system. Supported filters fields include: name, primaryVmRef.id, vcId Supported sorting fields include: name

Get the Multi VC VM with the specified ID.

Delete the specified Multi VC VM.

Get a list of all namedCredentials.

Create a new namedCredential in VCD.

Retrieve the specified namedCredential.

Update the given namedCredential.

Delete the namedCredential.The associated vCenter sessions will be terminated

Get the access-control list for the specified namedCredential.

Creates an access-control grant, giving the user the level of access for the namedCredential.

Get the specified access-control grant.

Updates the specified access-control grant.

Removes the specified access-control grant from the named credential type access-control list.

Retrieves a single network context profile.

Updates a specific user-defined network context profile, changing the associated firewall and modifying the traffic this profile restricts.

Deletes a specific network context profile, removing the associated firewall rule and permitting the traffic this profile restricts.

Retrieves all available network context profile attributes and sub-attributes for the given NSX-T manager, based on the provided filter parameter. Supported filters are:

• Org vDC ID (orgVdcId==[ID]) - | Return all the network context profile attributes for a specific Org vDC.
• Network Provider ID (networkProviderId==[ID]) - | Returns all the network context profile attributes for a specific network provider.
• VDC Group ID (vdcGroupId==[ID]) - | Returns all the network context profile attributes for a specific vDC Group.

Retrieves all network context profiles defined in the system. Supported filters are:

• Org vDC ID (orgVdcId==[ID]) - Returns all the network context profiles which are available to a specific Org vDC.
• Network Provider ID (networkProviderId==[ID]) - | Returns all the network context profiles which are available for a specific network provider.
• VDC Group Id (vdcGroupId==[ID]) - | Returns all the network context profiles which are available to a specific vDC Group.
• Provider Gateway ID (providerGatewayId==[ID]) - | Returns all the network context profiles which are available to a specific Provider Gateway.

Create a user-defined network context profile.

Sync the network context profiles from the network provider to VCD. The network provider is required to be specified as a filter: (networkProviderId==[ID]) The following context is deprecated as of API version 38.0: Network Provider ID (_context==networkProviderId)

Retrieves all Manual IP Reservations. "networkRef.id" filter is required. Based on the specified networkRef filter, VCD will return all the Manual IP Reservations for the network. Filter examples:(filter=networkRef.id==URN)

Creates a Manual IP Reservation.

Retrieve a specific Manual IP Reservation.

Update a specific Manual IP Reservation.

Delete a specific Manual IP Reservation.

For TIME_BASED expiration type, on the Manual IP Reservation expiration date, VCD will eventually remove the reservation and release any reserved IPs sometime on that day. User can manually trigger this process via this API to immediately clean up any expired policies. For VAPP_BASED expiration type, if the vApp is deleted and their Policies/IPs are not released yet, this API will also clean up all Policies/IPs associated with that vApp.

Retrieves a specific Network Pool.

Updates a specific network pool.

Deletes a specific network pool.

Synchronize the VXLAN network pool. If the user changes a transport zone in NSX by adding or removing clusters, synchronizing the VXLAN network pool ensures that the defined scope of the network pool is reflected in the scope of its corresponding transport zone.

Create a network pool.

Retrieves summary of all Network Pools in the system. Supported filters are:

• Provider vDC ID (providerVdcId==[ID]) - Returns all the network pools which are available to a specific Provider vDC.
• Org vDC ID (orgVdcId==[ID]) - Returns all the network pools which are available to a specific Org vDC.
• Virtual Center ID (managingOwnerRef.id==[ID]) + Resource Pool Moref (rpMoref==[moref]) - Returns all the network pools which are related to a specific Resource Pool.
• isProjectedToOrg (isProjectedToOrg==[ID]) - The URN of the organization. Filters all network pools that are projected to a given Organization. Filtering for only non-projected network pools is also supported. isProjectedToOrg is supported from version 39.0

Get all projections of this network pool across all the organizations.

This API projects the network pool to the sub provider tenant organization.

Get projection with the given identifier.

This API allow update of projection details of the given network pool.

This API deletes the network pool projection.

Get configured notification settings.

Updates notification settings.

Get all NSX-ALB Clouds that are configured on an NSX-ALB Controller. Clouds that are already imported are marked appropriately. The ID of the NSX-ALB Controller must be specified with the filter key (loadBalancerControllerId==[ID]) Additionally, results can be filtered by display name (loadBalancerControllerId==[ID];displayName==[Name]) The following contexts are deprecated as of API version 38.0: Load Balancer Controller ID (_context==loadBalancerControllerId) Load Balancer Controller ID + Display Name (_context==loadBalancerControllerId;displayName==[Name])

Get all importable Service Engine Groups that are configured for an NSX-ALB Cloud. Service Engine Groups that are already imported are filtered out. The ID of the NSX-ALB Cloud must be specified with the filter key (loadBalancerCloudId==[ID]) Additionally, results can be filtered by display name (loadBalancerCloudId==[ID];displayName==[Name]) The following contexts are deprecated as of API version 38.0: Load Balancer Cloud ID (_context==loadBalancerCloudId) Load Balancer Cloud ID + Display Name (_context==loadBalancerCloudId;displayName==[Name])

Get all Tier-0 routers that are accessible to an organization VDC. Routers that are already associated with an External Network are filtered out. The "networkProviderId" filter key must be set with the id of the NSX-T manager for which we want to get the Tier-0 routers for. Use of "_context" filter has been deprecated as of API version 38.0. Please use supported filters.

For an External Network/Provider Gateway that is backed by a Tier-0 Router, this endpoint can return a list of all interfaces associated with that Tier-0 Router. The required filter parameter is:

• externalNetworkId - The filter externalNetworkId is the external network that presents a Provider Gateway backed by a Tier-0 Router. Example: (externalNetworkId==urn:vcloud:network:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

Get all importable transport zones that are configured on a vCenter backed by a NSX-V manager. Transport zones that are already associated with a network pool are filtered out. The "vCenterId" filter key must be set with the id of the vCenter which we want to get the transport zones for. Use of "_context" filter has been deprecated as of API version 38.1. Please use supported filters.

Returns all the configured NSX-T edge clusters for an Org VDC or a VDC Group or a Provider VDC or NSX-T Manager. Supported filters are:

• orgVdcId - | The filter orgVdcId must be set equal to the id of the NSX-T backed Org VDC for which we want to get the edge clusters. Example: (orgVdcId==urn:vcloud:vdc:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
• vdcGroupId - | The filter vdcGroupId must be set equal to the id of the NSX-T VDC Group for which we want to get the edge clusters. Example: (vdcGroupId==urn:vcloud:vdcGroup:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
• pvdcId - | The filter pvdcId must be set equal to the id of the NSX-T backed Provider VDC for which we want to get the edge clusters. pvdcId filter is supported from version 35.2 Example: (pvdcId==urn:vcloud:providervdc:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
• nsxTManagerRef.id - | The filter nsxTManagerRef.id must be set equal to the id of the NSX-T manager for which we want to get the edge clusters. nsxTManagerRef.id filter is supported from version 39.0 Example: (nsxTManagerRef.id==urn:vcloud:nsxtmanager:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

Get all importable segments for an NSX-T manager, Provider VDC, Org VDC, or VDC Group. Supported filters are:

• NSX-T Manager ID (nsxTManagerId==[ID]) - | Get all importable segments available to a specific NSX-T manager.
• Provider VDC ID (pvdcId==[ID]) - | Get all importable segments available to a specific Provider VDC.
• Org VDC ID (orgVdcId==[ID]) - | Get all importable segments available to a specific Org VDC.
• VDC Group ID (vdcGroupId==[ID]) - | Get all importable segments available to a specific VDC Group.

Get subnet info for an importable segment.

Get all segment QoS Profiles configured on an NSX-T manager. NSX-T manager ID (nsxTManagerRef.id), Org VDC ID (orgVdcId) or VDC Group ID (vdcGroupId) must be supplied as a filter. Results can also be filtered by a single profile ID (filter=nsxTManagerRef.id==nsxTManagerUrn;id==profileId).

Get all segment MAC Discovery Profiles configured on an NSX-T manager. NSX-T manager ID (nsxTManagerRef.id), Org VDC ID (orgVdcId) or VDC Group ID (vdcGroupId) must be supplied as a filter. Results can also be filtered by a single profile ID (filter=nsxTManagerRef.id==nsxTManagerUrn;id==profileId).

Get all segment IP Discovery Profiles configured on an NSX-T manager. NSX-T manager ID (nsxTManagerRef.id), Org VDC ID (orgVdcId) or VDC Group ID (vdcGroupId) must be supplied as a filter. Results can also be filtered by a single profile ID (filter=nsxTManagerRef.id==nsxTManagerUrn;id==profileId).

Get all segment Security Profiles configured on an NSX-T manager. NSX-T manager ID (nsxTManagerRef.id), Org VDC ID (orgVdcId) or VDC Group ID (vdcGroupId) must be supplied as a filter. Results can also be filtered by a single profile ID (filter=nsxTManagerRef.id==nsxTManagerUrn;id==profileId).

Get all segment Spoof Guard Profiles configured on an NSX-T manager. NSX-T manager ID (nsxTManagerRef.id), Org VDC ID (orgVdcId) or VDC Group ID (vdcGroupId) must be supplied as a filter. Results can also be filtered by a single profile ID (filter=nsxTManagerRef.id==nsxTManagerUrn;id==profileId).

Get all Gateway QoS Profiles configured on an NSX-T manager. NSX-T manager ID (nsxTManagerRef.id), Org VDC ID (orgVdcId) or VDC Group ID (vdcGroupId) must be supplied as a filter. Results can also be filtered by a single ID (example: filter=orgVdcId==URN;id==profileId)

Get all importable transport zones that are configured on a vCenter backed by a NSX-V manager. Transport zones that are already associated with a network pool are filtered out. The "vCenterId" filter key must be set with the id of the vCenter which we want to get the transport zones for. Use of "_context" filter has been deprecated as of API version 38.1. Please use supported filters.

Query all object extensions. Required right: "Object Extensions: View".

Create a new object extension. Required right: "Object Extensions: Manage". Objects extensions are unique on:

• (namespace, vendor) - these values are extracted from the channel urn
• channel For further details, see the description of the data structure ObjectExtension.

View an object extension. Required right: "Object Extensions: View".

Update an object extension. Required right: "Object Extensions: Manage".

Remove an object extension. Required right: "Object Extensions: Manage".

Get a list of all OIDC relying parties meeting the query parameters.

Registers a new OIDC relying party.

Get a specific OIDC relying party.

Updates an OIDC relying party.

Delete a specific OIDC relying party.

Regenerates the client secret of an OIDC relying party.

Get the OpenID Provider configuration.

Updates the OpenID Provider configuration.

Query the list of all configured OpenID Provider keys.

Adds the provided private and public key pairs to the list of configured signing keys. This key is NOT automatically made the active signing key. The existing active key will continue to be used.

The provided keys, in addition to being of one of acceptable types, will be validated to confirm that they are a cryptographic pair and that they conform to the minimum key size in the SSL settings for the product.

Get the specified OpenID Provider key.

The description of the specified key entry can be updated. Attempt to modify any other field will result in a bad request error.

Delete the specified OpenID Provider key.

Get list of all orgs accessible to the user.

Create a new organization

Get specified organization.

Updates an organization. If the managedBy field is being updated, the operation is asynchronous and a task is returned in the location header. Otherwise, the operation is synchronous.

Delete the specified org.

Get the networking-specific settings for the given organization.

Update networking-specific settings for the given organization.

Retrieves a specific Org vDC network.

Updates a specific Org vDC network.

Deletes a specific Org vDC network.

Reset a specific isolated Org vDC network. Reset involves redeploying the internal edge gateway of the isolated Org vDC Network if present. An error is returned if the network is not isolated.

When the IP addresses of the primary or secondary syslog server are updated, this api can synchronize syslog server settings of an Isolated Org vDC Network against the vCD Syslog Settings. An error is returned if network is a direct network.

Get all the allocated IPs for a given Org vDC network. This returns all the IP addresses of the network which are allocated to a vApp VM, an edge gateway interface and the addresses being used in a NAT routed environment. In a dual stack network, this will return the IP addresses of the first subnet, which will only be IPv4 addresses. Results can be filtered by IP address.

Get all the secondary allocated IPs for a given Org vDC network. This returns all the IP addresses of network which are allocated to a vApp VM, an edge gateway interface, from the IPv6 subnet of the Org vDC network. Results can be filtered by IP address.

Sync/repair the vDC Group Cross vDC network. An example usage is to realize a network in the participating vDC which was unreachable when the network was created. This operation is only allowed for VIRTUAL_WIRE backed cross vDC networks.

Returns the set of additional properties for the given Org vDC Network

Retrieves the segment profiles configured for an Org vDC Network.

Updates the segment profiles configuration for an Org vDC Network.

Retrieves Dhcp configuration of a specific Org vDC network.

Updates Dhcp configuration of a specific Org vDC network.

Removes Dhcp configuration on a specific Org vDC network.

Retrieves all DHCP bindings for an Org vDC Network.

Creates a DHCP binding on an Org vDC Network.

Retrieve a specific DHCP binding of the Org vDC Network.

Update a specific DHCP binding of the Org vDC Network.

Delete a specific DHCP binding of the Org vDC Network.

Get all Org vDC networks. If "ownerRef" property is not specified in the filter, then user must have the rights to view all the vDCs within an organization in order to see all the networks in the organization. Results can be filtered by ownerRef or combination of ownerRef and filter parameter includeAccessible. (includeAccessible==true) can be used to get all the networks which are available to an Org vDC. In order to return only those networks which are eligible as an uplink to a vApp network, add an additional filter, (vAppUplinkEligible==true). This filter must be used in conjunction with either the "orgVdc.id" filter, or the "ownerRef.id" filter with a value corresponding to an Org vDC. The following context is deprecated as of API version 38.0: Combination of ownerRef and _context. (_context==includeAccessible)

Create an organization vDC network.

Get a paged list of all organization VDC level storage policies in the system

Get specified Org VDC storage policy.

Get a paged list of the supported entity types for the specified Organization VDC storage policy.

Migrate all entities from selected source org VDC storage policy to target org VDC storage policy for the selected entity types.

Get a paged list of the entities that consume the specified Org VDC storage policy.

Get a list of distributed catalogs stored by a valid Organization VDC storage policy.

Get a list of VM Groups.

Get VM Group detail.

Get VM Group's Guest OS association.

Updates a specific VM group to Os association.

Delete a specific VM group to Os association.

Get list of preference definitions

Get specified preference definition.

Query user preferences

Get specified user preference.

Update specified user preference

Retrieves the general BGP configuration for a Provider Gateway.

Updates the general BGP configuration on a Provider Gateway.

Auto-configure the BGP configuration on the Provider Gateway based on the specified IP Space Uplink. VCD will create the BGP Prefix Lists and Route Maps based on the Uplink, and, if the parameters are provided, create the Permission Group and auto-configure the BGP Neighbor with the created Route Maps. Autoconfiguring multiple times with the same Uplink will update the Prefix Lists/Route Maps with the auto-configured name, and update/create the provided Permission Group and BGP Neighbor accordingly. Changes to the corresponding IP Space's scope will also be reflected in the autoconfigured Prefix List networks.

Retrieve all the BGP Permission Groups for a Provider Gateway.

Create a new BGP Permission Group on the Provider Gateway. A BGP Permission Group is a logical grouping of BGP configurations such as neighbors, prefix lists etc. that system provider can assign to a specific tenant for visibility and management.

Retrieve a specific BGP Permission Group configured on the Provider Gateway.

Update the specified BGP Permission Group on the Provider Gateway.

Delete the specified BGP Permission Group on the Provider Gateway.

Retrieves all the members which are assigned to the specified BGP Permission Group on a Provider Gateway. The type of the BGP member must be specified with the filter key (type==[TYPE]). Supported types are:

• BGP_NEIGHBOR
• COMMUNITY_LIST
• PREFIX_LIST
• ROUTE_MAP

Retrieves a specific BGP neighbor of Provider Gateway.

Updates a specific BGP neighbor of Provider Gateway.

Deletes a specific BGP neighbor of Provider Gateway.

Retrieves status of a specific BGP neighbor configured on a Provider Gateway.

Retrieves CSV file of all routes learned from all edge nodes on which the BGP Neighbor is currently enabled.

Retrieves CSV file of all advertised routes from all edge transport nodes on which the BGP neighbor is currently enabled.

Retrieves all BGP neighbors configured for the Provider Gateway.

Creates a new BGP neighbor for the Provider Gateway.

Returns the status of all the BGP neighbors configured on this Provider Gateway.

Retrieves the list of BGP neighbor source IP addresses to establish BGP peering sessions. IP address options will be based on interfaces or VTIs on the Provider Gateway.

Retrieves summaries for all Community lists on a given Provider Gateway.

Creates a new Community list on the Provider Gateway.

Retrieves a specific Community on a given Provider Gateway.

Updates a specific Community list on a given Provider Gateway.

Deletes a specific Community list on a given Provider Gateway.

Retrieves the firewall state for a given Provider Gateway. Firewall state defines whether the firewall is currently enabled for the gateway.

Updates the firewall state for a given Provider Gateway.

Retrieves all user-defined and default firewall rules for a given Provider Gateway. The rules are returned in the order of precedence.

Creates a single firewall rule based on a given Provider Gateway.

Updates all the firewall rules for a given Provider Gateway. If a rule with the ruleId is not already present, a new rule will be created. If it already exists, the rule will be updated. Any existing rule that is not specified in the update payload will be deleted. The order of rules in payload will define the actual order in which this rules will be applied.

Deletes all firewall rules for a given Provider Gateway.

Log filters are encapsulated in a FIQL filter query parameter. Sample filter: filter=(timestamp=gt=2020-07-24T00:00:00,timestamp=lt=2020-08-24T00:00:00;ruleId==a4ec73d6-9937-4b32-bdc7-b4dda5366391) Supported filters are:

• timestamp. Log timestamp. This is optional. Must be in ISO 8601 format (i.e. 2020-07-24T00:00:00.000Z). Defaults to the current time.
• ruleId. Id of the firewall rule. This is optional. This field is responsible for filtering logs based on rule firewall rule id.
• ruleName. Name of the firewall rule. This is optional. This field is responsible for filtering logs based on firewall rule name.
• loggingId. Logging Id of the firewall rule. This is optional. This field is responsible for filtering logs based on firewall rule logging Id. Logging Id is unique ID assigned by the backing NSX-T network provider, and is used for logging by NSX-T. Only applies to NSX-T.
• addressFamily. IP address family. Either IPV4 or IPV6. This is optional.
• reason. Criteria for which an action is taken by the firewall rule. This is optional.
• action. Action taken by the firewall rule. This is optional.
• direction. Direction of network traffic on the provider gateway. Can be IN or OUT. This is optional.
• protocol. The protocol used for communication between source and destination hosts. Can be TCP, UDP or PROTO. This is optional.
• sourceIpAddress. IP address of the source host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified source IP.
• sourcePort. Port of the source host. This is optional. This field is responsible for filtering logs based on the specified source port.
• destinationIpAddress. IP address of the destination host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified destination IP.
• destinationPort. Port of the destination host. This is optional. This field is responsible for filtering logs based on the specified destination port.

Retrieves a specific firewall rule based on the rule ID provided.

Updates a specific firewall rule based on the rule ID provided.

Deletes a specific firewall rule based on the rule ID provided.

Lists all GRE Tunnels for this Provider Gateway.

Creates a GRE Tunnel on the Provider Gateway.

Retrieves a specific GRE Tunnel on the Provider Gateway.

Updates a specific GRE Tunnel on Provider Gateway.

Deletes a specific GRE Tunnel on the Provider Gateway.

Retrieves statistics for a GRE Tunnel on the Provider Gateway.

Retrieves the connectivity status for a GRE Tunnel on the Provider Gateway.

Retrieves all IPSec VPN tunnels that are configured for an Provider Gateway. Pagination is supported, use response header to get the next page. Results can be sorted by only a single parameter. Sorting by combination of parameters (sortAsc=foo&sortDesc=bar) is not allowed.

Creates an IPSec tunnel on the Provider Gateway.

Retrieves a specific IPSec tunnel for a given Provider Gateway.

Updates a specific IPSec tunnel for a given Provider Gateway.

Deletes a specific IPSec tunnel for a given Provider Gateway.

Retrieves the allowed IPSec VPN Tunnel security types for the specified Provider Gateway. The security types allowed are set by the System Administrator for the VCD site via the Config Management Tool (CMT). The final set of security types returned are the intersection of those set by the System Administrator and those supported by the gateway's backing network provider.

Retrieves the default connection properties that are used for a given IPSec Tunnel when security type is default, or is unspecified.

Retrieves the connection properties that are used for a given security type preset on a Provider Gateway's backing network provider. Allowed security types are:

• DEFAULT
• PROVIDER_PREFERRED
• CNSA
• FIPS
• FOUNDATION
• PRIME
• SUITE_B_GCM_128
• SUITE_B_GCM_256

Retrieves connection properties for a given IPSec VPN Tunnel configured on an Provider Gateway.

Updates the connection properties for a given IPSec VPN Tunnel configured on an Provider Gateway.

Retrieves status of a given IPSec VPN Tunnel configured on an Provider Gateway.

Retrieves connection statistics for a given IPSec VPN Tunnel configured on an Provider Gateway.

Auto-configure a route-based IPsec VPN tunnel on the Provider Gateway based on the specified IP Space, remote and local endpoints, preshared key, and VTIs. VCD will create an uplink to the provided IP space, create a new route-based IPsec VPN tunnel with the provided inputs, enable the IPsec route redistribution service on the autogenerated VCD route redistribution rule (if existing), and autogenerate BGP prefix lists, route maps, and neighbors based on the created uplink and remote VTIs. Auto-configuring multiple times with the same IP space will overwrite the existing autoconfigured IPsec VPN tunnel and BGP components with the new inputs. Changes to the corresponding IP Space's scope will also be reflected in the autoconfigured Prefix List networks.

Retrieves all NAT Rules on the Provider Gateway. Pagination is supported to get the next page in the header response. Results can be sorted by only a single parameter. Sorting by combination of parameters (sortAsc=foo&sortDesc=bar) is not allowed. By default, if no sort parameter is set, the NAT rules are sorted by the priority, starting with the lowest value (highest priority).

Creates a NAT Rule on the Provider Gateway.

Retrieves a specific NAT Rule configuration of the Provider Gateway based on the rule ID passed in.

Update a specific NAT Rule configuration of the Provider Gateway based on the rule ID passed in.

Deletes a specific NAT Rule configuration of the Provider Gateway based on the rule ID passed in.

Log filters are encapsulated in a FIQL filter query parameter. Sample filter: filter=(timestamp=gt=2020-07-24T00:00:00,timestamp=lt=2020-08-24T00:00:00;ruleId==a4ec73d6-9937-4b32-bdc7-b4dda5366391) Supported filters are:

• timestamp. Log timestamp. This is optional. Must be in ISO 8601 format (i.e. 2020-07-24T00:00:00.000Z). Defaults to the current time.
• ruleId. Id of the NAT rule. This is optional. This field is responsible for filtering logs based on rule NAT rule id.
• addressFamily. IP address family. Either IPV4 or IPV6. This is optional.
• reason. Criteria for which an action is taken by the NAT rule. This is optional.
• action. Action taken by the NAT rule. This is optional.
• direction. Direction of network traffic on the provider gateway. Can be IN or OUT. This is optional.
• protocol. The protocol used for communication between source and destination hosts. Can be TCP, UDP or PROTO. This is optional.
• sourceIpAddress. IP address of the source host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified source IP.
• sourcePort. Port of the source host. This is optional. This field is responsible for filtering logs based on the specified source port.
• sourceTranslatedIpAddress. Translated IP address of the source host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified source IP.
• sourceTranslatedPort. Translated Port of the source host. This is optional. This field is responsible for filtering logs based on the specified source port.
• destinationIpAddress. IP address of the destination host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified destination IP.
• destinationPort. Port of the destination host. This is optional. This field is responsible for filtering logs based on the specified destination port.
• destinationTranslatedIpAddress. Translated IP address of the destination host. This is optional. Must be either in IPv4 or IPv6 format. This field is responsible for filtering logs based on the specified destination IP.
• destinationTranslatedPort. Translated Port of the destination host. This is optional. This field is responsible for filtering logs based on the specified destination port.

Retrieves a specific Prefix list for a given Provider Gateway.

Updates a specific Prefix list for a given Provider Gateway.

Deletes a specific Prefix list for a given Provider Gateway.

Retrieves all Prefix lists for a given Provider Gateway. Results can be sorted by only a single parameter. Sorting by combination of parameters (sortAsc=foo&sortDesc=bar) is not allowed.

Creates a new Prefix list on the Provider Gateway.

Retrieves summaries for all the Route Maps on a given Provider Gateway.

Creates a new Route Map on the Provider Gateway.

Retrieves a specific Route Map on a given Provider Gateway.

Updates a specific Route Map on a given Provider Gateway.

Deletes a specific Route Map on a given Provider Gateway.

Retrieves the Route Redistribution Configuration and Rules for a given Provider Gateway.

Updates the Route Redistribution Configuration and Rules for a given Provider Gateway.

Autoconfigure the Route Redistribution config on the Provider Gateway. VCD will create a default redistribution Route Map with all the outbound BGP Prefix Lists (named with "-OUT") as match criteria entries, and set the map on the default VCD route redistribution rule (if existing). Running autoconfiguration again will update the autoconfigured Route Map with the current outbound Prefix Lists.

Generates a CSV file of the Provider Gateway's routing table, which lists all routes that pass through the gateway.

Retrieve a list of all provider VDCs. Results can be filtered by context (_context). Supported contexts are: DVS (_context==dvs-NN;vimServer.id==urn:vcloud:vimserver:uuid) - | Returns all the provider VDCs which are related to the DVS. The VimServer is required for this filtering. External Network (_context==urn:vcloud:network:uuid) - | Returns all the provider VDCs which are related to the external network. Network Pool (_context==urn:vcloud:networkpool:uuid) - | Returns all the provider VDCs which are accessible to the network pool.

Get specified provider VDC

This endpoint returns memory and CPU consumption metrics for this PVDC.

Get all projections of this PVDC across all the organizations.

This API projects the Provider VDC to the sub provider tenant organization. The Provider VDC must have only elastic FLEX Org VDCs in order to be projected.

Get projection with the given identifier.

This API allow update of projection details of the given PVDC.

This API deletes the PVDC projection. The deletion fails if there are VDCs in the organization using this PVDC.

Get a list of all root resource pools that are eligible for consumption. If a resource pool is ineligible but is in the response, this means it has children which are eligible for consumption. A resource pool will be ineligible, unless the cluster has an ESXi host on it. The list will be sorted by name, case insensitive.

Get list of child resource pools of the specified parent that are eligible for consumption. If a resource pool is ineligible but is in the response, this means it has children which are eligible for consumption. A resource pool will be ineligible, unless the cluster has an ESXi host on it. The list will be sorted by name, case insensitive.

Return PVDCs that can merge with the given target PVDC urn.

Gets the tenant-specific .pac file listing proxies accessible to the tenant.

Gets a paged list of proxies for a tenant.

Creates a proxy.

Retrieves a specific proxy.

Update a specific proxy.

Delete a specific proxy. Will not delete an enabled proxy unless force is specified.

Retrieve a proxy SSL certificate chain in PEM format.

Update a proxy certificate chain in PEM format.

Retrieve a proxy certificate revocation list in PEM format.

Update a proxy certificate revocation list in PEM format.

Retrieve a Proxy SSL certificate thumbprint and algorithm used for calculation. Only SHA-256 is supported.

Gets a paged list of proxy configurations.

Creates a proxy configuration.

Retrieves a specific proxy configuration.

Update a specific proxy configuration.

Delete a specific proxy configuration.

Gets a paged list of proxy rules.

Creates a proxy rule.

Retrieves a specific proxy rule.

Update a specific proxy rule.

Delete a specific proxy rule.

Get list of provider vDC compute policies. Only filtering by provider vDC compute policy name is supported.

Creates a new pVDC compute policy

Get specified provider vDC compute policy

Update specified provider vDC compute policy

Delete specified provider vDC compute policy.

Get all VMs associated with this pVDC compute policy

Get list of provider vDC compute policies. Only filtering by provider vDC compute policy name is supported.

Creates a new pVDC compute policy

Get specified provider vDC compute policy

Update specified provider vDC compute policy

Delete specified provider vDC compute policy.

Get a list of Virtual Machine Classes associated with this resource pool. This API throws 400 BadRequestException if called against a resource pool which is not Kubernetes enabled.

Get a paged list of all Provider VDC level storage policies in the system

Get a paged list of all supported entity types configured for storage policies in the system

Updates the supported entity types for the specified provider VDC storage policy.

Get specified Provider VDC storage policy.

Get a paged list of the supported entity types for the specified Provider VDC storage policy.

Updates the supported entity types for the specified provider VDC storage policy.

Fetches the usage metrics of a PVDC Storage Policy.

Returns any issues related to the distributed nature of the Storage Policy. This can range from issues with the entities suppoted by the Storage Policy to underlying infrastructure issues that's resulting in the Datastores of the Storage Policy not being in sync with its peers.

Fetch a list of all the provider VDC storage policy projections.

Project a provider VDC storage policy to the supplied organization.

Get a PVDC storage policy projection with the given identifier.

Update the PVDC storage policy projection details of the given PVDC storage policy projection.

Deletes the given PVDC storage policy projection.

Retrieves the settings that child Org VDC storage policies of this provider VDC storage policy should inherit.

Updates the settings that child Org VDC storage policies of this provider VDC storage policy should inherit.

Updates the supported entity types for the specified provider VDC storage policy.

Updates the supported entity types for the specified provider VDC storage policy.

Get list of quota policies. Results can be filtered by id Returns all the quota policies which are available in the system.

Creates a new quota policy

Get the specified quota policy

Update the specified quota policy

Delete the specified quota policy.

Get the assigned quota policy reference for the given service account.

Assign or unassign a quota policy to a given target service account. An empty payload is used to unassign an existing quota policy from a given service account.

Get the assigned quota policy reference for the given organization.

Assign or unassign a quota policy to a given target organization. An empty payload is used to unassign an existing quota policy from a given organization.

Get the assigned quota policy reference for the given user.

Assign or unassign a quota policy to a given target user. An empty payload is used to unassign an existing quota policy from a given user.

Get the assigned quota policy reference for the given group.

Assign or unassign a quota policy to a given target group. An empty payload is used to unassign an existing quota policy from a given group.

Get the assigned quota policy reference for the given vapp.

Assign or unassign a quota policy to a given target vapp. An empty payload is used to unassign an existing quota policy from a given vapp.

Get list of rights

Retrieves the requested Right by id.

Get list of rights bundles

Creates a new rights bundle

Get specified rights bundle

Update specified rights bundle

Delete specified rights bundle

Get list of rights (as references) contained by a particular bundle

Adds the list of rights (passed as references) to a rights bundle.

Replaces the existing set of rights in bundle with the rights (as references) supplied.

Retrieves list of tenants for whom the rights bundle is explicitly published

Resets list of tenants for whom the rights bundle is explicitly published

Publishes the rights bundle to the specified tenants

Revokes publication of the rights bundle to the specified tenants

Publishes the rights bundle to all tenants

Unpublishes the rights bundle from all tenants

Get list of Rights Categories

Retrieves the requested Rights Category by id.

Get list of roles for a tenant

Creates a new role

Get specified role

Update specified role

Delete specified role

Get list of rights (as references) contained by a particular role

Adds the list of rights (passed as references) to a role.

Replaces the existing set of rights in role with the rights (as references) supplied.

Gets the .pac file for the user's accessible proxies.

Gets a paged list of SDDC proxies for a tenant.

Creates an SDDC proxy.

Retrieves a specific SDDC proxy.

Update a specific SDDC proxy.

Delete a specific SDDC proxy. Will not delete an enabled proxy unless force is specified.

Retrieve a SDDC proxy SSL certificate chain in PEM format.

Update a SDDC proxy certificate chain in PEM format.

Retrieve a SDDC proxy certificate revocation list in PEM format.

Update a SDDC proxy certificate revocation list in PEM format.

Retrieve a SDDC Proxy SSL certificate thumbprint. The thumbprint is the SHA-1 hash of the DER encoding of the certificate.

Get the list of Software-Defined Datacenters accessible to the user.

Create a Software-Defined Datacenter.

Retrieve a specific Software-Defined Datacenter.

Update a specific Software-Defined Datacenter.

Delete a specific Software-Defined Datacenter. Unless force is specified, SDDC & its proxies must be disabled before they can be deleted.

Retrieve the proxies for the Software-Defined Datacenter.

Retrieve the owner of the Software-Defined Datacenter.

Update the owner of the Software-Defined Datacenter.

Retrieve the list of tenants a Software-Defined Datacenter is published to.

Reset the list of tenants a Software-Defined Datacenter is published to.

Publish a Software-Defined Datacenter to the tenants.

Revoke publication of the Software-Defined Datacenter for the tenants.

Retrieve the endpoints for the SDDC.

Creates an SDDC endpoint.

Retrieves a specific SDDC endpoint.

Update a specific SDDC endpoint.

Delete a specific SDDC endpoint. Will not delete a default endpoint.

Retrieves the list of security tags that are in the organization and can be reused to tag an entity. The list of tags include tags assigned to entities within the organization. This API is meant for organization user only (i.e. not system provider).

Only the list of tagged entities can be updated. The name cannot be updated. Any other existing entities not in the list will be untagged.

Retrieves the list of entities that have at least one tag assigned to it. Besides entityType, additional supported filters are:

• tag - The tag to search by

Retrieves the list of tags for a specific VM. If user has view right to the VM, user can view its tags.

Update the list of tags for a specific VM. An empty list of tags means to delete all dags for the VM. If user has edit permission on the VM, user can edit its tags.

Retrieves all the Segment Profile Templates available to the user.

Creates a new Segment Profile Template. If needed, the segment profiles referenced in the template will be synced from the source NSX-T Manager to all known NSX-T Managers in Cloud Director.

Retrieves a singular Segment Profile Template with the given ID.

Updates the Segment Profile Template with the given ID. If needed, the segment profiles referenced in the template will be synced from the source NSX-T Manager to all known NSX-T Managers in Cloud Director. If the source NSX-T Manager is updated, all updates to profiles will be ignored within the same request.

Deletes the Segment Profile Template with the given ID.

Sync the Segment Profile Template. An example usage is to detect if a segment profile referenced by this template still exists/is valid. The segment profiles referenced in the template will be synced from the source NSX-T Manager to all known NSX-T Managers in Cloud Director, if needed. If previously synced, this will overwrite the profiles on the target NSX-T managers with the source profile.

Retrieve the global default segment profile templates. These segment profile templates apply to all NSX-T backed networks created by Cloud Director unless overridden explicitly during create/update or by an Org vDC defined default.

Updates the global default segment profile templates. These segment profile templates apply to all NSX-T backed networks created by Cloud Director unless overridden explicitly during create/update or by an Org vDC defined default.

Get a list of all service accounts.

Retrieves a specific service account

Updates a service account

Deletes a service account

Revokes the token associated with given service account URN, invalidates any existing sessions.

Transfer ownership of this user's owned entities (vApps, media, etc) to the caller.

Retrieves a specific VMware service application

Updates a specific VMware service application.

Deletes a specific VMware service application.

Get all registered VMware service applications

Create a VMware service app

Get all items across all services

Get the specified item

Update specified service item

Deletes specified service item

Retrieves list of item for whom the service item is explicitly published

Resets list of tenants for whom the service item is explicitly published

Publishes the service item to the specified tenants

Revokes publication of the service item to the specified tenants

Publishes the service item to all tenants

Unpublishes the service item from all tenants

Retrieves paginated list of item for whom the service item is explicitly published

Resets list of tenants for whom the service item is explicitly published

Publishes the service item to the specified tenants

Revokes publication of the service item to the specified tenants

Publishes the service item to all tenants

Unpublishes the service item from all tenants

Get list of services

Creates a new service

Get specified service

Updates service specific metadata for a vRealize Orchestrator

Delete specified service

This endpoint will not produce results. It is a placeholder to enforce code generation of VroWorkflowServiceItem

Add VRO remote workflows to this service

List all sessions for current user

Logs in a user

Returns the specified session for current user

Logs out the current user

Returns the specified session for the authorization token

Logs out and terminates the current session identified by credentials supplied using the Authorization header

Gets locations accessible to this session.

Gets token associated with this session.

Logs in a user (Provider only)

Get list of site associations accessible to the user.

Get specified site association.

Retrieve settings for a site and links for navigating to more specific site settings (e.g., CORS)).

Sets settings for a site.

Get the current VCD SSL settings

Updates the current VCD SSL settings. Only the FIPS setting(s) can be toggled at this time.

Get a paged list of all standalone Datastores and Datastore Clusters in the system

Get specified Datastore or Datastore Cluster.

Retrieves all Datastores associated with the specified Datastore Cluster.

Retrieves all peer datastores of the specified local Datastore.

Get a paged list of all Provider Storage Policies in the system

Get specified Storage Policy.

Tests a connection, including SSL handshake and hostname verification.

Retrieve tokens

Creates a new token. Proxy tokens are tied to the current user and can be used to access the set of proxies available to the user.

Gets token associated with this session.

Update a token

Delete a specific token. Use this to revoke the current token in case of a leak.

Get list of active transfer sessions.

Get specified transfer session

Get list of transfer session items associated with this transfer session.
Results can be filtered by:

• name

Get currently trusted certificates

Add to list of currently trusted certificates

Get the PEM-encoded certificate with the requested URN

Updates an existing trusted certificate

Revoke trusting specified certificate

Get the access-control list for the specified vCD entity type.

Creates an access-control grant, giving the user the level of access for the vCD entity type.

Get the specified access-control grant.

Updates the specified access-control grant.

Removes the specified access-control grant from the vCD entity type access-control list.

Retrieve the plugin metadata for this extension

Update the plugin metadata for this extension clobbering existing information and returns the updated plugin metadata

Delete the system level logo, forcing the get method to return the vCloud Director default logo.

Retrieves a map of extension Points and an ordered list of items registered with that extension point

Customizes the order and enables/disables extension Points

Initiates an upload for the plugin for this extension using the Transfer service A unique transfer service URL is returned where the plugin may be uploaded.

Deletes the actual plugin for this extension

Retrieves list of tenants for whom the plugin is explicitly published

Publishes the UI plugin to the specified tenants

Revokes publication of the UI plugin to the specified tenants

Publishes the UI plugin to all tenants

Unpublishes the UI plugin from all tenants

Get a list of all UI Extensions

Creates a new UI extension and sets the provided plugin metadata for it.

Retrieves a specific Universal Router

Updates a specific Universal Router

Deletes a specific Universal Router

Sync/repair the Universal Router

Retrieves Dhcp configuration of a specific Universal Router

Updates Dhcp configuration for a specific Universal Router

Deletes Dhcp configuration of a specific Universal Router

Retrieves dns configuration of a universal router

Updates dns configuration of a universal Router

Deletes dns configuration of a universal router

Get Health information of a universal router and its associated entities such as egress points and routing. It includes information about reachability status of all the participating vDC's of referenced vDC group and it also includes information about all the nsx managers covered by this universal router along with associated nsx controller cluster.

Get all the universal routers defined for a vDC group in the system.

Create a new universal router for a vDC group

Retrieves Universal Egress Points and routing configuration for a Universal Router.

Updates the routing configuration using the specified egress points in the universal routes. Any egress point that does not exist will be created before updating routing. Any egress point that currently exists and is not in use by any of the specified routes will be deleted. If the new egress points for routing fail to create, routing will not be updated.

Retrieves routing configuration for a Universal Router.

Updates routing configuration for a Universal Router.

Sync/repair the universal routes

Get a list of users.

Create a new user.

Get a specified user by id.

Modify basic details of the specified user.

Delete the specified user.

Get a list of references of groups that the user with the given id belongs to.

Modify an existing user's own password

Transfer ownership of this user's owned entities (vApps, media, etc) to the caller.

Get paginated list of all snapshots of a VApp.

Create VM snapshots for all VMs of the vApp.

Get a specific snapshot of the VApp

API to change name of the specified snapshot.

Remove a specific snapshot of the VApp

API to revert to a specified snapshot.

Get a paged list of all VM snapshots of a VApp snapshot

Get all DVPG network backings that are available. Supported filters are:

• Org vDC ID (orgVdcId==[ID]) - Returns all the importable DVPGs available to a specific Org vDC.
• Network Pool ID (networkPoolId==[ID]) - Returns all the importable DVPGs available to a specific Network Pool.
• External Network ID (externalNetworkId==[ID]) - Returns all the importable DVPGs available to a specific External Network.
• Virtual Center ID (virtualCenter.id==[ID]) - Returns all the importable DVPGs available to a specific Virtual Center.

Get all standard portgroups that are available as backings. Supported filters are:

• Network Pool ID (networkPoolId==[ID]) - Returns all the standard portgroups available as backings to a specific Network Pool.
• External Network ID (externalNetworkId==[ID]) - Returns all the standard portgroups available as backings to a specific External Network.
• Virtual Center ID (virtualCenter.id==[ID]) - Returns all the standard portgroups available as backings to a specific Virtual Center.

Retrieves all distributed virtual switches.

Retrieves service specific metadata for a vRealize Orchestrator

Updates service specific metadata for a vRealize Orchestrator

Unregisters a vRealize Orchestrator endpoint from vCloud Director

Updates service specific metadata for a vRealize Orchestrator

Discover vCenter to work with the provided vRealize Orchestrator service

Get a list of registered vRealize Orchestrator services

Register a vRealize Orchestrator endpoint with vCloud Director

Retrieves Max Compute Policy of the vDC.

Updates Max Compute Policy of the vDC. Returns 400 if policy type is not VdcVmPolicy.

Retrieves all compute policies of a vDC

Retrieves a list of Org-scoped (if applicable) vDCs. Results can be filtered by id, name, allocationType, and computePolicyType.

Supported filters for computePolicyType are: (computePolicyType==VdcKubernetesPolicy) - | Returns a list of all vDCs that have a VdcKubernetesPolicy compute policy.

Retrieves a specific vDC via URN.

Get list of organization VDC compute policy.
Results can be filtered by:

• id
• name
• pvdcId
• isSizingOnly
• policyType
• vdc.id
• pvdcComputePolicy.id
• publishableToVdc
• isPublishable
• pvdc
• isAutoGenerated
• _context
  
  Supported contexts are: Org VDC Urn ID (_context==orgVdcUrn) - |
  Returns all the VDC compute policies which are available to a specific Org VDC.

Creates a new VDC compute policy. if PolicyType is VdcKubernetesPolicy, then the response is a 202 with task URL in location header. For VdcVmPolicy type, the response is 201 with created policy in response body.

Get specified organization VDC compute policy

Updates vDC compute policy. if PolicyType is VdcKubernetesPolicy, then the response is a 202 with task URL in location header. For VdcVmPolicy type, the response is 200 with updated policy in response body.

Deletes vDC compute policy. if PolicyType is VdcKubernetesPolicy, then the response is a 202 with task URL in location header, else 204 is returned.

Get all VMs associated with this vDC compute policy

Get orgatization VDCs this VDC compute policy has been assigned/published to

Assign this organization VDC compute policy to list of VDCs.

Get list of organization VDC compute policy.
Results can be filtered by:

• id
• name
• pvdcId
• isSizingOnly
• policyType
• vdc.id
• pvdcComputePolicy.id
• publishableToVdc
• isPublishable
• pvdc
• isAutoGenerated
• _context
  
  Supported contexts are: Org VDC Urn ID (_context==orgVdcUrn) - |
  Returns all the VDC compute policies which are available to a specific Org VDC.