API Description | API Path |
---|---|
List feature permissionsList features |
GET /api/v1/aaa/features-with-properties
|
List LDAP identity sourcesReturn a list of all configured LDAP identity sources. |
GET /policy/api/v1/aaa/ldap-identity-sources
|
Test an LDAP serverAttempt to connect to an LDAP server and ensure that the server can be contacted using the given URL and authentication credentials. |
POST /policy/api/v1/aaa/ldap-identity-sources?action=probe_ldap_server
|
Probe an LDAP identity sourceVerify that the configuration of an LDAP identity source is correct before actually creating the source. |
POST /policy/api/v1/aaa/ldap-identity-sources?action=probe_identity_source
|
Fetch the server certificate of an LDAP serverAttempt to connect to an LDAP server and retrieve the server certificate it presents. |
POST /policy/api/v1/aaa/ldap-identity-sources?action=fetch_certificate
|
Delete an LDAP identity sourceDelete an LDAP identity source. Users defined in that source will no longer be able to access NSX. |
DELETE /policy/api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>
|
Read a single LDAP identity sourceReturn details about one LDAP identity source |
GET /policy/api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>
|
Test the configuration of an existing LDAP identity sourceAttempt to connect to an existing LDAP identity source and report any errors encountered. |
POST /policy/api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>?action=probe
|
Update an existing LDAP identity sourceUpdate the configuration of an existing LDAP identity source. You may wish to verify the new configuration using the POST /aaa/ldap-identity-sources?action=probe API before changing the configuration. |
PUT /policy/api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>
|
Search the LDAP identity sourceSearch the LDAP identity source for users and groups that match the given filter_value. In most cases, the LDAP source performs a case-insensitive search. |
POST /policy/api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>/search
|
Create registration access tokenThe privileges of the registration token will be the same as the caller. |
POST /api/v1/aaa/registration-token
|
Delete registration access token |
DELETE /api/v1/aaa/registration-token/<token>
|
Get registration access token |
GET /api/v1/aaa/registration-token/<token>
|
Get all users and groups with their roles |
GET /api/v1/aaa/role-bindings
|
Assign roles to User or GroupWhen assigning a user role, specify the user name with the same case as it appears in vIDM to access the NSX-T user interface. For example, if vIDM has the user name User1@example.com then the name attribute in the API call must be be User1@example.com and cannot be user1@example.com. |
POST /api/v1/aaa/role-bindings
|
Delete all stale role assignments |
POST /api/v1/aaa/role-bindings?action=delete_stale_bindings
|
Delete user/group's roles assignment |
DELETE /api/v1/aaa/role-bindings/<binding-id>
|
Get user/group's role information |
GET /api/v1/aaa/role-bindings/<binding-id>
|
Update User or Group's roles |
PUT /api/v1/aaa/role-bindings/<binding-id>
|
Get information about all roles |
GET /api/v1/aaa/roles
|
Validate a new feature permission setValidate the permissions of an incoming role. Also, recommend the permissions which need to be corrected. |
POST /api/v1/aaa/roles?action=validate
|
Get information about all roles with features and their permissions |
GET /api/v1/aaa/roles-with-feature-permissions
|
Delete custom roleIf a role is assigned to a role binding then the deletion of the role is not allowed. Precanned roles cannot be deleted. |
DELETE /api/v1/aaa/roles/<role>
|
Get role information |
GET /api/v1/aaa/roles/<role>
|
Clone an already present roleThe role with id the ones provided in the request body. |
POST /api/v1/aaa/roles/<role>?action=clone
|
Update custom roleCreates a new role with id as role with id |
PUT /api/v1/aaa/roles/<role>
|
Get the name and role information of the user.This API will return the name and role information of the user invoking this API request. This API is available for all NSX users no matter their authentication method (Local account, VIDM, LDAP etc). The permissions parameter of the NsxRole has been deprecated. |
GET /api/v1/aaa/user-info
|
Get all the User Groups where vIDM display name matches the search key case insensitively. The search key is checked to be a substring of display name. This is a non paginated API. |
GET /api/v1/aaa/vidm/groups
|
Get all the users and groups from vIDM matching the search key case insensitively. The search key is checked to be a substring of name or given name or family name of user and display name of group. This is a non paginated API. |
POST /api/v1/aaa/vidm/search
|
Get all the users from vIDM whose userName, givenName or familyName matches the search key case insensitively. The search key is checked to be a substring of name or given name or family name. This is a non paginated API. |
GET /api/v1/aaa/vidm/users
|
Collect support bundles from registered cluster and fabric nodesCollect support bundles from registered cluster and fabric nodes. |
POST /api/v1/administration/support-bundles?action=collect
|
Delete existing support bundles waiting to be downloadedDelete existing support bundles waiting to be downloaded. |
POST /api/v1/administration/support-bundles?action=delete_async_response
|
Accept end user license agreementAccept end user license agreement |
POST /api/v1/eula/accept
|
Return the acceptance status of end user license agreementReturn the acceptance status of end user license agreement |
GET /api/v1/eula/acceptance
|
Return the content of end user license agreementReturn the content of end user license agreement in the specified format. By default, it's pure string without line break |
GET /api/v1/eula/content
|
Deprecated. Return the Enterprise LicenseDeprecated. Use the GET /licenses API instead. |
GET /api/v1/license
(Deprecated)
|
Deprecated. Assign an Updated Enterprise License KeyDeprecated. Use the POST /licenses API instead |
PUT /api/v1/license
(Deprecated)
|
Get all licensesReturns all licenses. |
GET /api/v1/licenses
|
Remove a licenseThis will delete the license key identified in the request body by "license_key" and its properties from the system. Attempting to delete the last license key will result in an error. |
POST /api/v1/licenses?action=delete
|
Add a new license keyThis will add a license key to the system. The API supports adding only one license key for each license edition type - Standard, Advanced or Enterprise. If a new license key is tried to add for an edition for which the license key already exists, then this API will return an error. |
POST /api/v1/licenses
|
Deprecated. Remove a license identified by the license-keyDeprecated. Use POST /licenses?action=delete API instead. |
DELETE /api/v1/licenses/<license-key>
(Deprecated)
|
Deprecated. Get license properties for license identified by the license-keyDeprecated. Use GET /licenses API instead. |
GET /api/v1/licenses/<license-key>
(Deprecated)
|
Get usage report of all registered modulesReturns usage report of all registered modules |
GET /api/v1/licenses/licenses-usage
|
Get usage report of all registred modules in CSV formatReturns usage report of all registered modules in CSV format |
GET /api/v1/licenses/licenses-usage?format=csv
|
Read AAA provider vIDM properties |
GET /api/v1/node/aaa/providers/vidm
GET /api/v1/transport-nodes/<transport-node-id>/node/aaa/providers/vidm GET /api/v1/cluster/<cluster-node-id>/node/aaa/providers/vidm |
Update AAA provider vIDM properties |
PUT /api/v1/node/aaa/providers/vidm
PUT /api/v1/transport-nodes/<transport-node-id>/node/aaa/providers/vidm PUT /api/v1/cluster/<cluster-node-id>/node/aaa/providers/vidm |
Read AAA provider vIDM status |
GET /api/v1/node/aaa/providers/vidm/status
GET /api/v1/transport-nodes/<transport-node-id>/node/aaa/providers/vidm/status GET /api/v1/cluster/<cluster-node-id>/node/aaa/providers/vidm/status |
Returns the proxy configurationReturns the proxy configuration. |
GET /api/v1/proxy/config
|
Creates or updates the proxy configurationUpdates or creates the proxy configuration, and returns the new configuration. |
PUT /api/v1/proxy/config
|
Returns telemetry agreement informationReturns telemetry agreement information. |
GET /api/v1/telemetry/agreement
|
Set telemetry agreement informationSet telemetry agreement information. |
PUT /api/v1/telemetry/agreement
|
Returns the telemetry configurationReturns the telemetry configuration. |
GET /api/v1/telemetry/config
|
Creates or updates the telemetry configurationUpdates or creates the telemetry configuration, and returns the new configuration. |
PUT /api/v1/telemetry/config
|
Return the Properties of a Trust ManagerReturns information about the supported algorithms and key sizes. |
GET /api/v1/trust-management
|
Get the certificate profile for the given service typeGet an available certificate profile |
GET /api/v1/trust-management/certificate-profile/<service-type>
|
Return the list of certificate profiles. | |
GET /api/v1/trust-management/certificate-profiles
|
Return All the User-Facing Components' CertificatesReturns all certificate information viewable by the user, including each certificate's UUID; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. |
GET /api/v1/trust-management/certificates
|
Add a New CertificateAdds a new private-public certificate or a chain of certificates (CAs) and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. |
POST /api/v1/trust-management/certificates?action=import
|
Set a certificate as the Appliance Proxy certificate to be used in inter-site communicationSet a certificate that has been imported to be the Appliance Proxy certificate used for communicating with Appliance Proxies on other sites. |
POST /api/v1/trust-management/certificates?action=set_appliance_proxy_certificate_for_inter_site_communication
|
Delete Certificate for the Given Certificate IDRemoves the specified certificate. The private key associated with the certificate is also deleted. |
DELETE /api/v1/trust-management/certificates/<cert-id>
|
Show Certificate Data for the Given Certificate IDReturns information for the specified certificate ID, including the certificate's UUID; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. |
GET /api/v1/trust-management/certificates/<cert-id>
|
Return the list of CrlDistributionPoints |
GET /api/v1/trust-management/crl-distribution-points
|
Create a Crl Distribution PointCreate an entity that will represent a Crl Distribution Point |
POST /api/v1/trust-management/crl-distribution-points
|
Delete a CrlDistributionPointDelete a CrlDistributionPoint. It does not delete the actual CRL. |
DELETE /api/v1/trust-management/crl-distribution-points/<crl-distribution-point-id>
|
Return the CrlDistributionPoint with |
GET /api/v1/trust-management/crl-distribution-points/<crl-distribution-point-id>
|
Update CrlDistributionPoint with |
PUT /api/v1/trust-management/crl-distribution-points/<crl-distribution-point-id>
|
Return the status of the CrlDistributionPoint |
GET /api/v1/trust-management/crl-distribution-points/<crl-distribution-point-id>/status
|
Return stored CRL in PEM format |
POST /api/v1/trust-management/crl-distribution-points/pem-file
|
Return All Added CRLsReturns information about all CRLs. For additional information, include the ?details=true modifier at the end of the request URI. |
GET /api/v1/trust-management/crls
|
Add a New Certificate Revocation ListAdds a new certificate revocation list (CRL). The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. |
POST /api/v1/trust-management/crls?action=import
|
Delete a CRLDeletes an existing CRL. |
DELETE /api/v1/trust-management/crls/<crl-id>
|
Show CRL Data for the Given CRL IDReturns information about the specified CRL. For additional information, include the ?details=true modifier at the end of the request URI. |
GET /api/v1/trust-management/crls/<crl-id>
|
Update CRL for the Given CRL IDUpdates an existing CRL. |
PUT /api/v1/trust-management/crls/<crl-id>
|
Return All the Generated CSRsReturns information about all of the CSRs that have been created. |
GET /api/v1/trust-management/csrs
|
Generate a New Certificate Signing RequestCreates a new certificate signing request (CSR). A CSR is encrypted text that contains information about your organization (organization name, country, and so on) and your Web server's public key, which is a public certificate the is generated on the server that can be used to forward this request to a certificate authority (CA). A private key is also usually created at the same time as the CSR. |
POST /api/v1/trust-management/csrs
|
Generate a New Certificate Signing Request with ExtensionsCreates a new certificate signing request (CSR) with selected extensions. A CSR is encrypted text that contains information about your organization (organization name, country, and so on), additional attributes as extensions, and your Web server's public key, which is a public certificate the is generated on the server that can be used to forward this request to a certificate authority (CA). A private key is also usually created at the same time as the CSR. |
POST /api/v1/trust-management/csrs-extended
(Experimental)
|
Delete a CSRRemoves a specified CSR. If a CSR is not used for verification, you can delete it. Note that the CSR import and upload POST actions automatically delete the associated CSR. |
DELETE /api/v1/trust-management/csrs/<csr-id>
|
Show CSR Data for the Given CSR IDReturns information about the specified CSR. |
GET /api/v1/trust-management/csrs/<csr-id>
|
Upload the Certificate PEM File Signed by the CA Associated with a CSRUploads the certificate authority (CA)-signed certificate. After you send the certificate request to the CA of your choice, and the CA sends back the signed certificate, you can use the upload POST action to upload the signed certificate. The upload action is similar to the import action, but the upload action allows you to directly upload the PEM-encoded file (signed certificate) provided by the CA. Like the import POST action, the upload POST action automatically deletes the associated CSR. |
POST /api/v1/trust-management/csrs/<csr-id>?action=upload
|
Import a Certificate Associated with an Approved CSRImports a certificate authority (CA)-signed certificate for a CSR. This action links the certificate to the private key created by the CSR. The pem_encoded string in the request body is the signed certificate provided by your CA in response to the CSR that you provide to them. The import POST action automatically deletes the associated CSR. |
POST /api/v1/trust-management/csrs/<csr-id>?action=import
|
Self-Sign the CSRSelf-signs the previously generated CSR. This action is similar to the import certificate action, but instead of using a public certificate signed by a CA, the self_sign POST action uses a certificate that is signed with NSX's own private key. For validity, if a value greater than 825 days is provided, it will be set to 825 days. |
POST /api/v1/trust-management/csrs/<csr-id>?action=self_sign
|
Get CSR PEM File for the Given CSR IDDownloads the CSR PEM file for a specified CSR. Clients must include an Accept: text/plain request header. |
GET /api/v1/trust-management/csrs/<csr-id>/pem-file
|
Return the list of OpenID Connect end-points. |
GET /api/v1/trust-management/oidc-uris
|
Update a OpenID Connect end-point's thumbprintUpdate a OpenID Connect end-point's thumbprint used to connect to the oidc_uri through SSL |
POST /api/v1/trust-management/oidc-uris?action=update_thumbprint
|
Add an OpenID Connect end-point.This request also fetches the issuer and jwks_uri meta-data from the OIDC end-point and stores it. |
POST /api/v1/trust-management/oidc-uris
|
Get an OpenID Connect end-point.When ?refresh=true is added to the request, the meta-data is newly fetched from the OIDC end-point. |
GET /api/v1/trust-management/oidc-uris/<id>
|
Return the list of principal identitiesReturns the list of principals registered with a certificate. |
GET /api/v1/trust-management/principal-identities
|
Register a name-certificate combination.Associates a principal's name with a certificate that is used to authenticate. The combination name and node_id needs to be unique across token-based and certificate-based principal identities. Deprecated, use POST /trust-management/principal-identities/with-certificate instead. |
POST /api/v1/trust-management/principal-identities
(Deprecated)
|
Update a principal identity's certificateUpdate a principal identity's certificate |
POST /api/v1/trust-management/principal-identities?action=update_certificate
|
Delete a principal identityDelete a principal identity. It does not delete the certificate. |
DELETE /api/v1/trust-management/principal-identities/<principal-identity-id>
|
Get a principal identityGet a stored principal identity |
GET /api/v1/trust-management/principal-identities/<principal-identity-id>
|
Register a name-certificate combination.Create a principal identity with a new, unused, certificate. The combination name and node_id needs to be unique across token-based and certificate-based principal identities. |
POST /api/v1/trust-management/principal-identities/with-certificate
|
Return the list of token-based principal identities. | These don't have certificate or role information. |
GET /api/v1/trust-management/token-principal-identities
|
Register a token-based principal identity.Register a principal identity that is going to be authenticated through a token. The combination name and node_id needs to be unique across token-based and certificate-based principal identities. |
POST /api/v1/trust-management/token-principal-identities
|
Delete a token-based principal identityDelete a token-based principal identity. |
DELETE /api/v1/trust-management/token-principal-identities/<principal-identity-id>
|
Get a token-based principal identityGet a stored token-based principal identity |
GET /api/v1/trust-management/token-principal-identities/<principal-identity-id>
|