NSX VMC Policy API API Guide

NSX-T Data Center 2.3.0.0.3

Table of Contents

  1. Overview
  2. API Methods
    1. Nsx Vmc Aws Integration
    2. Policy
      1. Connectivity
        1. Bgp
        2. Dhcp
        3. Segments
        4. Tier-1
      2. Dfw
      3. Dns Forwarder
      4. Gateway Firewall
      5. Ipfixdfw
      6. L2Vpn
      7. L3Vpn
      8. Nat
      9. Operations
      10. Realization
      11. Routing
      12. Statistics
        1. Group
        2. L2Vpn
        3. L3Vpn
  3. API Types
  4. API Type Schemas
  5. API Errors


Overview

Introduction

NSX VMC Policy API provides a programmatic API to automate management activities. The API follows a resource-oriented Representational State Transfer (REST) architecture, using JSON object encoding. Clients interact with the API using RESTful web service calls over the HTTPS protocol.

Each API method is identified by a request method and URI. Method parameters are specified as key-value pairs appended to the URI. Unless otherwise noted, request and response bodies are encoded using JSON, and must conform to the JSON schema associated with each method. The content type of each request and reply is "application/json" unless otherwise specified. Each request that can be made is documented in the API Methods section. The associated request and response body schemas are documented in the API Schemas section.

Some APIs may be marked as deprecated. This indicates that the functionality provided by the API has been removed or replaced with a different API. The description of the API will indicate what API(s) to call instead.

Some APIs may be marked as experimental. This indicates that the API may be changed or removed without notice in a future NSX VMC Policy API release.

It is possible for any request to fail. Errors are reported using standard HTTP response codes. It should be assumed the following errors could be returned by any API method: 301 Moved Permanently, 307 Temporary Redirect, 400 Bad Request, 401 Unauthorized, 403 Forbidden, 500 Internal Server Error, 503 Service Unavailable. Where other errors may be returned, the type of error is indicated in the API method description. All errors are documented in the API Errors section.

Request Authentication

Most API calls require authentication. This API supports HTTP Basic authentication and session-based authentication schemes. Multiple authentication schemes may not be used concurrently.

HTTP Basic Authentication

To authenticate a request using HTTP Basic authentication, the caller's credentials are passed using the 'Authorization' header. The header content should consist of a base64-encoded string containing the username and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.

For example, to authenticate a request using the default credentials of user admin with password admin, include the following header with the request:

Authorization: Basic YWRtaW46YWRtaW4=

The following cURL command will authenticate to the manager using basic authentication and will issue a GET request for logical ports:

curl -k -u USERNAME:PASSWORD https://MANAGER/api/v1/logical-ports

where:
USERNAME is the user to authenticate as,
PASSWORD is the password to provide, and
MANAGER is the IP address or host name of the NSX manager

For example:

curl -k -u admin:secretPw99 https://192.168.22.32/api/v1/logical-ports

Note: the -k argument instructs cURL to skip verifying the manager's self-signed X.509 certificate.

Session-Based Authentication

Session-based authentication is used by calling the /api/session/create authentication API to manage a session cookie. The session cookie returned in the result of a successful login must be provided in subsequent requests in order to associate those requests with the session.

Session state is local to the server responding to the API request. Idle sessions will automatically time-out, or can be terminated immediately using the POST /api/session/destroy API.

To obtain a session cookie, POST form data to the server using the application/x-ww-form-urlencoded media type, with fields "j_username" and "j_password" containing the username and password separated by an ampersand. Since an ampersand is a UNIX shell metacharacter, you may need to surround the argument with single quotes.

The following cURL command will authenticate to the server, will deposit the session cookie in the file "cookies.txt", and will write all HTTP response headers to the file headers.txt. One of these headers is the X-XSRF-TOKEN header that you will need to provide in subsequent requests.

curl -k -c cookies.txt -D headers.txt -X POST -d 'j_username=USERNAME&j_password=PASSWORD' https://MANAGER/api/session/create

For example:

curl -k -c cookies.txt -D headers.txt -X POST -d 'j_username=admin&j_password=secretPw99' https://192.168.22.32/api/session/create

The manager will respond with the roles and permissions granted to the user, and cURL will deposit the session cookie into the file "cookies.txt".

In subsequent cURL requests, use the -b argument to specify the cookie file. You also need to pass the X-XSRF-TOKEN header that was saved to the headers.txt file, using cURL's -H option:

curl -k -b cookies.txt -H "`grep X-XSRF-TOKEN headers.txt`" https://192.168.22.32/api/v1/logical-ports

When the session expires, the manager will respond with a 403 Forbidden HTTP response, at which point you must obtain a new session cookie and X-XSRF-TOKEN.

Session cookies can be destroyed by using the /api/session/destroy API:

curl -k -b cookies.txt -H "`grep X-XSRF-TOKEN headers.txt`" -X POST https://MANAGER/api/session/destroy

Example Requests and Responses

Example requests and responses are provided for most of the API calls below. Your actual response might differ from the example in the number of fields returned because optional empty fields are not returned when you make an API call.

Restrictions on Certain Fields in a Request

When configuring layer 2 switching, the following fields can contain any character except semicolon (;), vertical bar (|), equal sign (=), comma (,), tilde (~), and the "at" sign (@). They also have a length limitation as specified below:

Optimistic Concurrency Control and the _revision property

Overview

In order to prevent one client from overwriting another client's updates, NSX-T employs a technique called optimistic concurrency control.

All REST payloads contain a property named "_revision". This is an integer that is incremented each time an existing resource is updated. Clients must provide this property in PUT requests and it must match the current _revision or the update will be rejected. This guards against the following situation:

Client 1 reads resource A.

Client 2 reads resource A.

Client 1 replaces the display_name property of resource A and does a PUT to replace the resource.

Client 2 replaces is different property of resource A and attempts to perform a PUT operation.

Without optimistic concurrency control, Client 2's update would overwrite Client 1's update to the display_name property. Instead, Client 2 receives a 409 Conflict error. To recover, Client 2 must fetch the resource again, apply the change, and perform a PUT.

Exceptions for /policy APIs

APIs whose URI begins with /policy have slightly different behavior. For those APIs, the _revision property must not be set when PUT is used to create a new resource. Once the resource is created, however, the _revision property must be provided with PUT operations.

PATCH and _revision for /policy APIs

APIs whose URI begins with /policy support the PATCH operation. Those APIs do not require that the _revision property be provided. A client can, however, request that the _revision property be checked when it is performing a PATCH in the /infra path. To do this, the client should pass the query parameter enforce_revision_check, e.g. PATCH /infra?enforce_revision_check=true.

OpenAPI Specification of NSX-T APIs

You can download OpenAPI specifications for the various NSX-T APIs at the following URLs:

NSX-T Data Center Manager API:
APIs for NSX-T administration; node and cluster management APIs and fabric management APIs for on-premise customers.

NSX-T Data Center Manager API:
APIs for managing logical networking in NSX-T for on-premise customers. NSX VMC Policy API:
APIs for managing logical networking in NSX-T for VMware Cloud on AWS customers. NSX VMC AWS Integration API:
APIs for managing AWS underlay networking for VMware Cloud on AWS customers.


API Methods

Toggle all tables +

Nsx Vmc Aws Integration

Associated URIs:

Get SDDC account information.

Retrieve the shadow account and linked VPC account information from VMC provider. This API is a live query to VMC provider. This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/accounts
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/accounts/ Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
VMCAccounts+

Example Response: { shadow_account: "482663666969", linked_vpc_account: "909992878262" } Required Permissions: read Feature: vmc_user_features Additional Errors:

Get DX BGP related information

Get Direct Connect BGP related information, including current Autonomous System Number of the VGW attached to the VPC This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/direct-connect/bgp
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/direct-connect/bgp Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
DirectConnectBgpInfo+

Example Response: { "local_as_num" : "65414", } Required Permissions: read Feature: vmc_user_features Additional Errors:

Create or update DX BGP information

This API is used to create or update DX BGP related information. For ASN update, VIFs should be disconnected from the DX VGW before making this API call. The ASN update operation will be synchronous at this point. In the future the user should make use of the Get RealizationStatus call to check update status. While an ASN update call is in progress, any other DX BGP update request will be rejected. This API is only available when using VMware Cloud on AWS. Request:
Method:
PUT
URI Path:
/cloud-service/api/v1/infra/direct-connect/bgp
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
DirectConnectBgpInfo+

Example Request: PUT https:///cloud-service/api/v1/direct-connect/bgp { "local_as_num" : "65414" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
DirectConnectBgpInfo+

Example Response: { "local_as_num" : "65414" } Required Permissions: crud Feature: vmc_user_features Additional Errors:

Get routes that are advertised to on-premise datacenter via Direct Connect

Retrieve BGP routes that are advertised by Direct Connect from VMC provider to on-premise datacenter. This API is a live query to VMC provider. This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/direct-connect/routes/advertised
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/routes/advertised Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
BGPAdvertisedRoutes+

Example Response: { "advertised_routes": [ { "ipv4_cidr": "10.69.14.0/25", "advertisement_state": "SUCCESS" }, { "ipv4_cidr": "10.70.25.192/27", "advertisement_state": "SUCCESS" } ], "failed_advertised_routes": 0 } Required Permissions: read Feature: vmc_user_features Additional Errors:

Get learned BGP routes from Direct Connect.

Retrieve BGP routes that are learned by Direct Connect from on-premise datacenter. This API is a live query to VMC provider. This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/direct-connect/routes/learned
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/routes/learned Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
BGPLearnedRoutes+

Example Response: { "ipv4_cidr": [ "0.0.0.0/0" ] } Required Permissions: read Feature: vmc_user_features Additional Errors:

List all Direct Connect VIFs (Virtual Interface) available in the SDDC

Return all non-connected VIFs (with states "avalible", "down", "pending" and "confirming") and connected VIFs that are available to the SDDC. This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/direct-connect/vifs
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/vifs/ Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
VifsListResult+

Example Response: { "results": [{ "id": "dxvif-fglqwzf5", "name": "vmc-sddc-1", "state": "CONNECTED", "direct_connect_id" : "dxcon-17e8147e", "bgp_status" : "DOWN" }] } Required Permissions: read Feature: vmc_user_features Additional Errors:

Attach a Direct Connect VIF (Virtual Interface) to the SDDC.

Perform the attach operation in VMC provider to attach the specified VIF (Virtual Interface) to the SDDC. This API is only available when using VMware Cloud on AWS. Request:
Method:
POST
URI Path:
/cloud-service/api/v1/infra/direct-connect/vifs/<vif-id>
Request Headers:
n/a
Query Parameters:
VifAction+
Request Body:
n/a

Example Request: POST https:///cloud-service/api/v1/vifs/dxvif-fglqwzf5?action=ATTACH Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: vmc_user_features Additional Errors:

Delete a Direct Connect VIF (Virtual Interface).

Detach and delete a Direct Connect VIF (Virtual Interface) from the SDDC. Detach and delete are one operation in VMC provider, a Direct Connect VIF will be deleted after detached. This API is only available when using VMware Cloud on AWS. Request:
Method:
DELETE
URI Path:
/cloud-service/api/v1/infra/direct-connect/vifs/<vif-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https:///cloud-service/api/v1/vifs/dxvif-fglqwzf5 Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: vmc_user_features Additional Errors:

List linked VPC information.

List linked VPC information. This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/linked-vpcs
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/linked-vpcs Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
LinkedVpcsListResult+

Example Response: { "result_count": 1, "results": [ { "linked_vpc_id":"vpc-efeda78a", "linked_vpc_addresses":[ "172.31.0.0/16" ], "linked_vpc_subnet_addresses":[ "172.31.32.0/20" ], "route_table_ids":[ "rtb-588ad73d" ], "arn_role":"arn:aws:iam::122674636182:role/sddc-formation-493513ce-6488-476-RemoteRole-E38OM4XJOCLD", "linked_vpc_nat_ips":[ "172.31.32.159" ], "external_id":"vmc", "linked_account":"122674636182" } ] } Required Permissions: read Feature: vmc_user_features Additional Errors:

Get linked VPC information.

Get linked VPC information. This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/linked-vpcs/<linked-vpc-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/linked-vpcs/vpc-efeda78a Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
LinkedVpcInfo+

Required Permissions: read Feature: vmc_user_features Additional Errors:

List services connected to this linked vpc

List services connected to this linked vpc, for example, S3. The response consist of all available services along with their status. This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/linked-vpcs/<linked-vpc-id>/connected-services
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/linked-vpcs/vpc-01/connected-services Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ConnectedServiceListResult+

Example Response: { "results": [{ "name": "s3", "enabled" : true }] } Required Permissions: read Feature: vmc_user_features Additional Errors:

Connect/Disconnect the service to this linked vpc

Connect/Disconnect the service to the given linked vpc. For example, connect S3. The user will know what services are available through the GET call. If the user is trying to connect/disconnect an unknown service, the POST call will throw a 400 Bad Request error. This API is only available when using VMware Cloud on AWS. Request:
Method:
PUT
URI Path:
/cloud-service/api/v1/infra/linked-vpcs/<linked-vpc-id>/connected-services/<service-name>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
ConnectedServiceStatus+

Example Request: PUT https:///cloud-service/api/v1/linked-vpcs/vpc-01/connected-services/s3 { "name": "s3", "enabled" : true } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ConnectedServiceStatus+

Example Response: { "name": "s3", "enabled" : true } Required Permissions: crud Feature: vmc_user_features Additional Errors:

List Management VM information.

List Management VM information. This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/mgmt-vms
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/mgmt-vms Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
MgmtVmsListResult+

Example Response: { "result_count": 2, "results": [ { "display_name": "vm101", "ip": "10.0.224.10", "id": "vm101", "ports": [ 443 ], "protocols": [ "ICMP" ] }, { "display_name": "vm104", "ip": "10.0.224.10", "id": "vm104", "ports": [ 443 ], "protocols": [ "ICMP" ] } ] } Required Permissions: read Feature: vmc_user_features Additional Errors:

Get management VM access information.

Get management VM access information. This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/mgmt-vms/<vm-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/mgmt-vms/ Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
MgmtVmInfo+

Example Response: { "display_name":"VC", "ips": ["10.0.224.10/32", "10.0.1.2/24"], "protocols": ["ICMP"], "ports": ["443"] } Required Permissions: read Feature: vmc_user_features Additional Errors:

List all Public IPs

List all public IPs obtained in the SDDC. This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/public-ips
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/public-ips/ Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
PublicIpsListResult+

Example Response: { "result_count": 2, "results": [ { "ip": "34.212.160.142", "id": "nsx-public-ip", "display_name": "nsx-public-ip" }, { "ip": "34.218.111.236", "id": "nsx-public-ip-2", "display_name": "nsx-public-ip-2" } ] } Required Permissions: read Feature: vmc_user_features Additional Errors:

Delete a public IP

Delete a public IP. The IP will be released in VMC provider. This API is only available when using VMware Cloud on AWS. Request:
Method:
DELETE
URI Path:
/cloud-service/api/v1/infra/public-ips/<public-ip-id>
Request Headers:
n/a
Query Parameters:
DeleteRequestParameters+
Request Body:
n/a

Example Request: DELETE https:///cloud-service/api/v1/public-ips/nsx-public-ip DELETE https:///cloud-service/api/v1/public-ips/nsx-public-ip?force=true Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: vmc_user_features Additional Errors:

Create or update a public IP.

This API is used to create or update a public IP. In creating, the API allocates a new public IP from VMC provider. In updating, only the display name can be modified, the IP is read-only. This API is only available when using VMware Cloud on AWS. Request:
Method:
PUT
URI Path:
/cloud-service/api/v1/infra/public-ips/<public-ip-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
PublicIp+

Example Request: PUT https:///cloud-service/v1/public-ips/nsx-public-ip { "id": "nsx-public-ip", "display_name":"nsx-public-ip" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
PublicIp+

Example Response: { "ip": "34.212.160.142", "id": "nsx-public-ip", "display_name": "nsx-public-ip" } Required Permissions: crud Feature: vmc_user_features Additional Errors:

Get the public IP information.

Get the public IP information. This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/public-ips/<public-ip-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/public-ips/nsx-public-ip Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
PublicIp+

Example Response: { "ip": "34.212.160.142", "id": "nsx-public-ip", "display_name": "nsx-public-ip" } Required Permissions: read Feature: vmc_user_features Additional Errors:

Get the consolidated status of an intent object, specified by path in query parameter.

Get the consolidated status of an intent object, specified by path in query parameter. The intent object is indicated by a specific VMC-App API and can contain multiple objects. For example, /infra/direct-connect/bgp can return the consolidated status of ASN update and route preference update. This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/realized-state/status
Request Headers:
n/a
Query Parameters:
VmcIntentPathRequestParameter+
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/infra/realized-state/status?intent-path=/infra/direct-connect/bgp Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
VmcConsolidatedRealizedStatus+

Example Response: { "consolidated_status_per_object": [ { "consolidated_status": { "consolidated_status": "SUCCESS", "status_message" : "" }, "object_id": "local_asn" } ], "consolidated_status": { "consolidated_status": "SUCCESS" }, "intent_path": " /infra/direct-connect/bgp" } Required Permissions: read Feature: vmc_user_features Additional Errors:

Get the user-level SDDC configuration parameters

Get the user-level SDDC configuration parameters This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/cloud-service/api/v1/infra/sddc-user-config
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https:///cloud-service/api/v1/sddc-user-config Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
SddcUserConfiguration+

Example Response: { "sddc_infra_addresses": ["10.0.0.1/24"], "mgmt_addresses": ["10.0.0.2/24"], "vpn_internet_ip": "10.161.10.53", "compute_gateway": "cgw", "linked_vpc_interface_label": "cgw-cross-vpc", "management_gateway": "mgw", "provider_name": "vmc", "public_interface_label": "cgw-public", "dx_interface_label": "cgw-direct-connect" } Required Permissions: read Feature: vmc_user_features Additional Errors:

Policy

Associated URIs:

Read infra

Read infra. Returns only the infra related properties. Inner object
are not populated.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra
Request Headers:
n/a
Query Parameters:
ChildTypesRequestParameter+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Infra+

Example Response: { "resource_type": "Infra", "id": "infra", "display_name": "infra", "path": "/infra", "relative_path": "infra", "connectivity_strategy": "NONE", "_create_user": "system", "_create_time": 1517296394552, "_last_modified_user": "system", "_last_modified_time": 1517296394552, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: infra_admin Additional Errors:

Update the infra including all the nested entities

Update the infra including all the nested entities This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Infra+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra { "display_name": "infra", "path": "/infra", "relative_path": "infra", "connectivity_strategy": "NONE", "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Infra+

Example Response: { "resource_type": "Infra", "id": "infra", "display_name": "infra", "path": "/infra", "relative_path": "infra", "connectivity_strategy": "NONE", "_create_user": "system", "_create_time": 1517296394552, "_last_modified_user": "system", "_last_modified_time": 1517296394552, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: infra_admin Additional Errors:

Update the infra including all the nested entities

Update the infra including all the nested entities This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Infra+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra { "display_name": "infra", "path": "/infra", "relative_path": "infra", "connectivity_strategy": "NONE", } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: infra_admin Additional Errors:

List domains for infra

Paginated list of all domains for infra.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains
Request Headers:
n/a
Query Parameters:
DomainListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
DomainListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "Domain", "description": "VMC Domain", "id": "vmc", "display_name": "VMC domain", "path": "/infra/domains/vmc", "parent_path": "/infra/domains/vmc", "relative_path": "vmc", "_create_user": "admin", "_create_time": 1517307910473, "_last_modified_user": "admin", "_last_modified_time": 1517307910473, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: infra_admin Additional Errors:

Patch a domain

If a domain with the domain-id is not already present, create a new
domain. If it already exists, patch the domain
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/domains/<domain-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Domain+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc { "description": "VMC Domain Patched", "display_name": "VMC domain", "_revision":0 } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: infra_admin Additional Errors:

Read domain

Read a domain.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Domain+

Example Response: { "resource_type": "Domain", "description": "VMC Domain", "id": "vmc", "display_name": "VMC domain", "path": "/infra/domains/vmc", "parent_path": "/infra/domains/vmc", "relative_path": "vmc", "_create_user": "admin", "_create_time": 1517307910473, "_last_modified_user": "admin", "_last_modified_time": 1517307910473, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: infra_admin Additional Errors:

Create or update a domain

If a domain with the domain-id is not already present, create a new
domain. If it already exists, update the domain including the nested
groups. This is a full replace
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/domains/<domain-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Domain+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc { "description": "VMC Domain", "display_name": "VMC domain", "_revision":0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Domain+

Example Response: { "resource_type": "Domain", "description": "VMC Domain", "id": "vmc", "display_name": "VMC domain", "path": "/infra/domains/vmc", "parent_path": "/infra/domains/vmc", "relative_path": "vmc", "_create_user": "admin", "_create_time": 1517307910473, "_last_modified_user": "admin", "_last_modified_time": 1517307910473, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: infra_admin Additional Errors:

Delete Domain and all the entities contained by this domain

Delete the domain along with all the entities contained by this domain.
The groups that are a part of this domain are also deleted along with
the domain.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/domains/<domain-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: infra_admin Additional Errors:

List communication maps

List all communication maps for a domain.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps
Request Headers:
n/a
Query Parameters:
CommunicationMapListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationMapListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 2, "results": [ { "resource_type": "CommunicationMap", "description": "comm map", "id": "application-section-1", "display_name": "application-section-1", "path": "/infra/domains/vmc/communication-maps/application-section-1", "parent_path": "/infra/domains/vmc", "relative_path": "application-section-1", "category": "Application", "precedence": 0, "_create_user": "admin", "_create_time": 1517317362027, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 }, { "resource_type": "CommunicationMap", "id": "communication-map", "display_name": "communication-map", "path": "/infra/domains/vmc/communication-maps/communication-map", "parent_path": "/infra/domains/vmc", "relative_path": "communication-map", "precedence": 100, "_create_user": "admin", "_create_time": 1517307910504, "_last_modified_user": "admin", "_last_modified_time": 1517307910504, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_dfw Additional Errors:

Patch communication map

Patch the communication map for a domain.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
CommunicationMap+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1 { "description": "comm map patched", "display_name": "application-section-1", "category":"Application", "communication_entries": [ { "description": " comm entry", "display_name": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "action": "ALLOW" } ] } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: policy_dfw Additional Errors:

Deletes a communication map from this domain

Deletes the communication map along with all the communication entries
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1 Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: policy_dfw Additional Errors:

Read communication-map

Read communication-map for a domain.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationMap+

Example Response: { "resource_type": "CommunicationMap", "description": "comm map", "id": "application-section-1", "display_name": "application-section-1", "path": "/infra/domains/vmc/communication-maps/application-section-1", "parent_path": "/infra/domains/vmc", "relative_path": "application-section-1", "communication_entries": [ { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } ], "category": "Application", "precedence": 0, "_create_user": "admin", "_create_time": 1517317362027, "_last_modified_user": "admin", "_last_modified_time": 1517317362027, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: policy_dfw Additional Errors:

Create or Update communication map

Create or Update the communication map for a domain. This is a full replace.
All the CommunicationEntries are replaced.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
CommunicationMap+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1 { "description": "comm map", "display_name": "application-section-1", "_revision":0, "category":"Application", "communication_entries": [ { "description": " comm entry", "display_name": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "action": "ALLOW" } ] } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationMap+

Example Response: { "resource_type": "CommunicationMap", "description": "comm map", "id": "application-section-1", "display_name": "application-section-1", "path": "/infra/domains/vmc/communication-maps/application-section-1", "parent_path": "/infra/domains/vmc", "relative_path": "application-section-1", "communication_entries": [ { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } ], "category": "Application", "precedence": 0, "_create_user": "admin", "_create_time": 1517317362027, "_last_modified_user": "admin", "_last_modified_time": 1517317362027, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_dfw Additional Errors:

Revise the positioning of communication entry

This is used to re-order a communictation entry within a communication map.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
POST
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id>?action=revise
Request Headers:
n/a
Query Parameters:
CommunicationEntryInsertParameters+
Request Body:
CommunicationEntry+

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/emergency-section/communication-entries/ce-1?action=revise&anchor_path=/infra/domains/vmc/communication-maps/emergency-section/communication-entries/ce-2&operation=insert_after { "description": " comm entry", "display_name": "ce-1", "path": "/infra/domains/vmc_domain/communication-maps/emergency-section/communication-entries/ce-1", "parent_path": "/infra/domains/vmc_domain/communication-maps/emergency-section", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc_domain/groups/webgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc_domain/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/AD_Server", "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_revision": 1 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationEntry+

Example Response: { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } Required Permissions: crud Feature: policy_dfw Additional Errors:

Revise the positioning of communication maps

This is used to set a precedence of a communication map w.r.t others.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
POST
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>?action=revise
Request Headers:
n/a
Query Parameters:
CommunicationMapInsertParameters+
Request Body:
CommunicationMap+

Example Request: POST https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1?action=revise&anchor_path=/infra/domains/vmc/communication-maps/emergency-section&operation=insert_before { "description": "comm map revised", "display_name": "application-section-1", "category":"Application", "communication_entries": [ { "description": " comm entry", "display_name": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "action": "ALLOW" } ] } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationMap+

Example Response: { "resource_type": "CommunicationMap", "description": "comm map", "id": "application-section-1", "display_name": "application-section-1", "path": "/infra/domains/vmc/communication-maps/application-section-1", "parent_path": "/infra/domains/vmc", "relative_path": "application-section-1", "communication_entries": [ { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } ], "category": "Application", "precedence": 0, "_create_user": "admin", "_create_time": 1517317362027, "_last_modified_user": "admin", "_last_modified_time": 1517317362027, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_dfw Additional Errors:

List Groups for a domain

List Groups for a domain This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups
Request Headers:
n/a
Query Parameters:
GroupListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
GroupListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "Group", "description": "web group", "id": "webgroup", "display_name": "web group", "path": "/infra/domains/vmc/groups/webgroup", "parent_path": "/infra/domains/vmc", "relative_path": "webgroup", "expression": [ { "resource_type": "Condition", "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "_protection": "NOT_PROTECTED" } ], "_create_user": "admin", "_create_time": 1517308749250, "_last_modified_user": "admin", "_last_modified_time": 1517308749250, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: infra_admin Additional Errors:

Create or update a group

If a group with the group-id is not already present, create a new group.
If it already exists, update the group.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Group+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup { "expression": [ { "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "resource_type": "Condition" } ], "description": "web group", "display_name": "web group", "_revision":0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Group+

Example Response: { "resource_type": "Group", "description": "web group", "id": "webgroup", "display_name": "web group", "path": "/infra/domains/vmc/groups/webgroup", "parent_path": "/infra/domains/vmc", "relative_path": "webgroup", "expression": [ { "resource_type": "Condition", "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "_protection": "NOT_PROTECTED" } ], "_create_user": "admin", "_create_time": 1517308749250, "_last_modified_user": "admin", "_last_modified_time": 1517308749250, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: infra_admin Additional Errors:

Patch a group

If a group with the group-id is not already present, create a new group.
If it already exists, patch the group.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Group+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup { "expression": [ { "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "resource_type": "Condition" } ], "description": "web group", "display_name": "web group" } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: infra_admin Additional Errors:

Delete Group

Delete Group This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
Request Headers:
n/a
Query Parameters:
GroupDeleteRequestParameters+
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: infra_admin Additional Errors:

Read group

Read group This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Group+

Example Response: { "resource_type": "Group", "description": "web group", "id": "webgroup", "display_name": "web group", "path": "/infra/domains/vmc/groups/webgroup", "parent_path": "/infra/domains/vmc", "relative_path": "webgroup", "expression": [ { "resource_type": "Condition", "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "_protection": "NOT_PROTECTED" } ], "_create_user": "admin", "_create_time": 1517308749250, "_last_modified_user": "admin", "_last_modified_time": 1517308749250, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: infra_admin Additional Errors:

List gateway policies

List all gateway policies across all domains ordered by precedence.
Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/gateway-policies
Request Headers:
n/a
Query Parameters:
SecurityPolicyListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/gateway-policies Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
GatewayPolicyListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 2, "results": [ { "resource_type": "GatewayPolicy", "id": "default", "display_name": "/infra/domains/vmc-domain/gateway-policies/default", "path": "/infra/domains/vmc-domain/gateway-policies/default", "parent_path": "/infra/domains/vmc-domain", "relative_path": "default", "precedence": 0, "_create_user": "admin", "_create_time": 1516295469775, "_last_modified_user": "admin", "_last_modified_time": 1516432061800, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 6 }, { "resource_type": "GatewayPolicy", "id": "internal", "display_name": "internal", "path": "/infra/domains/vmc-domain/gateway-policies/internal", "parent_path": "/infra/domains/vmc-domain", "relative_path": "internal", "precedence": 200, "_create_user": "admin", "_create_time": 1516295469778, "_last_modified_user": "admin", "_last_modified_time": 1516295469778, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_edge_fw Additional Errors:

List Services for infra

Paginated list of Services for infra.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/services
Request Headers:
n/a
Query Parameters:
ServiceListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/services Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ServiceListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 402, "results": [ { "resource_type": "Service", "description": "AD Server", "id": "AD_Server", "display_name": "AD Server", "path": "/infra/services/AD_Server", "parent_path": "/infra/services/AD_Server", "relative_path": "AD_Server", "service_entries": [ { "resource_type": "L4PortSetServiceEntry", "id": "AD_Server", "display_name": "AD Server", "path": "/infra/services/AD_Server/service-entries/AD_Server", "parent_path": "/infra/services/AD_Server", "relative_path": "AD_Server", "destination_ports": [ "1024" ], "l4_protocol": "TCP", "_create_user": "system", "_create_time": 1517296380484, "_last_modified_user": "system", "_last_modified_time": 1517296380484, "_system_owned": true, "_protection": "NOT_PROTECTED", "_revision": 0 } ], "_create_user": "system", "_create_time": 1517296380468, "_last_modified_user": "system", "_last_modified_time": 1517296380468, "_system_owned": true, "_protection": "NOT_PROTECTED", "_revision": 0 } } Required Permissions: read Feature: infra_admin Additional Errors:

Delete Service

Delete Service This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/services/<service-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/services/my-http Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: infra_admin Additional Errors:

Read a service

Read a service This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/services/<service-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/services/my-http Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Service+

Example Response: { "resource_type": "Service", "description": "My HTTP", "id": "my-http", "display_name": "My HTTP", "path": "/infra/services/my-http", "parent_path": "/infra/services/my-http", "relative_path": "my-http", "service_entries": [ { "resource_type": "L4PortSetServiceEntry", "id": "MyHttpEntry", "display_name": "MyHttpEntry", "path": "/infra/services/my-http/service-entries/MyHttpEntry", "parent_path": "/infra/services/my-http", "relative_path": "MyHttpEntry", "destination_ports": [ "8080" ], "l4_protocol": "TCP", "_create_user": "admin", "_create_time": 1517310677617, "_last_modified_user": "admin", "_last_modified_time": 1517310677617, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ], "_create_user": "admin", "_create_time": 1517310677604, "_last_modified_user": "admin", "_last_modified_time": 1517310677604, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: infra_admin Additional Errors:

Create or update a Service

Create a new service if a service with the given ID does not already
exist. Creates new service entries if populated in the service.
If a service with the given ID already exists, update the service
including the nested service entries. This is a full replace.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/services/<service-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Service+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/services/my-http { "description": "My HTTP", "display_name": "My HTTP", "_revision": 0, "service_entries": [ { "resource_type": "L4PortSetServiceEntry", "display_name": "MyHttpEntry", "destination_ports": [ "8080" ], "l4_protocol": "TCP" } ] } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Service+

Example Response: { "resource_type": "Service", "description": "My HTTP", "id": "my-http", "display_name": "My HTTP", "path": "/infra/services/my-http", "parent_path": "/infra/services/my-http", "relative_path": "my-http", "service_entries": [ { "resource_type": "L4PortSetServiceEntry", "id": "MyHttpEntry", "display_name": "MyHttpEntry", "path": "/infra/services/my-http/service-entries/MyHttpEntry", "parent_path": "/infra/services/my-http", "relative_path": "MyHttpEntry", "destination_ports": [ "8080" ], "l4_protocol": "TCP", "_create_user": "admin", "_create_time": 1517310677617, "_last_modified_user": "admin", "_last_modified_time": 1517310677617, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ], "_create_user": "admin", "_create_time": 1517310677604, "_last_modified_user": "admin", "_last_modified_time": 1517310677604, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: infra_admin Additional Errors:

Patch a Service

Create a new service if a service with the given ID does not already
exist. Creates new service entries if populated in the service.
If a service with the given ID already exists, patch the service
including the nested service entries.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/services/<service-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Service+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/services/my-http { "description": "My HTTP Patched", "display_name": "My HTTP", "service_entries": [ { "resource_type": "L4PortSetServiceEntry", "display_name": "MyHttpEntry", "destination_ports": [ "8080" ], "l4_protocol": "TCP" } ] } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: infra_admin Additional Errors:

List Service entries for the given service

Paginated list of Service entries for the given service
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/services/<service-id>/service-entries
Request Headers:
n/a
Query Parameters:
ServiceEntryListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ServiceEntryListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 2, "results": [ { "resource_type": "L4PortSetServiceEntry", "id": "MyHttpEntry", "display_name": "MyHttpEntry", "path": "/infra/services/my-http/service-entries/MyHttpEntry", "parent_path": "/infra/services/my-http", "relative_path": "MyHttpEntry", "destination_ports": [ "8080" ], "l4_protocol": "TCP", "_create_user": "admin", "_create_time": 1517310677617, "_last_modified_user": "admin", "_last_modified_time": 1517310677617, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "resource_type": "L4PortSetServiceEntry", "id": "https", "display_name": "MyHttps", "path": "/infra/services/my-http/service-entries/https", "parent_path": "/infra/services/my-http", "relative_path": "https", "destination_ports": [ "7443" ], "l4_protocol": "TCP", "_create_user": "admin", "_create_time": 1517316057383, "_last_modified_user": "admin", "_last_modified_time": 1517316057383, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: infra_admin Additional Errors:

Patch a ServiceEntry

If a service entry with the service-entry-id is not already present,
create a new service entry. If it already exists, patch the service
entry.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/services/<service-id>/service-entries/<service-entry-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
ALGTypeServiceEntry+
EtherTypeServiceEntry+
ICMPTypeServiceEntry+
IGMPTypeServiceEntry+
IPProtocolServiceEntry+
L4PortSetServiceEntry+
L7ServiceEntry+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries/https { "resource_type": "L4PortSetServiceEntry", "display_name": "MyHttps", "destination_ports": [ "9443" ], "l4_protocol": "TCP", } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: infra_admin Additional Errors:

Create or update a ServiceEntry

If a service entry with the service-entry-id is not already present,
create a new service entry. If it already exists, update the service
entry.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/services/<service-id>/service-entries/<service-entry-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
ALGTypeServiceEntry+
EtherTypeServiceEntry+
ICMPTypeServiceEntry+
IGMPTypeServiceEntry+
IPProtocolServiceEntry+
L4PortSetServiceEntry+
L7ServiceEntry+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries/https { "resource_type": "L4PortSetServiceEntry", "display_name": "MyHttps", "destination_ports": [ "7443" ], "l4_protocol": "TCP", "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ALGTypeServiceEntry+
EtherTypeServiceEntry+
ICMPTypeServiceEntry+
IGMPTypeServiceEntry+
IPProtocolServiceEntry+
L4PortSetServiceEntry+
L7ServiceEntry+

Example Response: { "resource_type": "L4PortSetServiceEntry", "id": "https", "display_name": "MyHttps", "path": "/infra/services/my-http/service-entries/https", "parent_path": "/infra/services/my-http", "relative_path": "https", "destination_ports": [ "7443" ], "l4_protocol": "TCP", "_create_user": "admin", "_create_time": 1517316057383, "_last_modified_user": "admin", "_last_modified_time": 1517316057383, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: infra_admin Additional Errors:

Service entry

Service entry This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/services/<service-id>/service-entries/<service-entry-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries/https Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ALGTypeServiceEntry+
EtherTypeServiceEntry+
ICMPTypeServiceEntry+
IGMPTypeServiceEntry+
IPProtocolServiceEntry+
L4PortSetServiceEntry+
L7ServiceEntry+

Example Response: { "resource_type": "L4PortSetServiceEntry", "id": "https", "display_name": "MyHttps", "path": "/infra/services/my-http/service-entries/https", "parent_path": "/infra/services/my-http", "relative_path": "https", "destination_ports": [ "7443" ], "l4_protocol": "TCP", "_create_user": "admin", "_create_time": 1517316057383, "_last_modified_user": "admin", "_last_modified_time": 1517316057383, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: infra_admin Additional Errors:

Delete Service entry

Delete Service entry This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/services/<service-id>/service-entries/<service-entry-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries/https Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: infra_admin Additional Errors:

Policy: Connectivity

Policy: Connectivity: Bgp

Associated URIs:

Create or update BGP routing config

If an BGP routing config not present, create BGP routing config.
If it already exists, update the routing config.
This API is only available when using VMware Cloud on AWS. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
BgpRoutingConfig+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp { "local_as_num": "123" } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: policy_connectivity Additional Errors:

Read BGP routing config

Read BGP routing config This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
BgpRoutingConfig+

Example Response: { "resource_type": "BgpRoutingConfig", "id": "bgp", "display_name": "bgp", "path": "/infra/tier-0s/vmc_prv/locale-services/default/bgp", "parent_path": "/infra/tier-0s/vmc_prv/locale-services/default", "relative_path": "bgp", "local_as_num": "123", "_create_user": "admin", "_create_time": 1516751200877, "_last_modified_user": "admin", "_last_modified_time": 1516751200877, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: policy_connectivity Additional Errors:

Create or update a BGP routing config

If BGP routing config is not already present, create BGP routing config.
If it already exists, replace the BGP routing config with this object.
This API is only available when using VMware Cloud on AWS. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
BgpRoutingConfig+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp { "local_as_num": "123", "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
BgpRoutingConfig+

Example Response: { "resource_type": "BgpRoutingConfig", "id": "bgp", "display_name": "bgp", "path": "/infra/tier-0s/vmc_prv/locale-services/default/bgp", "parent_path": "/infra/tier-0s/vmc_prv/locale-services/default", "relative_path": "bgp", "local_as_num": "123", "_create_user": "admin", "_create_time": 1516751200877, "_last_modified_user": "admin", "_last_modified_time": 1516751200877, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_connectivity Additional Errors:

List BGP neighbor configurations

Paginated list of all BGP neighbor configurations
This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp/neighbors
Request Headers:
n/a
Query Parameters:
BgpNeighborConfigListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
BgpNeighborConfigListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "BgpNeighborConfig", "id": "site1", "display_name": "site1", "path": "/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1", "parent_path": "/infra/tier-0s/vmc_prv/locale-services/default", "relative_path": "site1", "password": "test", "remote_as_num": "12", "neighbor_address": "1.2.3.4", "_create_user": "admin", "_create_time": 1516751318020, "_last_modified_user": "admin", "_last_modified_time": 1516751318020, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_connectivity Additional Errors:

Create or update a BGP neighbor config

If BGP neighbor config with the neighbor-id is not already present, create a new
neighbor config. If it already exists, replace the BGP neighbor config with this object.
This API is only available when using VMware Cloud on AWS. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp/neighbors/<neighbor-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
BgpNeighborConfig+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1 { "neighbor_address": "1.2.3.4", "remote_as_num": "12", "password":"test" } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: policy_connectivity Additional Errors:

Read BGP neighbor config

Read BGP neighbor config This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp/neighbors/<neighbor-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
BgpNeighborConfig+

Example Response: { "resource_type": "BgpNeighborConfig", "id": "site1", "display_name": "site1", "path": "/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1", "parent_path": "/infra/tier-0s/vmc_prv/locale-services/default", "relative_path": "site1", "password": "test", "remote_as_num": "12", "neighbor_address": "1.2.3.4", "_create_user": "admin", "_create_time": 1516751318020, "_last_modified_user": "admin", "_last_modified_time": 1516751318020, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: policy_connectivity Additional Errors:

Create or update a BGP neighbor config

If BGP neighbor config with the neighbor-id is not already present, create a new
neighbor config. If it already exists, replace the BGP neighbor config with this object.
This API is only available when using VMware Cloud on AWS. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp/neighbors/<neighbor-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
BgpNeighborConfig+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1 { "neighbor_address": "1.2.3.4", "remote_as_num": "12", "password":"test", "in_route_filters": [ "/infra/tier-0s/vmc/prefix-lists/plist-1" ], "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
BgpNeighborConfig+

Example Response: { "resource_type": "BgpNeighborConfig", "id": "site1", "display_name": "site1", "path": "/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1", "parent_path": "/infra/tier-0s/vmc_prv/locale-services/default", "relative_path": "site1", "password": "test", "remote_as_num": "12", "neighbor_address": "1.2.3.4", "in_route_filters": [ "/infra/tier-0s/vmc/prefix-lists/plist-1" ], "_create_user": "admin", "_create_time": 1516751318020, "_last_modified_user": "admin", "_last_modified_time": 1516751318020, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_connectivity Additional Errors:

Delete BGP neighbor config

Delete BGP neighbor config This API is only available when using VMware Cloud on AWS. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp/neighbors/<neighbor-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1 Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: policy_connectivity Additional Errors:

Policy: Connectivity: Dhcp

Associated URIs:

List DHCP relay config instances

Paginated list of all DHCP relay config instances
This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/dhcp-relay-configs
Request Headers:
n/a
Query Parameters:
ListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/dhcp-relay-configs Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
DhcpRelayConfigListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "DhcpRelayConfig", "id": "dhcp-relay1", "display_name": "dhcp-relay1", "path": "/infra/dhcp-relay-configs/dhcp-relay1", "parent_path": "/infra", "relative_path": "dhcp-relay1", "server_addresses": [ "10.1.1.1", "10.1.1.2" ] "_create_user": "admin", "_create_time": 1516668826912, "_last_modified_user": "admin", "_last_modified_time": 1516668826912, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_connectivity Additional Errors:

Create or update DHCP relay configuration

If DHCP relay config with the dhcp-relay-config-id is not already present, create a new DHCP relay config instance.
If it already exists, update the DHCP relay config instance with specified attributes.
This API is only available when using VMware Cloud on AWS. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/dhcp-relay-configs/<dhcp-relay-config-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
DhcpRelayConfig+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/dhcp-relay-configs/dhcp-relay1 { "server_addresses": [ "10.1.1.1", "10.1.1.2" ] } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_connectivity Additional Errors:

Create or update DHCP relay configuration

If DHCP relay config with the dhcp-relay-config-id is not already present,
create a new DHCP relay config instance. If it already exists, replace
the DHCP relay config instance with this object.
This API is only available when using VMware Cloud on AWS. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/dhcp-relay-configs/<dhcp-relay-config-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
DhcpRelayConfig+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/dhcp-relay-configs/dhcp-relay1 { "server_addresses": [ "10.1.1.1", "10.1.1.2" ], "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
DhcpRelayConfig+

Example Response: { "resource_type": "DhcpRelayConfig", "id": "dhcp-relay1", "display_name": "dhcp-relay1", "path": "/infra/dhcp-relay-configs/dhcp-relay1", "parent_path": "/infra", "relative_path": "dhcp-relay1", "server_addresses": [ "10.1.1.1", "10.1.1.2" ] "_create_user": "admin", "_create_time": 1516668826912, "_last_modified_user": "admin", "_last_modified_time": 1516668826912, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_connectivity Additional Errors:

Delete DHCP relay configuration

Delete DHCP relay configuration This API is only available when using VMware Cloud on AWS. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/dhcp-relay-configs/<dhcp-relay-config-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/dhcp-relay-configs/dhcp-relay1 Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_connectivity Additional Errors:

Read DHCP relay configuration

Read DHCP relay configuration This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/dhcp-relay-configs/<dhcp-relay-config-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/dhcp-relay-configs/dhcp-relay1 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
DhcpRelayConfig+

Example Response: { "resource_type": "DhcpRelayConfig", "id": "dhcp-relay1", "display_name": "dhcp-relay1", "path": "/infra/dhcp-relay-configs/dhcp-relay1", "parent_path": "/infra", "relative_path": "dhcp-relay1", "server_addresses": [ "10.1.1.1", "10.1.1.2" ] "_create_user": "admin", "_create_time": 1516668826912, "_last_modified_user": "admin", "_last_modified_time": 1516668826912, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: policy_connectivity Additional Errors:

Policy: Connectivity: Segments

Associated URIs:

List all segments under tier-1 instance

Paginated list of all segments under tier-1 instance
This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments
Request Headers:
n/a
Query Parameters:
SegmentListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw/segments Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
SegmentListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "Segment", "id": "web-tier", "display_name": "web-tier", "path": "/infra/tier-1s/cgw/segments/web-tier", "parent_path": "/infra/tier-1s/cgw", "relative_path": "web-tier", "subnets": [ { "gateway_address": "40.1.1.1/16", "dhcp_ranges": [ "40.1.2.0/24" ] } ], "_create_user": "admin", "_create_time": 1516668961954, "_last_modified_user": "admin", "_last_modified_time": 1516668961954, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_connectivity Additional Errors:

Create or update a segment

If segment with the segment-id is not already present, create a new segment.
If it already exists, update the segment with specified attributes.
This API is only available when using VMware Cloud on AWS. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Segment+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw/segments/web-tier { "display_name":"web-tier", "subnets": [ { "gateway_address": "40.1.1.1/16", "dhcp_ranges": [ "40.1.2.0/24" ] } ] } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: policy_connectivity Additional Errors:

Create or update a segment

If segment with the segment-id is not already present, create a new segment.
If it already exists, replace the segment with this object.
This API is only available when using VMware Cloud on AWS. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Segment+

Example Request: PUT https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw/segments/web-tier { "display_name":"web-tier", "subnets": [ { "gateway_address": "40.1.1.1/16", "dhcp_ranges": [ "40.1.2.0/24" ] } ], "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Segment+

Example Response: { "resource_type": "Segment", "id": "web-tier", "display_name": "web-tier", "path": "/infra/tier-1s/cgw/segments/web-tier", "parent_path": "/infra/tier-1s/cgw", "relative_path": "web-tier", "subnets": [ { "gateway_address": "40.1.1.1/16", "dhcp_ranges": [ "40.1.2.0/24" ] } ], "_create_user": "admin", "_create_time": 1516668961954, "_last_modified_user": "admin", "_last_modified_time": 1516668961954, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: policy_connectivity Additional Errors:

Delete segment

Delete segment This API is only available when using VMware Cloud on AWS. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw/segments/web-tier Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: policy_connectivity Additional Errors:

Read segment

Read segment This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw/segments/web-tier Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Segment+

Example Response: { "resource_type": "Segment", "id": "web-tier", "display_name": "web-tier", "path": "/infra/tier-1s/cgw/segments/web-tier", "parent_path": "/infra/tier-1s/cgw", "relative_path": "web-tier", "subnets": [ { "gateway_address": "40.1.1.1/16", "dhcp_ranges": [ "40.1.2.0/24" ] } ], "_create_user": "admin", "_create_time": 1516668961954, "_last_modified_user": "admin", "_last_modified_time": 1516668961954, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: policy_connectivity Additional Errors:

Create or update a static ARP config

Create static ARP config with tier-1 and segment IDs provided if it doesn't exist,
update with provided config if it's already created.
This API is only available when using VMware Cloud on AWS. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>/static-arp
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
StaticARPConfig+

Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: policy_connectivity Additional Errors:

Create or update a static ARP config

Create static ARP config with tier-1 and segment IDs provided if it doesn't exist,
update with provided config if it's already created.
This API is only available when using VMware Cloud on AWS. Request:
Method:
PUT
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>/static-arp
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
StaticARPConfig+

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
StaticARPConfig+

Required Permissions: crud Feature: policy_connectivity Additional Errors:

Delete static ARP config

Delete static ARP config This API is only available when using VMware Cloud on AWS. Request:
Method:
DELETE
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>/static-arp
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: policy_connectivity Additional Errors:

Read static ARP config

Read static ARP config This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>/static-arp
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
StaticARPConfig+

Required Permissions: read Feature: policy_connectivity Additional Errors:

Policy: Connectivity: Tier-1

Associated URIs:

List Tier-1 instances

Paginated list of all tier-1 instances
This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/tier-1s
Request Headers:
n/a
Query Parameters:
Tier1ListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tier-1s Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Tier1ListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "Tier1", "id": "cgw", "display_name": "/infra/tier-1s/cgw", "path": "/infra/tier-1s/cgw", "parent_path": "/infra/tier-1s/cgw", "relative_path": "cgw", "tier0_path": "/infra/tier-0s/vmc_prv", "force_whitelisting": false, "_create_user": "admin", "_create_time": 1516668826912, "_last_modified_user": "admin", "_last_modified_time": 1516668826912, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: policy_connectivity Additional Errors:

Read tier-1 configuration

Read tier-1 configuration This API is only available when using VMware Cloud on AWS. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
Tier1+

Example Response: { "resource_type": "Tier1", "id": "cgw", "display_name": "/infra/tier-1s/cgw", "path": "/infra/tier-1s/cgw", "parent_path": "/infra/tier-1s/cgw", "relative_path": "cgw", "tier0_path": "/infra/tier-0s/vmc_prv", "force_whitelisting": false, "_create_user": "admin", "_create_time": 1516668826912, "_last_modified_user": "admin", "_last_modified_time": 1516668826912, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: policy_connectivity Additional Errors:

Create or update tier-1 configuration

If tier-1 with the tier-1-id is not already present, create a new tier-1 instance.
If it already exists, update the tier-1 instance with specified attributes.
This API is only available when using VMware Cloud on AWS. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
Tier1+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw { "tier0_path": "/infra/tier-0s/vmc_prv", } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: execute Feature: policy_connectivity Additional Errors:

Policy: Dfw

Associated URIs:

List CommunicationEntries

List CommunicationEntries This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries
Request Headers:
n/a
Query Parameters:
CommunicationEntryListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1/communication-entries Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationEntryListResult+

Example Response: { "sort_ascending": true, "sort_by": "display_name", "result_count": 1, "results": [ { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } ] } Required Permissions: read Feature: policy_dfw Additional Errors:

Read CommunicationEntry

Read CommunicationEntry This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CommunicationEntry+

Example Response: { "resource_type": "CommunicationEntry", "description": " comm entry", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1", "parent_path": "/infra/domains/vmc/communication-maps/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } Required Permissions: read Feature: policy_dfw Additional Errors:

Patch a CommunicationEntry

Patch the CommunicationEntry.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
CommunicationEntry+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1 { "description": " comm entry", "display_name": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc_domain/groups/webgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc_domain/groups/dbgroup" ], "scope": [ "ANY" ], "action": "DROP", "services": [ "ANY" ] } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: policy_dfw Additional Errors:

Create or update a CommunicationEntry

Update the CommunicationEntry. If a CommunicationEntry with the communication-entry-id
is not already present, this API fails with a 404. Creation of CommunicationEntries
is not allowed using this API.
Th