NSX-T Data Center API Guide

NSX-T Data Center 2.5.0

Table of Contents

  1. Overview
  2. API Methods
    1. AAA
    2. Cloud Service Manager
      1. AWS
        1. VPCS
          1. Security Groups
          2. Service Endpoints
      2. AWS Accounts
      3. AWS Gateway AMIS
      4. AWS Gateways
      5. AWS Key Pairs
      6. AWS Regions
      7. AWS Resources
      8. AWS VPCS
      9. Accounts Statistics
      10. Azure
        1. Security Groups
        2. Vnets
          1. Service Endpoints
      11. Azure Accounts
      12. Azure Gateways
      13. Azure IP Allocations
      14. Azure Regions
      15. Azure Resources
      16. Azure Vnets
      17. Cloud Service Manager
      18. NSX Manager Accounts
      19. Proxy Server Profile
      20. VPN
      21. Virtual Machines
    3. Management Plane API
      1. AAA
      2. API Services
        1. API Request Batching
        2. Authentication
        3. Task Management
      3. Aggregation Service
        1. Configuration
      4. App Discovery
      5. Appliance Management
      6. Associations
      7. Capacity Dashboard
      8. Cluster
        1. Nodes
          1. Deployments
      9. Configs
        1. Inventory
      10. Dashboard
      11. Directory Service
      12. Error Resolver
      13. Fabric
        1. Compute Collections
        2. Compute Managers
        3. Container Applications
        4. Container Clusters
        5. Container Projects
        6. Discovered Nodes
        7. Nodes
        8. VIFS
        9. Virtual Machines
      14. Global-Configs
      15. Grouping Objects
        1. IP Sets
        2. MAC Sets
        3. NS Groups
        4. NS Profiles
        5. NS Service Groups
        6. NS Services
      16. Identity Firewall
        1. Configuration
        2. Monitoring
        3. Realization Data
      17. Licensing
      18. Logical Routing And Services
        1. BFD Peers
        2. DHCP Relay
        3. DHCP Relay Profiles
        4. Logical Router Ports
        5. Logical Routers
        6. NAT
        7. Routing BFD Configuration
        8. Routing Configuration
      19. Logical Switching
        1. Logical Switch Ports
        2. Logical Switches
        3. Switching Profiles
      20. Migration
        1. Feedback
        2. Group
        3. Migrationunits
        4. Nodes
        5. Plan
        6. Setup
        7. Stats
        8. Status
        9. User Inputs
      21. NSX Component Administration
        1. Appliance
        2. Appliance Management
        3. Backup Restore Management
          1. Backup
          2. Restore
        4. Cluster Management
        5. NSX Administration
        6. System Properties
        7. Trust Management
          1. CRL
          2. CSR
          3. Certificate
      22. NSX Notifications
      23. Network Transport
        1. Bridge Clusters
        2. Bridge Endpoint Profiles
        3. Bridge Endpoints
        4. Cluster Profiles
        5. Edge Clusters
        6. Failure Domains
        7. Hostswitch Profiles
        8. Transport Node Collections
        9. Transport Node Profiles
        10. Transport Nodes
        11. Transport Profiles
        12. Transport Zones
      24. Normalization
      25. Operations
        1. IPFIX
        2. LLDP
      26. Pool Management
        1. IP Blocks
        2. IP Pools
        3. MAC Pools
        4. VNI Pools
        5. VTEP Label Pools
      27. Proxy Configuration
      28. Realization
      29. Service Config
      30. Services
        1. DHCP
        2. DNS
        3. Firewall
        4. Loadbalancer
        5. Metadata Proxy
        6. Policy Based Routing
        7. Service Insertion
      31. Telemetry Configuration
      32. Troubleshooting And Monitoring
        1. Healthcheck
        2. IPFIX
        3. Packet Capture
        4. Port Connection
        5. Port Mirroring
        6. Traceflow
      33. Unified Nsgroup Profile Management
        1. Profiles
      34. Upgrade
        1. Bundle
        2. Bundles
        3. Group
        4. History
        5. Nodes
        6. Plan
        7. Status
        8. Upgrade Units
      35. VPN
        1. IPSEC
          1. DPD Profiles
          2. IKE Profiles
          3. Local Endpoints
          4. Peer Endpoints
          5. Services
          6. Sessions
          7. Tunnel Profiles
        2. L2VPN
          1. Services
          2. Sessions
        3. Statistics
          1. IKE Service
          2. IKE Sessions Status
          3. L2VPN Remote MACS
          4. L2VPN Session Statistics
          5. L2VPN Session Status
          6. L2VPN Sessions Summary
          7. Reset Sessions Statistics
          8. Sessions Statistics
          9. Sessions Summary
    4. Nsx-Intelligence
      1. Deployments
      2. Host
    5. Policy
      1. Draft
      2. Infra
        1. Certificates
          1. Certification Revocation List
        2. Constraints
        3. Deployment Zones
        4. Domains
          1. Domain Deployment Maps
        5. Enforcement Points
        6. Global Config
        7. Hierarchical API
        8. Labels
        9. Sites
      3. Inventory
        1. Context Profiles
        2. Groups
          1. Group Members
        3. Services
      4. Networking
        1. Connectivity
          1. Routing
            1. Bgp
            2. Community List
            3. Prefix List
            4. Route Map
            5. Static Routes
            6. Tiers-0 Gateways
              1. Tiers-0 Deployment Maps
              2. Tiers-0 Locale Services
            7. Tiers-1 Gateways
          2. Segment Profiles
            1. Discovery Profile Binding
            2. IP Discovery Profiles
            3. MAC Discovery Profiles
            4. Monitoring Profile Binding
            5. QOS
            6. QOS Profile Binding
            7. Security Profile Binding
            8. Segment Security Profiles
            9. Spoofguard Profiles
          3. Segments
        2. IP Management
          1. DHCP
            1. DHCP Relay Configs
            2. DHCP Server Configs
          2. DNS
            1. DNS Forwarder
          3. IP Address Pools
            1. IP Blocks
            2. IP Pools
          4. IPV6 Profiles
        3. Network Services
          1. Forwarding Policies
          2. Load Balancing
            1. Load Balancer Pools
            2. Load Balancer Profiles
              1. Load Balancer Application Profiles
              2. Load Balancer Monitor Profiles
              3. Load Balancer Persistence Profiles
              4. Load Balancer SSL Profiles
                1. Load Balancer Client SSL Profiles
                2. Load Balancer SSL Ciphers And Protocols
                3. Load Balancer Server SSL Profiles
            3. Load Balancer Services
            4. Load Balancer Usage
              1. Statistics
              2. Status
              3. Usage
            5. Load Balancer Virtual Servers
          3. NAT
          4. VPN
            1. IPSEC
              1. DPD Profiles
              2. IKE Profiles
              3. IPSEC Profiles
              4. Local Endpoints
              5. Services
              6. Sessions
              7. Statistics
              8. Status
            2. L2VPN
              1. Services
              2. Sessions
              3. Statistics
              4. Status
      5. Operations
        1. Compliance
        2. Finetuning
        3. IPFIX
          1. Firewall IPFIX Collectors
          2. Firewall IPFIX Profiles
          3. Switch IPFIX Collectors
          4. Switch IPFIX Profiles
        4. Port Mirroring
      6. Realized State
      7. Security
        1. Distributed Firewall
          1. Statistics
        2. Firewall Config
        3. Gateway Firewall
          1. Statistics
        4. Guest Introspection
        5. Profiles
          1. DNS Security
          2. Flood Protection
          3. Monitoring Profiles
          4. Session Timer
        6. Service Insertion
          1. Partner Services
          2. Redirection Policies
          3. Service Chains
          4. Service Definitions
          5. Service Instances
          6. Service References
    6. Upgrade
      1. Node Upgrade
  3. API Types
  4. API Type Schemas
  5. API Errors
  6. Deprecated Types and Methods


Overview

Introduction

NSX-T Data Center provides a programmatic API to automate management activities. The API follows a resource-oriented Representational State Transfer (REST) architecture, using JSON object encoding. Clients interact with the API using RESTful web service calls over the HTTPS protocol.

Each API method is identified by a request method and URI. Method parameters are specified as key-value pairs appended to the URI. Unless otherwise noted, request and response bodies are encoded using JSON, and must conform to the JSON schema associated with each method. The content type of each request and reply is "application/json" unless otherwise specified. Each request that can be made is documented in the API Methods section. The associated request and response body schemas are documented in the API Schemas section.

Some APIs may be marked as deprecated. This indicates that the functionality provided by the API has been removed or replaced with a different API. The description of the API will indicate what API(s) to call instead.

Some APIs may be marked as experimental. This indicates that the API may be changed or removed without notice in a future NSX-T Data Center release.

It is possible for any request to fail. Errors are reported using standard HTTP response codes. It should be assumed the following errors could be returned by any API method: 301 Moved Permanently, 307 Temporary Redirect, 400 Bad Request, 401 Unauthorized, 403 Forbidden, 500 Internal Server Error, 503 Service Unavailable. Where other errors may be returned, the type of error is indicated in the API method description. All errors are documented in the API Errors section.

Request Authentication

Most API calls require authentication. This API supports several different authentication schemes, which are documented in this section. Multiple authentication schemes may not be used concurrently.

HTTP Basic Authentication

To authenticate a request using HTTP Basic authentication, the caller's credentials are passed using the 'Authorization' header. The header content should consist of a base64-encoded string containing the username and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.

For example, to authenticate a request using the credentials of user admin with password admin, include the following header with the request:

Authorization: Basic YWRtaW46YWRtaW4=

The following cURL command will authenticate to the manager using basic authentication and will issue a GET request for logical ports:

curl -k -u USERNAME:PASSWORD https://MANAGER/api/v1/logical-ports

where:
USERNAME is the user to authenticate as,
PASSWORD is the password to provide, and
MANAGER is the IP address or host name of the NSX manager

For example:

curl -k -u admin:secretPw99 https://192.168.22.32/api/v1/logical-ports

Note: the -k argument instructs cURL to skip verifying the manager's self-signed X.509 certificate. It is more secure to verify that the server's certificate is signed by a Certificate Authority (CA) that you trust. To do that, omit the -k argument and use the --cacert <ca-file> option, where <ca-file> is a PEM-formatted file containing the CA certificate to trust.

For example:

curl --cacert /home/me/certs/rootca.crt -u admin:secretPw99 https://192.168.22.32/api/v1/logical-ports

Additional cURL examples below use the -k flag, but you can always substitute the --rootca <ca-file> argument for additional security.

Authenticating to vIDM

When NSX-T is configured to use VMware Identity Manager (vIDM) for authentication, you supply an Authorization header with an authentication type of "Remote". The header content should consist of a base64-encoded string containing the username@domain and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.

For example, to authenticate a request using the credentials of user jsmith@example.com with password Sk2LkPM!, include the following header with the request:

Authorization: Remote anNtaXRoQGV4YW1wbGUuY29tOlNrMkxrUE0h

The following cURL command will authenticate to the manager using basic authentication and will issue a GET request for logical ports:

curl -k -H "Authorization: Remote BASE64" https://MANAGER/api/v1/logical-ports

where:
BASE64 is the base64-encoded string containing the username@domain and password separated by a single colon (":"), and
MANAGER is the IP address or host name of the NSX manager

For example:

curl -k H "Authorization: Remote anNtaXRoQGV4YW1wbGUuY29tOlNrMkxrUE0h" https://192.168.22.32/api/v1/logical-ports

Note: the -k argument instructs cURL to skip verifying the manager's self-signed X.509 certificate.

Session-Based Authentication

Session-based authentication is used by calling the /api/session/create authentication API to manage a session cookie. The session cookie returned in the result of a successful login must be provided in subsequent requests in order to associate those requests with the session.

Session state is local to the server responding to the API request. Idle sessions will automatically time-out, or can be terminated immediately using the POST /api/session/destroy API.

To obtain a session cookie, POST form data to the server using the application/x-ww-form-urlencoded media type, with fields "j_username" and "j_password" containing the username and password separated by an ampersand. Since an ampersand is a UNIX shell metacharacter, you may need to surround the argument with single quotes.

The following cURL command will authenticate to the server, will deposit the session cookie in the file "cookies.txt", and will write all HTTP response headers to the file headers.txt. One of these headers is the X-XSRF-TOKEN header that you will need to provide in subsequent requests.

curl -k -c cookies.txt -D headers.txt -X POST -d 'j_username=USERNAME&j_password=PASSWORD' https://MANAGER/api/session/create

For example:

curl -k -c cookies.txt -D headers.txt -X POST -d 'j_username=admin&j_password=secretPw99' https://192.168.22.32/api/session/create

The manager will respond with the roles and permissions granted to the user, and cURL will deposit the session cookie into the file "cookies.txt".

In subsequent cURL requests, use the -b argument to specify the cookie file. You also need to pass the X-XSRF-TOKEN header that was saved to the headers.txt file, using cURL's -H option:

curl -k -b cookies.txt -H "`grep X-XSRF-TOKEN headers.txt`" https://192.168.22.32/api/v1/logical-ports

When the session expires, the manager will respond with a 403 Forbidden HTTP response, at which point you must obtain a new session cookie and X-XSRF-TOKEN.

Session cookies can be destroyed by using the /api/session/destroy API:

curl -k -b cookies.txt -H "`grep X-XSRF-TOKEN headers.txt`" -X POST https://MANAGER/api/session/destroy

Authentication in VMware Cloud on AWS (VMC)

To make API calls to an NSX-T Manager in the VMware Cloud on AWS service (VMC), you need to gather a few pieces of information:

  1. Your VMC Organization ID
  2. Your Software Defined Data Center (SDDC) ID
  3. Your API token

All of this information is available in the VMC web console, https://console.cloud.vmware.com

In VMC, you always exchange your API token for a limited-duration authentication token, which you then pass in a header with your API calls. This authentication token is valid for 30 minutes. After that time, you must obtain a new authentication token using your API token. If you use an expired authentication token, the API call will be rejected.

To obtain an authentication token, you issue a POST request to the URL https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize, passing your API token in a form. To do this with cURL:

curl https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize -d refresh_token=<token>

For example, if your refresh token is aB1jtC5yk2rDL6A1KPxzM0W4D7OeHFUNuXFHZidufYS3fIwn60ZRag0Y9dvX15Qv, the command will be:

curl https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize -d refresh_token=aB1jtC5yk2rDL6A1KPxzM0W4D7OeHFUNuXFHZidufYS3fIwn60ZRag0Y9dvX15Qv

You will receive a JSON response with several properties. The "access_token" property contains the token you will need to provide with your API requests. An easy way to parse this token out of the response is to use the "jq" utility. For example:

curl https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize -d refresh_token=aB1jtC5yk2rDL6A1KPxzM0W4D7OeHFUNuXFHZidufYS3fIwn60ZRag0Y9dvX15Qv | jq --raw-output '.access_token'

produces just the access token. You can set an environment variable with the correct authentication header with:

export AUTH_HDR="csp-auth-token: `curl https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize -d refresh_token=aB1jtC5yk2rDL6A1KPxzM0W4D7OeHFUNuXFHZidufYS3fIwn60ZRag0Y9dvX15Qv | jq --raw-output '.access_token'`"

The AUTH_HDR environment variable now contains the authentication header. The token itself will be a long string of characters and digits.

Once you have your authentication token, you need to determine the URL for accessing the NSX-T manager in your SDDC. To do that, you issue a GET request to the endpoint https://vmc.vmware.com/vmc/api/orgs/<org-id>/sddcs/<sddc-id>, where <org-id> is your organization's ID and <sddc-id> is your SDDC's ID. The URL of the NSX-T manager will be in the resource_config.nsx_api_public_endpoint_url property. For example, if your organizations's ID is a003c3a5-3f68-4a8c-a74f-f79a0625da17 and your SDDC is 449369c7-7936-4f7f-b46e-624cdb2a0a99:

curl -H "$AUTH_HDR" https://vmc.vmware.com/vmc/api/orgs/a003c3a5-3f68-4a8c-a74f-f79a0625da17/sddcs/449369c7-7936-4f7f-b46e-624cdb2a0a99 | jq --raw-output ".resource_config.nsx_api_public_endpoint_url"

The output will look like:

https://nsx-52-41-15-143.rp.vmwarevmc.com/vmc/reverse-proxy/api/orgs/a003c3a5-3f68-4a8c-a74f-f79a0625da17/sddcs/449369c7-7936-4f7f-b46e-624cdb2a0a99/sks-nsxt-manager

This is the URL you should use to access your NSX-T manager from the internet. Append the particular API's URL to this base URL. For example, to list all domains, the API is "/policy/api/v1/infra/domains", so the full request will look like the following:

curl -q -H "$AUTH_HDR" https://nsx-52-41-15-143.rp.vmwarevmc.com/vmc/reverse-proxy/api/orgs/a003c3a5-3f68-4a8c-a74f-f79a0625da17/sddcs/449369c7-7936-4f7f-b46e-624cdb2a0a99/sks-nsxt-manager/policy/api/v1/infra/domains

Example Requests and Responses

Example requests and responses are provided for most of the API calls below. Your actual response might differ from the example in the number of fields returned because optional empty fields are not returned when you make an API call.

Restrictions on Certain Fields in a Request

When configuring layer 2 switching, the following fields can contain any character except semicolon (;), vertical bar (|), equal sign (=), comma (,), tilde (~), and the "at" sign (@). They also have a length limitation as specified below:

Optimistic Concurrency Control and the _revision property

Overview

In order to prevent one client from overwriting another client's updates, NSX-T employs a technique called optimistic concurrency control.

All REST payloads contain a property named "_revision". This is an integer that is incremented each time an existing resource is updated. Clients must provide this property in PUT requests and it must match the current _revision or the update will be rejected. This guards against the following situation:

Client 1 reads resource A.

Client 2 reads resource A.

Client 1 replaces the display_name property of resource A and does a PUT to replace the resource.

Client 2 replaces is different property of resource A and attempts to perform a PUT operation.

Without optimistic concurrency control, Client 2's update would overwrite Client 1's update to the display_name property. Instead, Client 2 receives a 409 Conflict error. To recover, Client 2 must fetch the resource again, apply the change, and perform a PUT.

Exceptions for /policy APIs

APIs whose URI begins with /policy have slightly different behavior. For those APIs, the _revision property must not be set when PUT is used to create a new resource. Once the resource is created, however, the _revision property must be provided with PUT operations.

PATCH and _revision for /policy APIs

APIs whose URI begins with /policy support the PATCH operation. Those APIs do not require that the _revision property be provided. A client can, however, request that the _revision property be checked when it is performing a PATCH in the /infra path. To do this, the client should pass the query parameter enforce_revision_check, e.g. PATCH /infra?enforce_revision_check=true.

Partial patching of objects is not allowed using the PATCH operation unless explicitly mentioned. In other words, the entire payload of object is expected to be provided in both PUT and PATCH operations for the /policy APIs.

OpenAPI Specification of NSX-T APIs

You can download OpenAPI specifications for the various NSX-T APIs at the following URLs:

NSX-T Data Center Manager API:
APIs for NSX-T administration; node and cluster management APIs and fabric management APIs for on-premise customers.

NSX-T Data Center Manager API:
APIs for managing logical networking in NSX-T for on-premise customers. NSX VMC Policy API:
APIs for managing logical networking in NSX-T for VMware Cloud on AWS customers. NSX VMC AWS Integration API:
APIs for managing AWS underlay networking for VMware Cloud on AWS customers.


API Methods

Toggle all tables +

AAA

Associated URIs:

Get effective object permissions to object specified by path for current user. (Experimental)

Returns none if user doesn't have access or feature_name from required request parameter
is empty/invalid/doesn't match with object-path provided.
This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/aaa/effective-permissions
Request Headers:
n/a
Query Parameters:
FeaturePermissionRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/aaa/effective-permissions?object_path=infra/domains/mgw&feature_name=infra_admin Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
PathPermissionGroup+

Example Response: { "operation": "crud", "object_path": "infra/domains/MGW" } Required Permissions: none Feature: policy_rbac Additional Errors:

Delete object-permissions entries (Experimental)

This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
DELETE
URI Path:
/policy/api/v1/aaa/object-permissions
Request Headers:
n/a
Query Parameters:
ObjectRolePermissionGroupListRequestParameters+
Request Body:
n/a

Example Request: DELETE https://<policy-mgr>/policy/api/v1/aaa/object-permissions?role_name=cloud_admin&path_prefix=infra/domains/MGW Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_rbac Additional Errors:

Get list of Object-level RBAC entries. (Experimental)

This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
GET
URI Path:
/policy/api/v1/aaa/object-permissions
Request Headers:
n/a
Query Parameters:
ObjectRolePermissionGroupListRequestParameters+
Request Body:
n/a

Example Request: GET https://<policy-mgr>/policy/api/v1/aaa/object-permissions?path_prefix=infra/domains/MGW Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ObjectRolePermissionGroupListResult+

Example Response: { "result_count": 2, "results": [ { "role_name": "cloud_admin", "operation": "crud", "path_prefix": "infra/domains/MGW" }, { "role_name": "cloud_auditor", "operation": "none", "path_prefix": "infra/domains/MGW/CommunicationProfile1" } ] } Required Permissions: read Feature: policy_rbac Additional Errors:

Create/update object permission mappings (Experimental)

This API is available when using VMware Cloud on AWS or VMware NSX-T. Request:
Method:
PATCH
URI Path:
/policy/api/v1/aaa/object-permissions
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
ObjectRolePermissionGroup+

Example Request: PATCH https://<policy-mgr>/policy/api/v1/aaa/object-permissions { "role_name": "cloud_admin", "operation": "crud", "path_prefix": "infra/MGW" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
n/a

Example Response: 200 OK Required Permissions: crud Feature: policy_rbac Additional Errors:

Cloud Service Manager

Cloud Service Manager: AWS Accounts

Associated URIs:

Add a AWS account to cloud serivce manager

Request:
Method:
POST
URI Path:
/api/v1/csm/aws/accounts
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AwsAccount+

Example Request: POST https://<nsx-csm>/api/v1/csm/aws/accounts { "display_name": "Account ABC", "cloud_type": "AWS", "cloud_tags_enabled" : true, "tenant_id": "123", "auth_method": "CREDENTIALS", "credentials": { "access_key": "A1B1C1", "secret_key": "a2b2c2", "gateway_role": "test-role" } } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsAccount+

Example Response: { "id": "d02af61a-e212-486e-b6c8-10462ccfbad6", "display_name": "Account ABC", "tenant_id": "123", "cloud_type": "AWS", "cloud_tags_enabled" : true, "auth_method": "CREDENTIALS", "credentials": { "gateway_role": "test-role" } "instance_stats": { "managed": 0, "unmanaged": 0, "error": 0 }, "vpc_stats": { "managed": 0, "unmanged": 0 }, "regions_count": 0, "status": { "inventory_sync_status": "IN_PROGRESS", "inventory_sync_state": "SYNCING_AWS_REGIONS" } } Required Permissions: crud Feature: cloud_accounts Additional Errors:

Return a list of all AWS accounts

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/accounts
Request Headers:
n/a
Query Parameters:
AwsAccountsListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/accounts?region_id=us-west-2 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsAccountsListResult+

Example Response: { "all_accounts_vpc_stats": { "managed": 2, "unmanaged": 4 }, "all_accounts_instance_stats": { "managed": 12, "unmanaged": 22, "error": 1 } } Required Permissions: read Feature: cloud_accounts Additional Errors:

Update a AWS account information

Request:
Method:
PUT
URI Path:
/api/v1/csm/aws/accounts/<account-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AwsAccount+

Example Request: PUT https://<nsx-csm>/api/v1/csm/aws/accounts/9174ffd1-41b1-42d6-a28d-05c61a0698e2 { "display_name": "New Name", "cloud_type": "AWS" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsAccount+

Example Response: { "id": "d02af61a-e212-486e-b6c8-10462ccfbad6", "display_name": "New Name", "tenant_id": "123", "cloud_type": "AWS", "cloud_tags_enabled" : true, "auth_method": "CREDENTIALS", "credentials": { "gateway_role": "test-role" } "instance_stats": { "managed": 63, "unmanaged": 25, "error": 1 }, "vpc_stats": { "managed": 4, "unmanaged": 7 }, "regions_count": 4, "status": { "inventory_sync_status": "SYNCED", "inventory_sync_state": "NOT_APPLICABLE", "credentials_status": "VALID" } } Required Permissions: crud Feature: cloud_accounts Additional Errors:

Returns the details of the particular AWS account

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/accounts/<account-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/accounts/9174ffd1-41b1-42d6-a28d-05c61a0698e2 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsAccount+

Example Response: { "id": "d02af61a-e212-486e-b6c8-10462ccfbad6", "display_name": "Account ABC", "tenant_id": "123", "cloud_type": "AWS", "cloud_tags_enabled" : true, "auth_method": "CREDENTIALS", "credentials": { "gateway_role": "test-role" } "instance_stats": { "managed": 63, "unmanaged": 25, "error": 1 }, "vpc_stats": { "managed": 4, "unmanaged": 7 }, "regions_count": 4, "status": { "inventory_sync_status": "SYNCED", "inventory_sync_state": "NOT_APPLICABLE", "credentials_status": "VALID" } } Required Permissions: read Feature: cloud_accounts Additional Errors:

Delete AWS account information

Request:
Method:
DELETE
URI Path:
/api/v1/csm/aws/accounts/<account-id>
Request Headers:
n/a
Query Parameters:
DeleteRequestParameters+
Request Body:
n/a

Example Request: DELETE https://<nsx-csm>/api/v1/csm/aws/accounts/ DELETE https://<nsx-csm>/api/v1/csm/aws/accounts/?force=true Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: cloud_accounts Additional Errors:

Return status of the account like credentials validity, inventory synchronization status and inventory synchronization state

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/accounts/<account-id>/status
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/accounts/ d02af61a-e212-486e-b6c8-10462ccfbad6/status Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsAccountStatus+

Example Response: { "inventory_sync_status": "IN_PROGRESS", "inventory_sync_state": "SYNCING_AWS_VPCS", "credentials_status": "VALID" } Required Permissions: read Feature: cloud_accounts Additional Errors:

Synchronizes Aws account related inventory like Regions, Vpcs, Instances Status of inventory synchronization can be known from Aws account status api

Request:
Method:
POST
URI Path:
/api/v1/csm/aws/accounts/<account-id>?action=sync_inventory
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: POST https://<nsx-csm>/api/v1/csm/aws/accounts/ d02af61a-e212-486e-b6c8-10462ccfbad6?action=sync_inventory Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: cloud_accounts Additional Errors:

Cloud Service Manager: AWS Gateway AMIS

Associated URIs:

DEPRECATED. This API is needed only in NSX Cloud as a Service workflow, which is discontinued. Registers a AWS Gateway AMI for the region specified in the body. One can register only one gateway AMI ID per region. If a gateway AMI is already registered with a region, user is expected to use update API to overwrite the registerd AMI for a region. (Deprecated)

Request:
Method:
POST
URI Path:
/api/v1/csm/aws/gateway-amis
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AwsGatewayAmiInfo+

Example Request: POST https://<nsx-csm>/api/v1/csm/aws/gateway-amis { "region_id": "us-west-2", "ami_id": "ami-123" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsGatewayAmiInfo+

Example Response: { "region_id": "us-west-2", "ami_id": "ami-123", "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: ami_region_mapping Additional Errors:

DEPRECATED. This API is needed only in NSX Cloud as a Service workflow, which is discontinued. Returns a list of Aws Gateway Amis. (Deprecated)

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/gateway-amis
Request Headers:
n/a
Query Parameters:
AwsGatewayAmisListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/gateway-amis/ Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsGatewayAmisListResult+

Example Response: { "results": [ { "region_id": "us-west-1", "ami_id": "ami-789", "_protection": "NOT_PROTECTED", "_revision": 0 }, { "region_id": "us-west-2", "ami_id": "ami-123", "_protection": "NOT_PROTECTED", "_revision": 0 } ] } Required Permissions: read Feature: ami_region_mapping Additional Errors:

DEPRECATED. This API is needed only in NSX Cloud as a Service workflow, which is discontinued. Returns AWS Gateway AMI for a particular region. (Deprecated)

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/gateway-amis/<region-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/gateway-amis/us-west-2 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsGatewayAmiInfo+

Example Response: { "region_id": "us-west-2", "ami_id": "ami-123", "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: read Feature: ami_region_mapping Additional Errors:

DEPRECATED. This API is needed only in NSX Cloud as a Service workflow, which is discontinued. Update a AWS Gateway AMI. (Deprecated)

Request:
Method:
PUT
URI Path:
/api/v1/csm/aws/gateway-amis/<region-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AwsGatewayAmiInfo+

Example Request: PUT https://<nsx-csm>/api/v1/csm/aws/gateway-amis/us-west-2 { "region_id": "us-west-2", "ami_id": "ami-456", "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsGatewayAmiInfo+

Example Response: { "region_id": "us-west-2", "ami_id": "ami-123", "_protection": "NOT_PROTECTED", "_revision": 0 } Required Permissions: crud Feature: ami_region_mapping Additional Errors:

DEPRECATED. This API is needed only in NSX Cloud as a Service workflow, which is discontinued. Delete a AWS Gateway AMI. (Deprecated)

Request:
Method:
DELETE
URI Path:
/api/v1/csm/aws/gateway-amis/<region-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-csm>/api/v1/csm/aws/gateway-amis/us-west-2 Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: ami_region_mapping Additional Errors:

Cloud Service Manager: AWS Gateways

Associated URIs:

Returns configuration information for all gateways

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/gateways
Request Headers:
n/a
Query Parameters:
AwsGatewaysListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/gateways Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsGatewaysListResult+

Example Response: { "results": [ { "account_id": "d02af61a-e212-486e-b6c8-10462ccfbad6", "configuration": { "gateway_ha_configuration": [ { "availability_zone": "us-west-2a", "uplink_subnet": "subnet-4b1e122f", "management_subnet": "subnet-ea1e128e", "downlink_subnet": "subnet-041e1260", "gateway_ha_index": 0 } ], "default_quarantine_policy_enabled": false, "managed_without_agents": false, "proxy_server_profile": "a491bc83-5fc8-4e05-adb1-af8274422141", "dns_settings": { "dns_mode": "DHCP" }, "nsx_manager_connection": "PUBLIC_IP", "ami_id": "ami-123", "key_pair_name": "test-key", "is_ha_enabled": false }, "vpc_id": "vpc-c35dbaa4" }, { "account_id": "d02af61a-e212-486e-b6c8-10462ccfbad6", "configuration": { "gateway_ha_configuration": [ { "availability_zone": "us-west-1b", "uplink_subnet": "subnet-5b1e124h", "management_subnet": "subnet-a1e128t", "downlink_subnet": "subnet-141e1266", "gateway_ha_index": 0 }, { "availability_zone": "us-west-1a", "uplink_subnet": "subnet-7b1e932d", "management_subnet": "subnet-w1e128h", "downlink_subnet": "subnet-a41e1264", "gateway_ha_index": 0 } ], "default_quarantine_policy_enabled": true, "managed_without_agents": false, "nsx_manager_connection": "PRIVATE_IP", "ami_id": "ami-456", "key_pair_name": "test-key", "is_ha_enabled": true }, "vpc_id": "vpc-d76nfie6" } ] } Required Permissions: read Feature: gateway_deployment Additional Errors:

Updates configuration for primary gateway and secondary gateway for the vpc, if exists.

Request:
Method:
PUT
URI Path:
/api/v1/csm/aws/gateways/<vpc-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AwsGatewayDeployConfig+

Example Request: PUT https://<nsx-csm>/api/v1/csm/aws/gateways/vpc-1234 { "configuration": { "default_quarantine_policy_enabled": true, "managed_without_agents": false, "proxy_server_profile": "a491bc83-5fc8-4e05-adb1-af8274422141", "is_ha_enabled": false }, "account_id": "d02af61a-e212-486e-b6c8-10462ccfbad6", "vpc_id": "vpc-c35dbaa4" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsGatewayDeployConfig+

Example Response: { "account_id": "d02af61a-e212-486e-b6c8-10462ccfbad6", "configuration": { "gateway_ha_configuration": [ { "availability_zone": "us-west-2a", "uplink_subnet": "subnet-4b1e122f", "management_subnet": "subnet-ea1e128e", "downlink_subnet": "subnet-041e1260", "gateway_ha_index": 0 } ], "default_quarantine_policy_enabled": true, "managed_without_agents": false, "proxy_server_profile": "a491bc83-5fc8-4e05-adb1-af8274422141", "dns_settings": { "dns_mode": "DHCP" }, "nsx_manager_connection": "PUBLIC_IP", "ami_id": "ami-123", "key_pair_name": "test-key", "is_ha_enabled": false }, "vpc_id": "vpc-c35dbaa4" } Required Permissions: crud Feature: quarantine_policy Additional Errors:

Returns configuration for primary gateway and secondary gateway for the vpc,if exists.

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/gateways/<vpc-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/gateways/vpc-1234 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsGatewayDeployConfig+

Example Response: { "account_id": "d02af61a-e212-486e-b6c8-10462ccfbad6", "configuration": { "gateway_ha_configuration": [ { "availability_zone": "us-west-2a", "uplink_subnet": "subnet-4b1e122f", "management_subnet": "subnet-ea1e128e", "downlink_subnet": "subnet-041e1260", "gateway_ha_index": 0 } ], "default_quarantine_policy_enabled": false, "managed_without_agents": false, "proxy_server_profile":"a491bc83-5fc8-4e05-adb1-af8274422141", "nsx_manager_connection": "PUBLIC_IP", "ami_id": "ami-123", "key_pair_name": "test-key", "is_ha_enabled": false }, "vpc_id": "vpc-c35dbaa4" } Required Permissions: read Feature: gateway_deployment Additional Errors:

Returns status information for primary gateway and secondary gateway for the vpc, if exists.

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/gateways/<vpc-id>/status
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/gateways/vpc-1234/status Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsGatewayStatus+

Example Response: { "gateway_instances_status": [ { "gateway_status": "DEPLOYING", "gateway_instance_id": "i-176", "gateway_ha_index": 0, "deployment_status": 80, "deployment_state": "CONFIGURING_GATEWAY", "gateway_name": "nsxc-gw-vpc-c35dbaa4-preferred-active" } ] } Required Permissions: read Feature: gateway_deployment Additional Errors:

Deploys gateway for the specified VPC

All the required configuration to deploy AWS gateways will be absorbed
as a part of request body in this API and gateway deployment will be
triggered. Deployment progress can be known from GetAwsGatewayStatus API.
Upon successful deployment of a gateway, the deployment_step will be
DEPLOYMENT_SUCCESSFUL gateway_status will be UP and op_status of the VPC
will be NSX_MANAGED_BY_GATEWAY. If any error is encountered during
deployment, corresponding error_code and error_message will be populated
in gateway_instances_status. To manage a compute VPC using transit VPC,
user needs to undeploy gateway and onboard the compute VPC
using /csm/aws/vpcs/?action=onboard API.
Request:
Method:
POST
URI Path:
/api/v1/csm/aws/gateways?action=deploy
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AwsGatewayDeployConfig+

Example Request: POST https://<nsx-csm>/api/v1/csm/aws/gateways?action=deploy { "configuration": { "ami_id": "ami-123", "nsx_manager_connection": "PUBLIC_IP", "default_quarantine_policy_enabled": false, "managed_without_agents": false, "proxy_server_profile": "a491bc83-5fc8-4e05-adb1-af8274422141", "key_pair_name": "test-key", "is_ha_enabled": false, "gateway_ha_configuration": [{ "availability_zone": "us-west-2a", "uplink_subnet": "subnet-4b1e122f", "downlink_subnet": "subnet-041e1260", "management_subnet": "subnet-ea1e128e", "gateway_ha_index": 0, "public_ip_settings": { "ip_allocation_mode": "ALLOCATE_NEW", "public_ip": "1.2.3.4" }, "uplink_public_ip_settings" : { "public_ip" : "104.210.53.56", "ip_allocation_mode" : "USE_EXISTING" } }], "dns_settings": { "dns_mode": "DHCP", "dns_list": ["10.162.204.1", "10.166.1.1"] }}, "account_id": "d02af61a-e212-486e-b6c8-10462ccfbad6", "vpc_id": "vpc-c35dbaa4" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsGatewayDeployConfig+

Example Response: { "account_id": "d02af61a-e212-486e-b6c8-10462ccfbad6", "configuration": { "gateway_ha_configuration": [ { "availability_zone": "us-west-2a", "uplink_subnet": "subnet-4b1e122f", "management_subnet": "subnet-ea1e128e", "downlink_subnet": "subnet-041e1260", "gateway_ha_index": 0, "public_ip_settings": { "public_ip": "1.2.3.4" }, "uplink_public_ip_settings" : { "public_ip" : "104.210.53.56" } } ], "default_quarantine_policy_enabled": false, "managed_without_agents": false, "proxy_server_profile": "a491bc83-5fc8-4e05-adb1-af8274422141", "dns_settings": { "dns_mode": "DHCP", "dns_list": ["10.162.204.1", "10.166.1.1"] }, "nsx_manager_connection": "PUBLIC_IP", "ami_id": "ami-123", "key_pair_name": "test-key", "is_ha_enabled": false }, "vpc_id": "vpc-c35dbaa4" } Required Permissions: crud Feature: gateway_deployment Additional Errors:

Undeploys gateway for the specified VPC

All the required configuration to undeploy AWS gateway will be absorbed
as a part of request body in this API and gateway undeployment will be
triggered. Undeployment progress can be known from GetAwsGatewayStatus
API. Upon successful undeployment of a gateway, the deployment_step will be
UNDEPLOYMENT_SUCCESSFUL and gateway_status will be NOT_AVAILABLE. If any
error is encountered during undeployment, corresponding error_code and
error_message will be populated in gateway_instances_status
Request:
Method:
POST
URI Path:
/api/v1/csm/aws/gateways?action=undeploy
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AwsGatewayUndeployConfig+

Example Request: POST https://<nsx-csm>/api/v1/csm/aws/gateways?action=undeploy { "account_id": "d02af61a-e212-486e-b6c8-10462ccfbad6", "instance_id": "i-0c2ab8e25221bcf7c" } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: gateway_deployment Additional Errors:

Cloud Service Manager: AWS Key Pairs

Associated URIs:

Returns a list of Aws Key Pairs

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/key-pairs
Request Headers:
n/a
Query Parameters:
AwsKeyPairListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/key-pairs? account_id=7324800c-a41a-4cb4-b988-51fa3d093397®ion_id=ap-southeast-1 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsKeyPairList+

Example Response: { "results": [ { "name": "test-key-1" }, { "name": "test-key-2" }, { "name": "test-key-3" } ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Returns a list of subnets

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/subnets
Request Headers:
n/a
Query Parameters:
AwsSubnetListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/subnets? account_id=7324800c-a41a-4cb4-b988-51fa3d093397& vpc_id=vpc-c35dbaa4&availability_zone_name=us-west-2a Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsSubnetListResult+

Example Response: { "results": [ { "display_name": "test-subnet-3", "availability_zone": "us-west-2a", "cidr": "10.0.3.0/24", "id": "subnet-ea1e128e" }, { "display_name": "test-subnet-2", "availability_zone": "us-west-2a", "cidr": "10.0.2.0/24", "id": "subnet-041e1260" }, { "display_name": "test-subnet-1", "availability_zone": "us-west-2a", "cidr": "10.0.1.0/24", "id": "subnet-4b1e122f" } ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: AWS Regions

Associated URIs:

Returns a list of Aws regions

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/regions
Request Headers:
n/a
Query Parameters:
AwsRegionsListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/regions Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsRegionsListResult+

Example Response: { "cursor": "000214", "sort_ascending": true, "result_count": 2, "results": [ { "id": "us-west-2", "display_name": "us-west-2", "vpc_stats": { "managed": 5, "unmanaged": 7 }, "gateway_stats": { "deploying": 1, "up": 4, "down": 1 }, "availability_zones": [ { "id": "us-west-2a", "display_name": "us-west-2a" }, { "id": "us-west-2b", "display_name": "us-west-2b" }, { "id": "us-west-2c", "display_name": "us-west-2c" } ], "instance_stats": { "managed": 21, "unmanaged": 32, "error": 1 } }, { "id": "ap-south-1", "display_name": "ap-south-1", "vpc_stats": { "managed": 0, "unmanaged": 0 }, "gateway_stats": { "deploying": 0, "up": 0, "down": 0 }, "availability_zones": [ { "id": "ap-south-1b", "display_name": "ap-south-1b" }, { "id": "ap-south-1a", "display_name": "ap-south-1a" } ], "instance_stats": { "managed": 0, "unmanaged": 0, "error": 0 } } } ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Returns information about the particular Aws Region

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/regions/<region-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/regions/us-west-2 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsRegion+

Example Response: { "id": "us-west-2", "display_name": "us-west-2", "vpc_stats": { "managed": 5, "unmanaged": 7 }, "gateway_stats": { "deploying": 1, "up": 4, "down": 1 }, "availability_zones": [ { "id": "us-west-2a", "display_name": "us-west-2a" }, { "id": "us-west-2b", "display_name": "us-west-2b" }, { "id": "us-west-2c", "display_name": "us-west-2c" } ], "instance_stats": { "managed": 21, "unmanaged": 32, "error": 1 } } Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: AWS Resources

Associated URIs:

Returns a list of AWS public IPs

Returns a list of AWS public IPs. These ip addresses are available
to be allocated.
Request:
Method:
GET
URI Path:
/api/v1/csm/aws/public-ips
Request Headers:
n/a
Query Parameters:
AwsResourcesListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/public-ips? account_id=7324800c-a41a-4cb4-b988-51fa3d093397®ion_id=us-west-2 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsPublicIpListResult+

Example Response: { "results": [ "104.209.46.64", "104.40.87.204", "40.112.184.178", "13.91.55.98" ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Returns a list of AWS security groups. Deprecated: Please use /csm/aws/vpcs//security-groups instead. (Deprecated)

Returns a list of AWS security groups. Deprecated: Please use
/csm/aws/vpcs//security-groups instead.
Request:
Method:
GET
URI Path:
/api/v1/csm/aws/vpcs/security-groups
Request Headers:
n/a
Query Parameters:
AwsSecurityGroupsListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/vpcs/security-groups? account_id=7324800c-a41a-4cb4-b988-51fa3d093397®ion_id=us-west-2 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsSecurityGroupsListResult+

Example Response: { "results": [ "default-sg", "quarantine-sg" ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: AWS VPCS

Associated URIs:

Returns the list of configuration of the compute VPC. The configuration contains quarantine policy and fall back security group of compute VPC and the information related to transit VPC.

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/compute-vpcs
Request Headers:
n/a
Query Parameters:
AwsComputeVpcListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/compute-vpcs { "cursor": "00011", "sort_ascending": true, "result_count": 1, "results": [ { "resource_type": "AwsComputeVpcConfig", "id": "vpc-0aabad6533afb42b4", "display_name": "vpc-0aabad6533afb42b4", "default_quarantine_policy_enabled": false, "managed_without_agents": false, "account_id": "fa043e3d-256d-446f-9c5c-665dcfdb33c9", "configuration": { "account_id": "fa043e3d-256d-446f-9c5c-665dcfdb33c9", "vpc_id": "vpc-560a242f" }, "_create_user": "system", "_create_time": 1540475272491, "_last_modified_user": "admin", "_last_modified_time": 1540475431491, "_system_owned": false, "_revision": 2 } ] } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsComputeVpcListResult+

Required Permissions: read Feature: gateway_deployment Additional Errors:

Onboards a compute VPC to be NSX managed by a transit VPC.

Onboard a compute VPC to be NSX managed using a transit VPC.
Hence, user can manage the workload VMs in a compute
VPC by the public cloud gateways deployed in a transit VPC.
Onboarding status can be obtained from
/csm/aws/compute-vpcs//status API. Upon successful onboarding
of the VPC, the onboard_step will be ONBOARD_SUCCESSFUL and op_status
will be NSX_MANAGED_BY_TRANSIT_VPC. If any error is encountered during
onboarding, corresponding error_code and error_message will be populated.
To manage compute VPC using NSX gateway, user needs to offboard the
compute VPC and deploy gateway using /csm/aws/gateways?action=deploy API.
Request:
Method:
POST
URI Path:
/api/v1/csm/aws/compute-vpcs/<vpc-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AwsComputeVpcConfig+

Example Request: POST https://<nsx-csm>/api/v1/csm/aws/compute-vpcs/ { "default_quarantine_policy_enabled": false, "managed_without_agents": false, "account_id": "fa043e3d-256d-446f-9c5c-665dcfdb33c9", "configuration": { "account_id": "fa043e3d-256d-446f-9c5c-665dcfdb33c9", "vpc_id": "vpc-560a242f" } } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
n/a

Required Permissions: crud Feature: gateway_deployment Additional Errors:

Returns the configuration of the compute VPC. The configuration contains quarantine policy and fall back security group of compute VPC and the information related to transit VPC.

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/compute-vpcs/<vpc-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsComputeVpcConfig+

Example Response: GET https://<nsx-csm>/api/v1/csm/aws/vpcs/ { "resource_type": "AwsComputeVpcConfig", "id": "vpc-0aabad6533afb", "display_name": "vpc-0aabad6533afb", "default_quarantine_policy_enabled": false, "managed_without_agents": false, "configuration": { "vpc_id": "vpc-560a242f" }, "_create_user": "system", "_create_time": 1540475272491, "_last_modified_user": "admin", "_last_modified_time": 1540475431491, "_system_owned": false, "_revision": 2 } Required Permissions: read Feature: gateway_deployment Additional Errors:

Offboards a compute VPC.

Offboards a compute VPC to be NSX unmanaged from a transit VPC.
All the VMs in the compute VPC need to be untagged before offboarding
the compute VPC. Offboarding status can be obtained from
/csm/aws/compute-vpcs//status API. Upon successful offboarding
compute VPC, the onboard_step will be OFFBOARD_SUCCESSFUL
and op_status will be NOT_AVAILABLE. If any error is encountered
during offboarding, corresponding error_code and error_message
will be populated.
Request:
Method:
DELETE
URI Path:
/api/v1/csm/aws/compute-vpcs/<vpc-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-csm>/api/v1/csm/aws/compute-vpcs/ Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
n/a

Required Permissions: crud Feature: gateway_deployment Additional Errors:

Updates the NSX configuration related to managed compute VPC using a transit VPC.

Update the configurations such as default_quarantine_policy and
cloud_fallback_security_group_id for the NSX managed compute VPC.
Request:
Method:
PUT
URI Path:
/api/v1/csm/aws/compute-vpcs/<vpc-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AwsComputeVpcConfig+

Example Request: PUT https://<nsx-csm>/api/v1/csm/aws/compute-vpcs/ { "resource_type": "AwsComputeVpcConfig", "id": "vpc-0aabad6533afb", "display_name": "vpc-0aabad6533afb", "default_quarantine_policy_enabled": false, "account_id": "fa043e3d-256d-446f-9c5c-665dcfdb33c9", "configuration": { "account_id": "fa043e3d-256d-446f-9c5c-665dcfdb33c9", "vpc_id": "vpc-560a242f" }, "_create_user": "system", "_create_time": 1540475272491, "_last_modified_user": "admin", "_last_modified_time": 1540475431491, "_system_owned": false, "_revision": 2 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsComputeVpcConfig+

Example Response: { "resource_type": "AwsComputeVpcConfig", "id": "vpc-0aabad6533afb42b4", "display_name": "vpc-0aabad6533afb42b4", "default_quarantine_policy_enabled": true, "managed_without_agents": false, "configuration": { "vpc_id": "vpc-560a242f" }, "_create_user": "system", "_create_time": 1540475272491, "_last_modified_user": "admin", "_last_modified_time": 1540475431491, "_system_owned": false, "_revision": 3 } Required Permissions: crud Feature: quarantine_policy Additional Errors:

Returns the status of the compute vpc. The status corresponds to onboard or offboard status of a compute VPC.

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/compute-vpcs/<vpc-id>/status
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/compute-vpcs//status { "onboard_step": "ONBOARD_SUCCESSFUL", "virtual_private_cloud_name": "ComputeVPC-Peering", "status": "UP", "configuration": { "default_quarantine_policy_enabled": false, "managed_without_agents": false } } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsComputeVpcStatus+

Required Permissions: read Feature: gateway_deployment Additional Errors:

Returns a list of Vpcs. Support optional query parameters like account_id, region_id, cidr and/or op_status

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/vpcs
Request Headers:
n/a
Query Parameters:
AwsVpcListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/vpcs Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsVpcListResult+

Example Response: { "cursor": "0003147", "sort_ascending": true, "result_count": 3, "results": [ { "id": "vpc-c35dbaa2", "display_name": "VPC Abc", "is_management_vpc": false, "region_id": "us-east-1", "cidr": "172.31.0.0/16", "instance_stats": { "managed": 0, "unmanaged": 21, "error": 0 }, "op_status": "NSX_UNMANAGED" }, { "id": "vpc-c35dbaa3", "display_name": "VPC Acb", "is_management_vpc": false, "region_id": "us-west-2", "cidr": "172.31.0.0/16", "associated_transit_vpc": { "virtual_private_cloud_id": "vpc-c35dbade", "associated_account_ids: ["cd1f2633-e67e-46bd-b546"] }, "instance_stats": { "managed": 0, "unmanaged": 21, "error": 0 }, "op_status": "NSX_MANAGED_BY_TRANSIT_VPC" }, { "id": "vpc-c35dbaa4", "display_name": "VPC Def", "is_management_vpc": true, "transport_zones": [ { "is_underlay_transport_zone": false, "logical_switches": [ { "is_default_logical_switch": false, "instances_count": 0, "nsx_switch_tag": "cd1f2633-e67e-46bd-b546-0dc26a07c56b#8uNQpU1EWLcVjXKHr6ga7axvYBnf2Dwc+I+Js3DEhi4=", "logical_switch_display_name": "DefaultSwitch-Overlay-CSM-vpc-c35dbaa4", "logical_switch_id": "cd1f2633-e67e-46bd-b546-0dc26a07c56b" } ], "transport_zone_id": "d4ccc56a-ab51-4059-b3fb-9af3719b6f51", "transport_zone_display_name": "CSM-vpc-c35dbaa4-Overlay" }, { "is_underlay_transport_zone": true, "logical_switches": [ { "is_default_logical_switch": true, "instances_count": 0, "nsx_switch_tag": "default", "logical_switch_display_name": "DefaultSwitch-VLAN-CSM-vpc-c35dbaa4", "logical_switch_id": "1711f8db-95b8-4df8-bba6-dcac63b08b38" } ], "transport_zone_id": "870fb686-7d42-48c4-9189-8997b4f2df21", "transport_zone_display_name": "CSM-vpc-c35dbaa4-VLAN" } ], "region_id": "us-west-2", "cidr": "10.0.0.0/16", "instance_stats": { "managed": 1, "unmanaged": 4, "error": 0 }, "managed_vpcs": [ { "virtual_private_cloud_id": "vpc-c35dbade", "associated_account_ids: ["cd1f2633-e67e-46bd-b546"] }, { "virtual_private_cloud_id": "vpc-c35dbadf", "associated_account_ids: ["cd1f2633-e67e-46bd-b543"] } ], "op_status": "NSX_MANAGED", "gateway_info": { "configuration": { "default_quarantine_policy_enabled": false, "managed_without_agents": false, "proxy_server_profile":"a491bc83-5fc8-4e05-adb1-af8274422141", "nsx_manager_connection": "PUBLIC_IP", "ami_id": "ami-649e0b04", "is_ha_enabled": false }, "gateway_status": { "gateway_cluster_id": "b8ab1a4b-3d85-4a84-b92d-eacdc4402528", "gateway_instances_status": [ { "gateway_tn_id": "ef900bfc-1303-11e7-8cf5-021fa9379409", "gateway_node_id": "ef900bfc-1303-11e7-8cf5-021fa9379409", "gateway_status": "UP", "gateway_instance_id": "i-0b62834659a30fc21", "gateway_ha_index": 0, "deployment_state": "DEPLOYMENT_SUCCESSFUL", "gateway_name": "nsx-gw-vpc-c35dbaa4-preferred-active" } ] } } } ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Returns Vpc information

Request:
Method:
GET
URI Path:
/api/v1/csm/aws/vpcs/<vpc-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/vpcs/vpc-ccfe44ab Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsVpc+

Example Response: { "id": "vpc-ccfe44ab", "display_name": "VPC Abc, "is_management_vpc": false, "region_id": "us-west-2", "cidr": "50.0.0.0/16", "instance_stats": { "managed": 0, "unmanaged": 1, "error": 0 }, "op_status": "NSX_UNMANAGED" } Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: AWS: VPCS

Cloud Service Manager: AWS: VPCS: Security Groups

Associated URIs:

Returns a list of AWS security groups corresponding to a VPC

Returns a list of AWS security groups corresponding to a VPC with
information about each security group like inbound rules, outbound rules
and cloud_tags.
Request:
Method:
GET
URI Path:
/api/v1/csm/aws/vpcs/<vpc-id>/security-groups
Request Headers:
n/a
Query Parameters:
SecurityGroupListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/vpcs//security-groups Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsSecurityGroupsListResult+

Required Permissions: read Feature: cloud_resources Additional Errors:

Returns information about a particular AWS security group

Returns information about AWS security group like inbound rules,
outbound rules and cloud_tags.
Request:
Method:
GET
URI Path:
/api/v1/csm/aws/vpcs/<vpc-id>/security-groups/<security-group-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/vpcs//security-groups/ Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsSecurityGroup+

Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: AWS: VPCS: Service Endpoints

Associated URIs:

Returns list of AWS serivce endpoints corresponding to a VPC

Returns a list of AWS serivce endpoints corresponding to VPC. NSX supported
services are currently limited to Simple Storage Service (S3), Relational
Database Service (RDS), DynamoDB and Elastic Load Balancing.
Request:
Method:
GET
URI Path:
/api/v1/csm/aws/vpcs/<vpc-id>/service-endpoints
Request Headers:
n/a
Query Parameters:
ListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/vpcs//service-endpoints Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsServiceEndpointsListResult+

Required Permissions: read Feature: cloud_resources Additional Errors:

Returns information about a particular AWS serivce endpoint

Returns information about an AWS serivce endpoint like
service_endpoint_type, status and corresponding cidrs. NSX supported
services are currently limited to Simple Storage Service (S3),
Relational Database Service (RDS), DynamoDB and Elastic Load Balancing.
Request:
Method:
GET
URI Path:
/api/v1/csm/aws/vpcs/<vpc-id>/service-endpoints/<service-endpoint-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/aws/vpcs//service-endpoints/ Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsServiceEndpoint+

Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: Accounts Statistics

Associated URIs:

Returns statistics for all Accounts

Returns statistics aggregated over all accounts managed by CSM.
Request:
Method:
GET
URI Path:
/api/v1/csm/accounts/statistics
Request Headers:
n/a
Query Parameters:
AllAccountsStatisticsRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/accounts/statistics Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AllAccountsStatisticsListResult+

Example Response: { "results": [ { "resource_type": "AWS", "accounts_count": 3, "accounts_status": { "sync_in_progress": 1 }, "instance_stats": { "managed": 63, "unmanaged": 25, "error": 1 }, "vpc_stats": { "managed": 4, "unmanaged": 7 }, "regions_count": 4 }, { "resource_type": "AZURE", "accounts_count": 2, "accounts_status": { "sync_in_progress": 1 }, "instance_stats": { "managed": 42, "unmanaged": 25, "error": 3 }, "vnet_stats": { "managed": 2, "unmanaged": 1 }, "regions_count": 5 } ] } Required Permissions: read Feature: cloud_accounts Additional Errors:

Cloud Service Manager: Azure Accounts

Associated URIs:

Add a Azure account to cloud serivce manager

This api adds a Azure account to cloud service manager. Have to pass
one of the authorization methods in auth_method property as part of
request body followed by appropriate data.
Request:
Method:
POST
URI Path:
/api/v1/csm/azure/accounts
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AzureAccount+

Example Request: POST https://<nsx-csm>/api/v1/csm/azure/accounts { "cloud_type":"AZURE", "regions_count":"", "auth_method":"CREDENTIALS", "display_name": "Account ABC", "credentials":{ "client_id":"789", "key":"012", "subscription_id":"456", "tenant_id":"123", "gateway_role": "NSX role" }, "has_managed_vnet":false, "_revision":0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureAccount+

Example Response: { "id": "9174ffd1-41b1-42d6-a28d", "display_name": "Account ABC", "tenant_id": "123", "cloud_type": "AZURE", "cloud_tags_enabled": true, "instance_stats": { "total": 92, "managed": 0, "unmanaged": 82, "error": 0, "powered_off": 10 }, "auth_method": "CREDENTIALS", "credentials": { "tenant_id": "123", "subscription_id": "456", "client_id": "789", "gateway_role": "NSX role" }, "vnet_stats": { "managed": 1, "unmanaged": 42 }, "regions_count": 2, "status": { "inventory_sync_status": "IN_PROGRESS", "credentials_status": "VALID", "inventory_sync_step": "SYNCING_VMS" }, "has_managed_vnet": true, "_protection": "NOT_PROTECTED" } Required Permissions: crud Feature: cloud_accounts Additional Errors:

Returns a list of Azure accounts

Returns a list of Azure accounts with information about each account like
status and statistics. Optional query parameters can be utilized to filter
the list.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/accounts
Request Headers:
n/a
Query Parameters:
ListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/accounts Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureAccountsListResult+

Example Response: { "cursor" : "00011", "sort_ascending" : true, "result_count" : 1, "results" : [ { "id" : "28984eef-d296-4a40-979e", "display_name" : "Account ABC", "tenant_id" : "123", "cloud_type" : "AZURE", "cloud_tags_enabled" : true, "instance_stats" : { "total" : 92, "managed" : 0, "unmanaged" : 82, "error" : 0, "powered_off" : 10 }, "auth_method" : "CREDENTIALS", "credentials" : { "tenant_id" : "123", "subscription_id" : "456", "client_id" : "789", "gateway_role": "NSX role" }, "vnet_stats" : { "managed" : 1, "unmanaged" : 42 }, "regions_count" : 2, "status" : { "inventory_sync_status" : "SYNCED", "credentials_status" : "VALID", "inventory_sync_step" : "NOT_APPLICABLE" }, "has_managed_vnet" : true, "_protection": "NOT_PROTECTED" } ] } Required Permissions: read Feature: cloud_accounts Additional Errors:

Update a Azure account information

This api updates a Azure account which is added to cloud service manager.
Have to pass one of the authorization methods in auth_method property as part of
request body followed by appropriate data.
Request:
Method:
PUT
URI Path:
/api/v1/csm/azure/accounts/<account-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AzureAccount+

Example Request: PUT https://<nsx-csm>/api/v1/csm/azure/accounts/9174ffd1-41b1-42d6-a28d { "cloud_type":"AZURE", "display_name": "Account XYZ" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureAccount+

Example Response: { "id": "9174ffd1-41b1-42d6-a28d", "display_name": "Account XYZ", "tenant_id": "123", "cloud_type": "AZURE", "cloud_tags_enabled": true, "instance_stats": { "total": 92, "managed": 0, "unmanaged": 82, "error": 0, "powered_off": 10 }, "auth_method": "CREDENTIALS", "credentials": { "tenant_id": "123", "subscription_id": "456", "client_id": "789", "gateway_role": "NSX role" }, "vnet_stats": { "managed": 1, "unmanaged": 42 }, "regions_count": 2, "status": { "inventory_sync_status": "IN_PROGRESS", "credentials_status": "VALID", "inventory_sync_step": "SYNCING_VMS" }, "has_managed_vnet": true, "_protection": "NOT_PROTECTED" } Required Permissions: crud Feature: cloud_accounts Additional Errors:

Delete Azure account information

Deletes Azure account information from cloud service manager Request:
Method:
DELETE
URI Path:
/api/v1/csm/azure/accounts/<account-id>
Request Headers:
n/a
Query Parameters:
DeleteRequestParameters+
Request Body:
n/a

Example Request: DELETE https://<nsx-csm>/api/v1/csm/azure/accounts/ DELETE https://<nsx-csm>/api/v1/csm/azure/accounts/?force=true Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: cloud_accounts Additional Errors:

Returns information about a particular Azure account

Returns information about an Azure account including status and
statistics
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/accounts/<account-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/accounts/9174ffd1-41b1-42d6-a28d Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureAccount+

Example Response: { "id": "9174ffd1-41b1-42d6-a28d", "display_name": "Account ABC", "tenant_id": "123", "cloud_type": "AZURE", "cloud_tags_enabled": true, "instance_stats": { "total": 92, "managed": 0, "unmanaged": 82, "error": 0, "powered_off": 10 }, "auth_method": "CREDENTIALS", "credentials": { "tenant_id": "123", "subscription_id": "456", "client_id": "789", "gateway_role": "NSX role" }, "vnet_stats": { "managed": 1, "unmanaged": 42 }, "regions_count": 2, "status": { "inventory_sync_status": "IN_PROGRESS", "credentials_status": "VALID", "inventory_sync_step": "SYNCING_VMS" }, "has_managed_vnet": true, "_protection": "NOT_PROTECTED" } Required Permissions: read Feature: cloud_accounts Additional Errors:

Returns the status of Azure account

Return status of the account like credentials validity, inventory
synchronization status and inventory synchronization state
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/accounts/<account-id>/status
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/accounts/9174ffd1-41b1-42d6-a28d/status Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureAccountStatus+

Example Response: { "inventory_sync_status": "SYNCED", "credentials_status": "VALID", "inventory_sync_step": "NOT_APPLICABLE" } Required Permissions: read Feature: cloud_accounts Additional Errors:

Synchronizes Azure account inventory

Synchronizes Azure account related inventory like Regions, Virtual Networks,
Instances. Status of inventory synchronization can be known from Azure
account status api
Request:
Method:
POST
URI Path:
/api/v1/csm/azure/accounts/<account-id>?action=sync_inventory
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: POST https://<nsx-csm>/api/v1/csm/azure/accounts/9174ffd1-41b1-42d6-a28d?action=sync_inventory Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: cloud_accounts Additional Errors:

Cloud Service Manager: Azure Gateways

Associated URIs:

Returns configuration information for all Azure gateways

Returns a list of Azure gateways with information about each gateway like
subnet configuration and corresponding virtual network. Optional query
parameters can be utilized to filter the list.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/gateways
Request Headers:
n/a
Query Parameters:
AzureGatewaysListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/gateways Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureGatewaysListResult+

Example Response: { "results": [ { "configuration": { "default_quarantine_policy_enabled": false, "managed_without_agents": false, "proxy_server_profile": "a491bc83-5fc8-4e05-adb1-af8274422141", "nsx_manager_connection": "PRIVATE_IP", "is_ha_enabled": false, "gateway_ha_configuration": [], "dns_settings": { "dns_mode": "DHCP" }, "ssh_key": "ssh-rsa +SD2/sC/qQXtRj1fVShsolTrLtT5uIRWV3P+4fG2PNR6Wz0/QagHG/+jK8Acw== abc@xyz.com", "image_id": "https://abcxyz.windows.net/public-cloud-gateway/nsx-public-gateway.vhd" }, "vnet_id": "e8e719ff-6a40-48e2-8cf7" } ] } Required Permissions: read Feature: gateway_deployment Additional Errors:

Returns configuration of the Azure gateway

Returns configuration for primary gateway and secondary gateway for the
virtual network, if deployed gateways exist for the specified virtual
network.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/gateways/<vnet-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/gateways/e8e719ff-6a40-48e2-8cf7 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureGatewayDeployConfig+

Example Response: { "account_id": "28984eef-d296-4a40-979e", "configuration": { "default_quarantine_policy_enabled": false, "managed_without_agents": false, "proxy_server_profile": "a491bc83-5fc8-4e05-adb1-af8274422141", "nsx_manager_connection": "PRIVATE_IP", "is_ha_enabled": false, "gateway_ha_configuration": [], "dns_settings": { "dns_mode": "DHCP" }, "ssh_key": "ssh-rsa +SD2/sC/qQXtRj1fVShsolTrLtT5uIRWV3P+4fG2PNR6Wz0/QagHG/+jK8Acw== abc@xyz.com", "image_id": "https://abcxyz.windows.net/public-cloud-gateway/nsx-public-gateway.vhd" }, "vnet_id": "e8e719ff-6a40-48e2-8cf7" } Required Permissions: read Feature: gateway_deployment Additional Errors:

Updates Azure gateway configuration

Updates configuration for primary gateway and secondary gateway for the
virutal network, if deployed gateways exist for the specified virtual network.
Request:
Method:
PUT
URI Path:
/api/v1/csm/azure/gateways/<vnet-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AzureGatewayDeployConfig+

Example Request: PUT https://<nsx-csm>/api/v1/csm/azure/gateways/e8e719ff-6a40-48e2-8cf7 { "account_id": "28984eef-d296-4a40-979e", "vnet_id": "e8e719ff-6a40-48e2-8cf7", "configuration": { "default_quarantine_policy_enabled": false, "managed_without_agents": false, "proxy_server_profile": "a491bc83-5fc8-4e05-adb1-af8274422141", "auto_agent_install_enabled": false } } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureGatewayDeployConfig+

Example Response: { "account_id": "28984eef-d296-4a40-979e", "configuration": { "default_quarantine_policy_enabled": false, "managed_without_agents": false, "proxy_server_profile": "a491bc83-5fc8-4e05-adb1-af8274422141", "nsx_manager_connection": "PRIVATE_IP", "is_ha_enabled": false, "gateway_ha_configuration": [], "dns_settings": { "dns_mode": "DHCP" }, "ssh_key": "ssh-rsa +SD2/sC/qQXtRj1fVShsolTrLtT5uIRWV3P+4fG2PNR6Wz0/QagHG/+jK8Acw== abc@xyz.com", "image_id": "https://abcxyz.windows.net/public-cloud-gateway/nsx-public-gateway.vhd", "auto_agent_install_enabled": false }, "vnet_id": "e8e719ff-6a40-48e2-8cf7" } Required Permissions: crud Feature: quarantine_policy Additional Errors:

Return the status of Azure gateway

Returns status information for primary gateway and secondary gateway
for the virtual network, if deployed gateways exist for the specified
virtual network ID.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/gateways/<vnet-id>/status
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/gateways/e8e719ff-6a40-48e2-8cf7/status Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureGatewayStatus+

Example Response: { "gateway_cluster_id": "7fe9e2fd-2dce-478f-84b4", "gateway_instances_status": [ { "gateway_tn_id": "1c95f5ea-1eec-11e8-9342", "deployment_step": "DEPLOYMENT_SUCCESSFUL", "public_ip": "1.2.3.4", "gateway_node_id": "1c95f5ea-1eec-11e8-9342", "gateway_status": "UP", "gateway_instance_id": "a61b6dea-46a4-4c09-9ada", "private_ip": "4.3.2.1", "gateway_ha_index": 0, "is_gateway_active": false, "gateway_name": "nsx-gw-customer-gateway" } ] } Required Permissions: read Feature: gateway_deployment Additional Errors:

Deploys gateway for the specified virtual network

All the required configuration to deploy Azure gateways will be absorbed
as a part of request body in this API and gateway deployment will be
triggered. Deployment progress can be known from GetAzureGatewayStatus API.
Upon successful deployment of a gateway, the deployment_step will be
DEPLOYMENT_SUCCESSFUL gateway_status will be UP and op_status of the VNET
will be NSX_MANAGED_BY_GATEWAY. If any error is encountered during
deployment, corresponding error_code and error_message will be populated
in gateway_instances_status. To manage a compute VNET using transit VNET,
user needs to undeploy gateway and onboard the compute VNET
using /csm/azure/vnets/?action=onboard API.
Request:
Method:
POST
URI Path:
/api/v1/csm/azure/gateways?action=deploy
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AzureGatewayDeployConfig+

Example Request: POST https://<nsx-csm>/api/v1/csm/azure/gateways?action=deploy { "account_id": "04e2a29a-90f9-4ce0-ae69", "vnet_id": "e8e719ff-6a40-48e2-8cf7", "configuration": { "image_id": "https://abcxyz.windows.net/public-cloud-gateway/nsx-public-gateway.vhd", "default_quarantine_policy_enabled": true, "managed_without_agents": false, "proxy_server_profile":"a491bc83-5fc8-4e05-adb1-af8274422141", "nsx_manager_connection": "PRIVATE_IP", "is_ha_enabled": true, "ssh_key": "ssh-rsa +SD2/sC/qQXtRj1fVShsolTrLtT5uIRWV3P+4fG2PNR6Wz0/QagHG/+jK8Acw== abc@xyz.com", "gateway_ha_configuration": [ { "uplink_subnet": "uplink1", "management_subnet": "Mgmt", "downlink_subnet": "vtep1", "gateway_ha_index": 0, "public_ip_settings": { "ip_allocation_mode": "ALLOCATE_NEW", "public_ip": "1.2.3.4" }, "uplink_public_ip_settings" : { "public_ip" : "104.210.53.56", "ip_allocation_mode" : "USE_EXISTING" } }, { "uplink_subnet": "uplink2", "management_subnet": "Mgmt", "downlink_subnet": "vtep2", "gateway_ha_index": 1, "public_ip_settings": { "ip_allocation_mode": "ALLOCATE_NEW", "public_ip": "4.3.2.1" }, "uplink_public_ip_settings" : { "public_ip" : "104.210.53.56", "ip_allocation_mode" : "USE_EXISTING" } } ], "dns_settings": { "dns_mode": "DHCP", "dns_list": ["10.162.204.1", "10.166.1.1"] } } } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureGatewayDeployConfig+

Example Response: { "account_id": "28984eef-d296-4a40-979e", "configuration": { "image_id": "https://abcxyz.windows.net/public-cloud-gateway/nsx-public-gateway.vhd", "default_quarantine_policy_enabled": true, "managed_without_agents": false, "proxy_server_profile": "a491bc83-5fc8-4e05-adb1-af8274422141", "nsx_manager_connection": "PRIVATE_IP", "is_ha_enabled": true, "ssh_key": "ssh-rsa +SD2/sC/qQXtRj1fVShsolTrLtT5uIRWV3P+4fG2PNR6Wz0/QagHG/+jK8Acw== abc@xyz.com", "gateway_ha_configuration": [ { "uplink_subnet": "uplink1", "management_subnet": "Mgmt", "downlink_subnet": "vtep1", "gateway_ha_index": 0, "public_ip_settings": { "public_ip": "1.2.3.4" }, "uplink_public_ip_settings" : { "public_ip" : "104.210.53.56" } }, { "uplink_subnet": "uplink2", "management_subnet": "Mgmt", "downlink_subnet": "vtep2", "gateway_ha_index": 1, "public_ip_settings": { "public_ip": "4.3.2.1" }, "uplink_public_ip_settings" : { "public_ip" : "104.210.53.56" } } ], "dns_settings": { "dns_mode": "DHCP", "dns_list": ["10.162.204.1", "10.166.1.1"] } }, "vnet_id": "e8e719ff-6a40-48e2-8cf7" } Required Permissions: crud Feature: gateway_deployment Additional Errors:

Undeploys gateway for the specified virtual network

All the required configuration to undeploy Azure gateway will be absorbed
as a part of request body in this API and gateway undeployment will be
triggered. Undeployment progress can be known from GetAzureGatewayStatus
API. Upon successful undeployment of a gateway, the deployment_step will be
UNDEPLOYMENT_SUCCESSFUL and gateway_status will be NOT_AVAILABLE. If any
error is encountered during undeployment, corresponding error_code and
error_message will be populated in gateway_instances_status
Request:
Method:
POST
URI Path:
/api/v1/csm/azure/gateways?action=undeploy
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AzureGatewayUndeployConfig+

Example Request: POST https://<nsx-csm>/api/v1/csm/azure/gateways?action=undeploy { "account_id": "28984eef-d296-4a40-979e" "instance_id": "a61b6dea-46a4-4c09-9ada" } Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: gateway_deployment Additional Errors:

Cloud Service Manager: Azure IP Allocations

Associated URIs:

Allocates IPs in the specified Azure Vnet

All the required configuration to allocate public/link local IPs for cloud
will be absorbed as a part of request body in this API and IP allocation
will be triggered. Allocation progress can be known from
GetIpAllocationStatus API. Upon successful allocation, the
ip_allocation_state will be ALLOCATION_SUCCESSFUL. This operation is only
supported for containers.
Request:
Method:
POST
URI Path:
/api/v1/csm/azure/gateways/ip-mappings
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AzureIpAllocationConfig+

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureIpAllocationMappings+

Required Permissions: crud Feature: cloud_resources Additional Errors:

Returns IP allocations for all Azure Vnets. This operation is only supported for containers.

Request:
Method:
GET
URI Path:
/api/v1/csm/azure/gateways/ip-mappings
Request Headers:
n/a
Query Parameters:
AzureIpMappingsListRequestParameters+
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureIpMappingsListResult+

Required Permissions: read Feature: cloud_resources Additional Errors:

Releases allocated IPs in the specified Azure Vnet

All the allocations for the specified Azure Vnet and mapping_id will be
released. This operation is only supported for containers.
Request:
Method:
DELETE
URI Path:
/api/v1/csm/azure/gateways/ip-mappings/<mapping-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: cloud_resources Additional Errors:

Returns status information for primary gateway and secondary gateway for the vnet, if exists. This operation is only supported for containers.

Request:
Method:
GET
URI Path:
/api/v1/csm/azure/gateways/ip-mappings/<mapping-id>/status
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureIpAllocationMappings+

Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: Azure Regions

Associated URIs:

Returns a list of Azure regions

Returns a list of Azure regions with information about each region like
gateway statistics, instance statistics and vnet statistics. Optional query
parameters can be utilized to filter the list.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/regions
Request Headers:
n/a
Query Parameters:
AzureRegionsListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/regions Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureRegionsListResult+

Example Response: { "cursor": "000002", "sort_ascending": true, "result_count": 2, "results": [ { "resource_type": "AzureRegion", "id": "westus", "display_name": "westus", "associated_account_ids": [ "28984eef-d296-4a40-979e" ], "vnet_stats": { "managed": 1, "unmanaged": 10 }, "gateway_stats": { "deploying": 0, "up": 1, "down": 0 }, "instance_stats": { "total": 17, "managed": 0, "unmanaged": 8, "error": 0, "powered_off": 9 }, "has_managed_vnet": true, "_protection": "NOT_PROTECTED" }, { "resource_type": "AzureRegion", "id": "eastus2", "display_name": "eastus2", "associated_account_ids": [], "vnet_stats": { "managed": 0, "unmanaged": 0 }, "gateway_stats": { "deploying": 0, "up": 0, "down": 0 }, "instance_stats": { "total": 0, "managed": 0, "unmanaged": 0, "error": 0, "powered_off": 0 }, "_protection": "NOT_PROTECTED" } ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Returns information about a particular Azure region

Returns information about Azure region like gateway statistics, instance
statistics and vnet statistics.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/regions/<region-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/regions/westus Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureRegion+

Example Response: { "resource_type": "AzureRegion", "id": "westus", "display_name": "westus", "associated_account_ids": [ "28984eef-d296-4a40-979e" ], "vnet_stats": { "managed": 1, "unmanaged": 10 }, "gateway_stats": { "deploying": 0, "up": 1, "down": 0 }, "instance_stats": { "total": 17, "managed": 0, "unmanaged": 8, "error": 0, "powered_off": 9 }, "has_managed_vnet": true, "_protection": "NOT_PROTECTED" } Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: Azure Resources

Associated URIs:

Returns a list of Azure public IPs

Returns a list of Azure public IPs. These ip addresses are available
to be allocated.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/public-ips
Request Headers:
n/a
Query Parameters:
AzurePublicIpListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/public-ips? account_id=7324800c-a41a-4cb4-b988-51fa3d093397®ion_id=westus Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzurePublicIpListResult+

Example Response: { "results": [ "104.209.46.64", "104.40.87.204", "40.112.184.178", "13.91.55.98" ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Returns a list of Azure security groups

Returns a list of Azure security groups.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/resource-groups
Request Headers:
n/a
Query Parameters:
AzureResourcesListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/resource-groups? account_id=7324800c-a41a-4cb4-b988-51fa3d093397 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureResourceGroupsListResult+

Example Response: { "results": [ "RG-1", "RG-2" ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Returns a list of Azure Storage Accounts

Request:
Method:
GET
URI Path:
/api/v1/csm/azure/storage-accounts
Request Headers:
n/a
Query Parameters:
AzureStorageAccountsListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/storage-accounts? account_id=7324800c-a41a-4cb4-b988®ion_id=westus Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureStorageAccountList+

Example Response: { "results": [ { "name": "storage-account-1" }, { "name": "storage-account-2" }, { "name": "storage-account-3" } ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Returns a list of Azure subnets

Returns a list Azure subnets with information about each subnet like ID,
virtual network ID and address space
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/subnets
Request Headers:
n/a
Query Parameters:
AzureSubnetListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/subnets? account_id=7324800c-a41a-4cb4-b988&vnet_id=3054a504-4c09-4df7-8420 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureSubnetListResult+

Example Response: { "results": [ { "display_name": "vtep1", "address_space": "172.20.10.0/24", "vnet_id": "3054a504-4c09-4df7-8420", "id": "/subscriptions/1234567890/resourceGroups/NSX-Vnet-3-RG/providers/Microsoft.Network/virtualNetworks/NSX-Vnet-3/subnets/vtep1" }, { "display_name": "vtep2", "address_space": "172.20.11.0/24", "vnet_id": "3054a504-4c09-4df7-8420", "id": "/subscriptions/1234567890/resourceGroups/NSX-Vnet-3-RG/providers/Microsoft.Network/virtualNetworks/NSX-Vnet-3/subnets/vtep2" } ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: Azure Vnets

Associated URIs:

Returns the configuration of the compute VNet. The configuration contains quarantine policy and fall back security group of compute VNet and the information related to transit VNet.

Request:
Method:
GET
URI Path:
/api/v1/csm/azure/compute-vnets
Request Headers:
n/a
Query Parameters:
AzureComputeVNetListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/compute-vnets { "cursor": "00011", "sort_ascending": true, "result_count": 1, "results": [ { "resource_type": "AzureComputeVNetConfig", "id": "41e9e760-1c60-4b35-89c2", "display_name": "41e9e760-1c60-4b35-89c2", "default_quarantine_policy_enabled": false, "managed_without_agents": false, "account_id": "fa043e3d-256d-446f-9c5c-665dcfdb33c9", "configuration": { "account_id": "fa043e3d-256d-446f-9c5c-665dcfdb33c9", "vnet_id": "41e9e760-1c60-4b35-89" }, "_create_user": "system", "_create_time": 1540475272491, "_last_modified_user": "admin", "_last_modified_time": 1540475431491, "_system_owned": false, "_revision": 2 } ] } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureComputeVNetListResult+

Required Permissions: read Feature: gateway_deployment Additional Errors:

Updates the NSX configuration related to managed compute VNET using a transit VNET.

Update the configurations such as default_quarantine_policy,
cloud_fallback_security_group_id and auto_agent_install_enabled
for the NSX managed compute VNET.
Request:
Method:
PUT
URI Path:
/api/v1/csm/azure/compute-vnets/<vnet-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AzureComputeVNetConfig+

Example Request: PUT https://<nsx-csm>/api/v1/csm/azure/compute-vnets/ { "resource_type": "AzureComputeVNetConfig", "id": "41e9e760-1c60-4b35-89c2", "display_name": "41e9e760-1c60-4b35-89c2", "default_quarantine_policy_enabled": false, "managed_without_agents": false, "configuration": { "vnet_id": "41e9e760-1c60-4b35-89d4" }, "_create_user": "system", "_create_time": 1540475272491, "_last_modified_user": "admin", "_last_modified_time": 1540475431491, "_system_owned": false, "_revision": 2 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureComputeVNetConfig+

Example Response: { "resource_type": "AzureComputeVNetConfig", "id": "41e9e760-1c60-4b35-89c2", "display_name": "41e9e760-1c60-4b35-89c2", "default_quarantine_policy_enabled": false, "managed_without_agents": false, "account_id": "fa043e3d-256d-446f-9c5c-665dcfdb33c9", "configuration": { "account_id": "fa043e3d-256d-446f-9c5c-665dcfdb33c9", "vnet_id": "41e9e760-1c60-4b35-89d4" }, "_create_user": "system", "_create_time": 1540475272491, "_last_modified_user": "admin", "_last_modified_time": 1540475431491, "_system_owned": false, "_revision": 3 } Required Permissions: crud Feature: quarantine_policy Additional Errors:

Returns the configuration of the compute VNet. The configuration contains quarantine policy and fall back security group of compute VNet and the information related to transit VNet.

Request:
Method:
GET
URI Path:
/api/v1/csm/azure/compute-vnets/<vnet-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureComputeVNetConfig+

Example Response: GET https://<nsx-csm>/api/v1/csm/azure/compute-vnets/ { "resource_type": "AzureComputeVNetConfig", "id": "41e9e760-1c60-4b35-89c2", "display_name": "41e9e760-1c60-4b35-89c2", "default_quarantine_policy_enabled": false, "managed_without_agents": false, "configuration": { "vnet_id": "41e9e760-1c60-4b35-89d4" }, "_create_user": "system", "_create_time": 1540475272491, "_last_modified_user": "admin", "_last_modified_time": 1540475431491, "_system_owned": false, "_revision": 2 } Required Permissions: read Feature: gateway_deployment Additional Errors:

Onboards a compute VNet to be NSX managed by a transit VNet.

Onboard a compute VNet to be NSX managed using a transit VNet.
Hence, the public cloud gateways deployed in a transit VNet can
manage the workload VMs in a computeVNet.
Onboarding status can be obtained from
/csm/azure/compute-vnets//status API.
Upon successful onboarding of the VNet, the onboard_step will be
ONBOARD_SUCCESSFUL and op_status will be NSX_MANAGED_BY_TRANSIT_VNet.
If any error is encountered during onboarding, corresponding error_code
and error_message will be populated. To manage compute VNet using
NSX gateway, offboard the compute VNet and deploy gateway
using /csm/azure/gateways?action=deploy API.
Request:
Method:
POST
URI Path:
/api/v1/csm/azure/compute-vnets/<vnet-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
AzureComputeVNetConfig+

Example Request: POST https://<nsx-csm>/api/v1/csm/azure/compute-vnets/ { "configuration": { "account_id": "d02af61a-e212-486e-b6c8-10462ccfbad6", "vnet_id": "41e9e760-1c60-4b35-89c2" }, "account_id": "d02af61a-e212-486e-b6c8-10462ccfbad6" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
n/a

Required Permissions: crud Feature: gateway_deployment Additional Errors:

Offboards a compute VNet.

Offboards a compute VNet to be NSX unmanaged from a transit VNet.
All the VMs in the compute VNet need to be untagged before offboarding
the compute VNet. Offboarding status can be obtained from
/csm/azure/compute-vnets//status API. Upon successful offboarding
compute VNet, the onboard_step will be OFFBOARD_SUCCESSFUL
and op_status will be NOT_AVAILABLE. If any error is encountered
during offboarding, corresponding error_code and error_message
will be populated.
Request:
Method:
DELETE
URI Path:
/api/v1/csm/azure/compute-vnets/<vnet-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-csm>/api/v1/csm/azure/compute-vnets/ Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
n/a

Required Permissions: crud Feature: gateway_deployment Additional Errors:

Returns the status of the compute VNet. The status corresponds to onboard or offboard status of a compute VNet.

Request:
Method:
GET
URI Path:
/api/v1/csm/azure/compute-vnets/<vnet-id>/status
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/vnets//status { "onboard_step": "ONBOARD_SUCCESSFUL", "virtual_private_cloud_name": "ComputeVNet-Peering", "status": "UP", "configuration": { "default_quarantine_policy_enabled": false, "managed_without_agents": false, "auto_agent_install_enabled": false } } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureComputeVnetStatus+

Required Permissions: read Feature: gateway_deployment Additional Errors:

Returns a list of Azure virtual networks

Returns a list of Azure virtual networks with information about each
virtual network like IPv4 CIDR, gateway information and transport zones.
Optional query parameters can be utilized to filter the list.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/vnets
Request Headers:
n/a
Query Parameters:
AzureVnetListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/vnets Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureVnetListResult+

Example Response: { "cursor": "000002", "sort_ascending": true, "result_count": 3, "results": [ { "resource_type": "AzureVnet", "id": "3054a504-4c09-4df7-8420", "display_name": "NSX-Vnet-1", "cidr_blocks": [ "10.59.1.224/28", "172.20.10.0/24", "172.20.11.0/24", "172.20.12.0/24", "172.20.13.0/24", "172.20.14.0/24" ], "resource_group": "NSX-Vnet-1-RG", "associated_account_ids": [ "28984eef-d296-4a40-979e" ], "region_id": "westus", "resource_id": "/subscriptions/1234567890/resourceGroups/NSX-Vnet-1-RG/providers/Microsoft.Network/virtualNetworks/NSX-Vnet-1", "instance_stats": { "total": 6, "managed": 0, "unmanaged": 5, "error": 0, "powered_off": 1 }, "op_status": "NSX_UNMANAGED", "gateway_info": { "gateway_status": { "gateway_cluster_id": "" } }, "is_management_vnet": false, "_protection": "NOT_PROTECTED" }, { "resource_type": "AzureVnet", "id": "e8e719ff-6a40-48e2-8cf7", "display_name": "NSX-Int-Vnet-Ind-3", "cidr_blocks": [ "10.59.4.112/28", "172.18.35.0/24", "172.18.36.0/24", "172.18.37.0/24", "172.18.38.0/24", "172.18.39.0/24" ], "resource_group": "NSX-Vnet-2-RG", "associated_account_ids": [ "28984eef-d296-4a40-979e" ], "transport_zones": [ { "is_underlay_transport_zone": false, "logical_switches": [ { "is_default_logical_switch": false, "instances_count": 0, "nsx_switch_tag": "a2aad0f1-a48a-474b-8423-41767f538ee0#/E=", "logical_switch_display_name": "DefaultSwitch-Overlay-NSX-Vnet-2", "logical_switch_id": "ls54321" } ], "transport_zone_id": "tz54321", "transport_zone_display_name": "NSX-Vnet-2-Overlay" }, { "is_underlay_transport_zone": true, "logical_switches": [ { "is_default_logical_switch": true, "instances_count": 0, "nsx_switch_tag": "default", "logical_switch_display_name": "DefaultSwitch-VLAN-NSX-Vnet-2", "logical_switch_id": "ls12345" } ], "transport_zone_id": "tz12345", "transport_zone_display_name": "NSX-Vnet-2-VLAN" } ], "region_id": "westus", "resource_id": "/subscriptions/1234567890/resourceGroups/NSX-Vnet-2-RG/providers/Microsoft.Network/virtualNetworks/NSX-Vnet-2", "instance_stats": { "total": 6, "managed": 0, "unmanaged": 6, "error": 0, "powered_off": 0 }, "managed_vnets": [ { "virtual_private_cloud_id": "3034a504-4509-4df7-8429", "associated_account_ids: ["28984eef-d296-4a40-979e"], "virtual_private_cloud_name": "NSX-Vnet-4" } ], "op_status": "NSX_MANAGED", "gateway_info": { "configuration": { "default_quarantine_policy_enabled": false, "managed_without_agents": false, "proxy_server_profile":"a491bc83-5fc8-4e05-adb1-af8274422141", "nsx_manager_connection": "PRIVATE_IP", "is_ha_enabled": false, "gateway_ha_configuration": [], "dns_settings": { "dns_mode": "DHCP" }, "ssh_key": "abcxyzabcxyz", "image_id": "https://abcxyz.windows.net/public-cloud-gateway2/nsx-public-gateway.vhd" }, "gateway_status": { "gateway_cluster_id": "abc123", "gateway_instances_status": [ { "gateway_tn_id": "abcde12345", "deployment_step": "DEPLOYMENT_SUCCESSFUL", "public_ip": "1.2.3.4", "gateway_node_id": "12345abcde", "gateway_status": "UP", "gateway_instance_id": "abcde12345", "private_ip": "4.3.2.1", "gateway_ha_index": 0, "is_gateway_active": false, "gateway_name": "nsx-gw-test" } ] } }, "is_management_vnet": false, "_protection": "NOT_PROTECTED" }, { "resource_type": "AzureVnet", "id": "3034a504-4509-4df7-8429", "display_name": "NSX-Vnet-4", "cidr_blocks": [ "10.59.1.224/28", "172.20.10.0/24" ], "resource_group": "NSX-Vnet-4-RG", "associated_account_ids": [ "28984eef-d296-4a40-979e" ], "region_id": "westus", "resource_id": "/subscriptions/1234567890/resourceGroups/NSX-Vnet-4-RG/providers/Microsoft.Network/virtualNetworks/NSX-Vnet-4", "instance_stats": { "total": 6, "managed": 0, "unmanaged": 5, "error": 0, "powered_off": 1 }, "associated_transit_vnet": { "virtual_private_cloud_id": "e8e719ff-6a40-48e2-8cf7", "associated_account_ids: ["28984eef-d296-4a40-979e"], "virtual_private_cloud_name": "NSX-Int-Vnet-Ind-3" }, "op_status": "NSX_MANAGED_BY_TRANSIT_VNET", "gateway_info": { "gateway_status": { "gateway_cluster_id": "" } }, "is_management_vnet": false, "_protection": "NOT_PROTECTED" }, ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Returns information about a particular Azure virtual network

Returns information about Azure region like virtual network like IPv4 CIDR,
gateway information and transport zones.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/vnets/<vnet-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/vnets/41e9e760-1c60-4b35-89c2 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureVnet+

Example Response: { "resource_type": "AzureVnet", "id": "41e9e760-1c60-4b35-89c2", "display_name": "NSX-Vnet-1", "cidr_blocks": [ "10.59.4.80/28", "172.18.25.0/24", "172.18.26.0/24", "172.18.27.0/24", "172.18.28.0/24", "172.18.29.0/24" ], "resource_group": "NSX-Vnet-1-RG", "associated_account_ids": [ "28984eef-d296-4a40-979e" ], "region_id": "westus", "resource_id": "/subscriptions/1234567890/resourceGroups/NSX-Vnet-1-RG/providers/Microsoft.Network/virtualNetworks/NSX-Vnet-1", "instance_stats": { "total": 1, "managed": 0, "unmanaged": 1, "error": 0, "powered_off": 0 }, "op_status": "NSX_UNMANAGED", "gateway_info": { "gateway_status": { "gateway_cluster_id": "" } }, "is_management_vnet": false, "_protection": "NOT_PROTECTED" } Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: Azure

Cloud Service Manager: Azure: Security Groups

Associated URIs:

Returns a list of Azure security groups corresponding to a VNet

Returns a list of Azure security groups corresponding to VNet with
information about each security group like inbound rules, outbound rules
and priority.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/security-groups
Request Headers:
n/a
Query Parameters:
AzureResourcesListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/security-groups Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureSecurityGroupsListResult+

Required Permissions: read Feature: cloud_resources Additional Errors:

Returns information about a particular Azure security group

Returns information about a Azure security group like inbound rules,
outbound rules and priority.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/security-groups/<security-group-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/security-groups/ Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureSecurityGroup+

Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: Azure: Vnets

Cloud Service Manager: Azure: Vnets: Service Endpoints

Associated URIs:

Returns a list of Azure service endpoints corresponding to a VNet

Returns a list of Azure service endpoints corresponding to a VNet. NSX
supported services are currently limited to Azure Storage, Azure SQL
Database, Azure Cosmos DB and Azure Load Balancer.
Request:
Method:
GET
URI Path:
/api/v1/csm/azure/vnets/<vnet-id>/service-endpoints
Request Headers:
n/a
Query Parameters:
AzureServiceEndpointsListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/azure/vnets//service-endpoints Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AzureServiceEndpointsListResult+

Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: Cloud Service Manager

Associated URIs:

Refreshes encryption keys

This API can be used to refresh the encryption keys used by Cloud Service
Manager to encrypt sensitive data. This action should generally be done
during maintenance windows.
Request:
Method:
POST
URI Path:
/api/v1/csm/csmconfig/encryption-keys?action=refresh
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: POST https://<nsx-csm>/api/v1/csm/csmconfig/encryption-keys?action=refresh Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: csm_node_config Additional Errors:

Return Csm status information

Returns information about cloud service manager
Request:
Method:
GET
URI Path:
/api/v1/csm/csmstatus
Request Headers:
n/a
Query Parameters:
ListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/csmstatus Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CsmStatus+

Example Response: { "id": "a180989d-48fa-4624-af84-d3c7f120d383", "display_name": "CSM Instance", "ip_address": "192.168.122.1", "version": "1.0", "managed_by_vmware": true, "supported_clouds": [ { "cloud_type": "aws" } ] } Required Permissions: read Feature: csm_node_config Additional Errors:

Cloud Service Manager: NSX Manager Accounts

Associated URIs:

Returns a list of NSX Manager accounts

Request:
Method:
GET
URI Path:
/api/v1/csm/nsx-manager-accounts
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/nsx-manager-accounts Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
NsxManagerAccountsListResult+

Example Response: { "results": [ { "id": "a491bc83-5fc8-4e05-adb1-af8274422141", "public_ip": "34.208.244.2", "tenant_id": "345", "thumbprint": "12a76e1ff8d7d6d95ce02dddece11134e402bc436454b7bf4fa61a28418330a1", "username": "admin" } ] } Required Permissions: read Feature: nsx_integration Additional Errors:

Create a NSX Manager account

Request:
Method:
POST
URI Path:
/api/v1/csm/nsx-manager-accounts
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
NsxManagerAccount+

Example Request: POST https://<nsx-csm>/api/v1/csm/nsx-manager-accounts { "tenant_id": "345", "public_ip": "34.208.244.2", "thumbprint": "12a76e1ff8d7d6d95ce02dddece11134e402bc436454b7bf4fa61a28418330a1", "username": "admin", "password": "12423dsgfe3" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
NsxManagerAccount+

Example Response: { "id": "a491bc83-5fc8-4e05-adb1-af8274422141", "tenant_id": "345", "public_ip": "34.208.244.2", "thumbprint": "12a76e1ff8d7d6d95ce02dddece11134e402bc436454b7bf4fa61a28418330a1", "username": "admin" } Required Permissions: crud Feature: nsx_integration Additional Errors:

Update a NSX Manager account

Request:
Method:
PUT
URI Path:
/api/v1/csm/nsx-manager-accounts/<account-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
NsxManagerAccount+

Example Request: PUT https://<nsx-csm>/api/v1/csm/nsx-manager-accounts/a491bc83-5fc8-4e05-adb1-af8274422141 { "public_ip": "52.1.1.12", "thumbprint": "12a76e1ff8d7d6d95ce02dddece11134e402bc436454b7bf4fa61a28418330a1", "username": "admin", "password": "12423dsgfe3" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
NsxManagerAccount+

Example Response: { "id": "a491bc83-5fc8-4e05-adb1-af8274422141", "tenant_id": "123", "public_ip": "52.1.1.12", "thumbprint": "12a76e1ff8d7d6d95ce02dddece11134e402bc436454b7bf4fa61a28418330a1", "username": "New Name" } Required Permissions: crud Feature: nsx_integration Additional Errors:

Delete a NSX Manager account

Request:
Method:
DELETE
URI Path:
/api/v1/csm/nsx-manager-accounts/<account-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-csm>/api/v1/csm/nsx-manager-accounts/a491bc83-5fc8-4e05-adb1-af8274422141 Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: nsx_integration Additional Errors:

Returns the particular NSX Manager account information

Request:
Method:
GET
URI Path:
/api/v1/csm/nsx-manager-accounts/<account-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/nsx-manager-accounts/a491bc83-5fc8-4e05-adb1-af8274422141 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
NsxManagerAccount+

Example Response: { "id": "a491bc83-5fc8-4e05-adb1-af8274422141", "public_ip": "34.208.244.2", "tenant_id": "345", "thumbprint": "12a76e1ff8d7d6d95ce02dddece11134e402bc436454b7bf4fa61a28418330a1", "username": "admin" } Required Permissions: read Feature: nsx_integration Additional Errors:

Cloud Service Manager: Proxy Server Profile

Associated URIs:

Create a Proxy Server Profile

Request:
Method:
POST
URI Path:
/api/v1/csm/proxy-server-profiles
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
ProxyServerProfileInfo+

Example Request: POST https://<nsx-csm>/api/v1/csm/proxy-server-profiles { "profilename":"test", "username": "admin", "password": "test123", "host": "1.0.0.0", "port": "3382", "is_default":"true" } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ProxyServerProfileInfo+

Example Response: { "id": "a491bc83-5fc8-4e05-adb1-af8274422141", "profilename": "test", "username": "admin", "host": "1.0.0.0", "port": "3382", "is_default": "true" } Required Permissions: crud Feature: cloud_accounts Additional Errors:

Returns a list of Proxy Server Profiles

Request:
Method:
GET
URI Path:
/api/v1/csm/proxy-server-profiles
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/proxy-server-profiles Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ProxyServerProfilesListResult+

Example Response: { "results": [ { "id": "a491bc83-5fc8-4e05-adb1-af8274422141", "profilename": "test" "username": "admin", "host": "1.0.0.0", "port": "3382", "is_default": "true" }, { "id": "b491bc83-5fc8-4e05-tdc1-ef8274422141", "profilename": "proxy-with-certificate", "username": "admin", "host": "2.0.0.0", "port": "3382", "is_default": "true", "tls_certificate":"----BEGIN CERTIFICATE-------" } ] } Required Permissions: read Feature: cloud_accounts Additional Errors:

Update a Proxy Server Profile

Request:
Method:
PUT
URI Path:
/api/v1/csm/proxy-server-profiles/<profile-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
ProxyServerProfileInfo+

Example Request: PUT https://<nsx-csm>/api/v1/csm/proxy-server-profiles/a491bc83-5fc8-4e05-adb1-af8274422141 { "profilename": "test", "username": "admin", "password": "test123", "host": "1.0.0.0", "port": "3382", "is_default": "false", "_revision": 0 } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ProxyServerProfileInfo+

Example Response: { "id": "a491bc83-5fc8-4e05-adb1-af8274422141", "profilename": "test", "username": "admin", "host": "1.0.0.0", "port": "3382", "is_default": "false", "_revision": 0 } Required Permissions: crud Feature: cloud_accounts Additional Errors:

Returns the particular Proxy Server Profile information

Request:
Method:
GET
URI Path:
/api/v1/csm/proxy-server-profiles/<profile-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/proxy-server-profiles/a491bc83-5fc8-4e05-adb1-af8274422141 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
ProxyServerProfileInfo+

Example Response: { "profilename": "test", "username": "admin", "host": "1.0.0.0", "port": "3382", "is_default": "true", "_revision": 0 } Required Permissions: read Feature: cloud_accounts Additional Errors:

Delete a Proxy Server Profile

Request:
Method:
DELETE
URI Path:
/api/v1/csm/proxy-server-profiles/<profile-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: DELETE https://<nsx-csm>/api/v1/csm/proxy-server_profiles/a491bc83-5fc8-4e05-adb1-af8274422141 Successful Response:
Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions: crud Feature: cloud_accounts Additional Errors:

Cloud Service Manager: VPN

Associated URIs:

Returns the state of the public cloud routing tables from a VPN point of view.

Request:
Method:
GET
URI Path:
/api/v1/csm/vpn/routing-tables/state
Request Headers:
n/a
Query Parameters:
VpnRoutingTablesStateListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/vpn/routing-tables/state Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
VpnRoutingTableStateListResult+

Example Response: { "cursor": "0008236", "sort_ascending": true, "result_count": 3, "resource_type": "VpnRoutingTableStateListResult", "results": [ { "id" : "rtb-fa00d882", "managed_for_vpn" : true }, { "id" : "rtb-9f7b06e7", "managed_for_vpn" : false, "reason_for_not_managed" : "RT_CONTAINS_UPLINK_SUBNET" }, { "id" : "rtb-ac08dcd4", "managed_for_vpn" : false, "reason_for_not_managed" : "UNSELECTED" } ], "_last_modified_user": "admin", "_last_modified_time": 1435284879143, "_create_time": 1435284566908, "_create_user": "admin", "_revision": 1 } Required Permissions: read Feature: cloud_resources Additional Errors:

Cloud Service Manager: Virtual Machines

Associated URIs:

Returns the list of all virtual machines created or imported under a particular account id. Supports optional query parameters like region id, vpc id, public_ip, is_gateway.

Request:
Method:
GET
URI Path:
/api/v1/csm/virtual-machines
Request Headers:
n/a
Query Parameters:
CloudVirtualMachinesListRequestParameters+
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/virtual-machines Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
CloudVirtualMachinesListResult+

Example Response: { "cursor": "0003348", "sort_ascending": true, "result_count": 348, "results": [ { "description": "t2.micro", "id": "i-027c0b32cbe631ec9", "display_name": "vm-2", "is_gateway": false, "private_ip": "13.14.41.253", "cloud_tags": [], "os_type": "AMAZON_LINUX", "agent_status": "NO_AGENT", "os_details": "", "availability_zone": "us-west-2c", "vpc": "vpc-f4ddaf93", "vm_config_status": { "whitelist": { "whitelisted": "YES" } } }, { "description": "c4.xlarge", "id": "i-0b62834659a30fc21", "display_name": "nsx-gw-vpc-c35dbaa4-preferred-active", "public_ip": "52.89.33.233", "is_gateway": true, "private_ip": "10.0.1.97", "is_gateway_active": true, "cloud_tags": [], "gateway_status": "UP", "os_type": "UBUNTU", "os_details": "LTS 14.04", "availability_zone": "us-west-2a", "vpc": "vpc-c35dbaa4", "vm_config_status": { "whitelist": { "whitelisted": "NO" } } } ] } Required Permissions: read Feature: cloud_resources Additional Errors:

Returns information about the particular virtual machine

Request:
Method:
GET
URI Path:
/api/v1/csm/virtual-machines/<virtual-machine-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-csm>/api/v1/csm/virtual-machines/i-027c0b32cbe631ec9 Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
AwsVirtualMachine+
AzureVirtualMachine+
CloudVirtualMachine+

Example Response: { "description": "t2.micro", "id": "i-027c0b32cbe631ec9", "display_name": "vm-2", "is_gateway": false, "private_ip": "13.14.41.253", "cloud_tags": [], "os_type": "AMAZON_LINUX", "agent_status": "NO_AGENT", "os_details": "", "availability_zone": "us-west-2c", "vpc": "vpc-f4ddaf93", "vm_config_status": { "whitelist": { "whitelisted": "NO" } } } Required Permissions: read Feature: cloud_resources Additional Errors:

Update virtual machine config

Updates user configurable nsx properties of virtual machines.
Request:
Method:
POST
URI Path:
/api/v1/csm/virtual-machines?action=update_config
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
VirtualMachineConfigList+

Example Request: POST https://<nsx-csm>/api/v1/csm/virtual-machines?action=update_config { "virtual_machines": [ { "vm_id": "i-027c0b32cbe631ec9" "vm_config_properties": { "whitelisted" : true } }, { "vm_id": "a491bc83-5fc8-4e05-adb1-af8274422141" "vm_config_properties": { "whitelisted" : true } } ] } Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
VirtualMachineConfigList+

Required Permissions: crud Feature: cloud_resources Additional Errors:

Management Plane API

Management Plane API: AAA

Associated URIs:

Create registration access token

The privileges of the registration token will be the same as the caller. Request:
Method:
POST
URI Path:
/api/v1/aaa/registration-token
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: POST https://<nsx-mgr>/api/v1/aaa/registration-token Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
RegistrationToken+

Example Response: { "token": "e9112e46-a54a-486f-82bb-043b89228c1b", "roles":[ "network_engineer" ] } Required Permissions: crud Feature: nodes_edges Additional Errors:

Get registration access token

Request:
Method:
GET
URI Path:
/api/v1/aaa/registration-token/<token>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
n/a

Example Request: GET https://<nsx-mgr>/api/v1/aaa/registration-token/e9112e46-a54a-486f-82bb-043b89228c1b