| API Description | API Path |
|---|---|
Read infraRead infra. Returns only the infra related properties. Inner object are not populated. |
GET /policy/api/v1/infra
GET /policy/api/v1/global-infra |
Update the infra including all the nested entitiesPatch API at infra level can be used in two flavours 1. Like a regular API to update Infra object 2. Hierarchical API: To create/update/delete entire or part of intent hierarchy Hierarchical API: Provides users a way to create entire or part of intent in single API invocation. Input is expressed in a tree format. Each node in tree can have multiple children of different types. System will resolve the dependecies of nodes within the intent tree and will create the model. Children for any node can be specified using ChildResourceReference or ChildPolicyConfigResource. If a resource is specified using ChildResourceReference then it will not be updated only its children will be updated. If Object is specified using ChildPolicyConfigResource, object along with its children will be updated. Hierarchical API can also be used to delete any sub-branch of entire tree. |
PATCH /policy/api/v1/infra
PATCH /policy/api/v1/global-infra |
Update the infra including all the nested entitiesUpdate the infra including all the nested entities |
PUT /policy/api/v1/infra
|
Return All the User-Facing Components' CertificatesReturns all certificate information viewable by the user, including each certificate's id; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. |
GET /policy/api/v1/infra/certificates
|
Delete Certificate for the Given Certificate IDRemoves the specified certificate. The private key associated with the certificate is also deleted. |
DELETE /policy/api/v1/infra/certificates/<certificate-id>
|
Show Certificate Data for the Given Certificate IDReturns information for the specified certificate ID, including the certificate's id; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. |
GET /policy/api/v1/infra/certificates/<certificate-id>
|
Add a New CertificateAdds a new private-public certificate and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. A certificate chain will not be expanded into separate certificate instances for reference, but would be pushed to the enforcement point as a single certificate. This patch method does not modify an existing certificate. |
PATCH /policy/api/v1/infra/certificates/<certificate-id>
|
Add a New CertificateAdds a new private-public certificate and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. A certificate chain will not be expanded into separate certificate instances for reference, but would be pushed to the enforcement point as a single certificate. |
PUT /policy/api/v1/infra/certificates/<certificate-id>
|
List tenant Constraints.List tenant constraints. |
GET /policy/api/v1/infra/constraints
|
Delete tenant Constraint.Delete tenant constraint. |
DELETE /policy/api/v1/infra/constraints/<constraint-id>
|
Read tenant Constraint.Read tenant constraint. |
GET /policy/api/v1/infra/constraints/<constraint-id>
|
Create or update tenant ConstraintCreate tenant constraint if not exists, otherwise update the existing constraint. |
PATCH /policy/api/v1/infra/constraints/<constraint-id>
|
Create or update tenant ConstraintCreate tenant constraint if it does not exist, otherwise replace the existing constraint. |
PUT /policy/api/v1/infra/constraints/<constraint-id>
|
Return All Added CRLsReturns information about all CRLs. For additional information, include the ?details=true modifier at the end of the request URI. |
GET /policy/api/v1/infra/crls
|
Delete a CRLDeletes an existing CRL. |
DELETE /policy/api/v1/infra/crls/<crl-id>
|
Show CRL Data for the Given CRL id.Returns information about the specified CRL. For additional information, include the ?details=true modifier at the end of the request URI. |
GET /policy/api/v1/infra/crls/<crl-id>
|
Create or patch a Certificate Revocation ListCreate or patch a Certificate Revocation List for the given id. The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL must contain PEM data for a single CRL. |
PATCH /policy/api/v1/infra/crls/<crl-id>
|
Create a new Certificate Revocation ListAdds a new certificate revocation list (CRLs). The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL can contain a single CRL or multiple CRLs depending on the PEM data. - Single CRL: a single CRL is created with the given id. - Composite CRL: multiple CRLs are generated. Each of the CRL is created with an id generated based on the given id. First CRL is created with crl-id, second with crl-id-1, third with crl-id-2, etc. |
POST /policy/api/v1/infra/crls/<crl-id>?action=import
|
Create or fully replace a Certificate Revocation ListCreate or replace a Certificate Revocation List for the given id. The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL must contain PEM data for a single CRL. Revision is required. |
PUT /policy/api/v1/infra/crls/<crl-id>
|
List Deployment Zones for infraPaginated list of all Deployment zones for infra. This is a deprecated API. DeploymentZone has been renamed to Site. Use GET /infra/sites. |
GET /policy/api/v1/infra/deployment-zones
(Deprecated)
|
Read a DeploymentZoneRead a Deployment Zone. This is a deprecated API. DeploymentZone has been renamed to Site. Use GET /infra/sites/site-id. |
GET /policy/api/v1/infra/deployment-zones/<deployment-zone-id>
(Deprecated)
|
List enforcementpoints for infraPaginated list of all enforcementpoints for infra. This is a deprecated API. DeploymentZone has been renamed to Site. Use GET /infra/sites/site-id/enforcement-points. |
GET /policy/api/v1/infra/deployment-zones/<deployment-zone-id>/enforcement-points
(Deprecated)
|
Delete EnforcementPointDelete EnforcementPoint. This is a deprecated API. DeploymentZone has been renamed to Site. Use DELETE /infra/sites/site-id/enforcement-points/enforcementpoint-id. |
DELETE /policy/api/v1/infra/deployment-zones/<deployment-zone-id>/enforcement-points/<enforcementpoint-id>
(Deprecated)
|
Read an Enforcement PointRead an Enforcement Point. This is a deprecated API. DeploymentZone has been renamed to Site. Use GET /infra/sites/site-id/enforcement-points/enforcementpoint-id. |
GET /policy/api/v1/infra/deployment-zones/<deployment-zone-id>/enforcement-points/<enforcementpoint-id>
(Deprecated)
|
Patch a new Enforcement Point under infraIf the passed Enforcement Point does not already exist, create a new Enforcement Point. If it already exists, patch it. This is a deprecated API. DeploymentZone has been renamed to Site. Use PATCH /infra/sites/site-1/enforcement-points/enforcementpoint-1. |
PATCH /policy/api/v1/infra/deployment-zones/<deployment-zone-id>/enforcement-points/<enforcementpoint-id>
(Deprecated)
|
Create/update a new Enforcement Point under infraIf the passed Enforcement Point does not already exist, create a new Enforcement Point. If it already exists, replace it. This is a deprecated API. DeploymentZone has been renamed to Site. Use PUT /infra/sites/site-id/enforcement-points/enforcementpoint-id. |
PUT /policy/api/v1/infra/deployment-zones/<deployment-zone-id>/enforcement-points/<enforcementpoint-id>
(Deprecated)
|
List domains for infraPaginated list of all domains for infra. |
GET /policy/api/v1/infra/domains
GET /policy/api/v1/global-infra/domains |
Delete Domain and all the entities contained by this domainDelete the domain along with all the entities contained by this domain. The groups that are a part of this domain are also deleted along with the domain. |
DELETE /policy/api/v1/infra/domains/<domain-id>
|
Read domainRead a domain. |
GET /policy/api/v1/infra/domains/<domain-id>
GET /policy/api/v1/global-infra/domains/<domain-id> |
Patch a domainIf a domain with the domain-id is not already present, create a new domain. If it already exists, patch the domain |
PATCH /policy/api/v1/infra/domains/<domain-id>
|
Create or update a domainIf a domain with the domain-id is not already present, create a new domain. If it already exists, update the domain including the nested groups. This is a full replace |
PUT /policy/api/v1/infra/domains/<domain-id>
|
List Domain Deployment maps for infraPaginated list of all Domain Deployment Entries for infra. |
GET /policy/api/v1/infra/domains/<domain-id>/domain-deployment-maps
GET /policy/api/v1/global-infra/domains/<domain-id>/domain-deployment-maps |
Delete Domain Deployment MapDelete Domain Deployment Map |
DELETE /policy/api/v1/infra/domains/<domain-id>/domain-deployment-maps/<domain-deployment-map-id>
|
Read a DomainDeploymentMapRead a Domain Deployment Map |
GET /policy/api/v1/infra/domains/<domain-id>/domain-deployment-maps/<domain-deployment-map-id>
GET /policy/api/v1/global-infra/domains/<domain-id>/domain-deployment-maps/<domain-deployment-map-id> |
Patch Domain Deployment Map under infraIf the passed Domain Deployment Map does not already exist, create a new Domain Deployment Map. If it already exist, patch it. |
PATCH /policy/api/v1/infra/domains/<domain-id>/domain-deployment-maps/<domain-deployment-map-id>
|
Create a new Domain Deployment Map under infraIf the passed Domain Deployment Map does not already exist, create a new Domain Deployment Map. If it already exist, replace it. |
PUT /policy/api/v1/infra/domains/<domain-id>/domain-deployment-maps/<domain-deployment-map-id>
|
Read Global Manager config along with sensitive dataRead a Global Manager config along with sensitive data. For example - rtep_config.ibgp_password |
GET /policy/api/v1/infra/global-manager-config?action=show-sensitive-data
|
Create or patch Global Manager ConfigCreate or patch a Global Manager Config |
PATCH /policy/api/v1/infra/global-manager-config
|
Create or fully replace Global Manager ConfigCreate or fully replace a Global Manager Config. Revision is optional for creation and required for update. |
PUT /policy/api/v1/infra/global-manager-config
|
List labels for infraPaginated list of all labels for infra. |
GET /policy/api/v1/infra/labels
|
Delete PolicyLabel objectDelete PolicyLabel object |
DELETE /policy/api/v1/infra/labels/<label-id>
|
Read lableRead a label. |
GET /policy/api/v1/infra/labels/<label-id>
|
Patch an existing label objectCreate label if not exists, otherwise take the partial updates. Note, once the label is created type attribute can not be changed. |
PATCH /policy/api/v1/infra/labels/<label-id>
|
Create or replace labelCreate label if not exists, otherwise replaces the existing label. If label already exists then type attribute cannot be changed. |
PUT /policy/api/v1/infra/labels/<label-id>
|
List All alarms in the systemPaginated list of all alarms. |
GET /policy/api/v1/infra/realized-state/alarms
|
List Enforcement PointsPaginated list of all enforcement points. Returns the populated enforcement points. |
GET /policy/api/v1/infra/realized-state/enforcement-points
(Experimental)
|
Read Enforcement PointRead a Enforcement Point and the complete tree underneath. Returns the populated enforcement point object. |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>
(Experimental)
|
List Firewall SectionsPaginated list of all Firewalls. Returns populated Firewalls. |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/firewalls/firewall-sections
(Experimental)
(Deprecated)
|
Read FirewallRead a Firewall and the complete tree underneath. Returns the populated Firewall object. |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/firewalls/firewall-sections/<firewall-section-id>
(Experimental)
(Deprecated)
|
List NS GroupsPaginated list of all NSGroups. Returns populated NSGroups. |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/groups/nsgroups
(Experimental)
(Deprecated)
|
Read GroupRead a NSGroup and the complete tree underneath. Returns the populated NSgroup object. |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/groups/nsgroups/<nsgroup-name>
(Experimental)
(Deprecated)
|
List Security GroupsPaginated list of all Security Groups. Returns populated Security Groups. |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/groups/securitygroups
(Experimental)
(Deprecated)
|
Read GroupRead a Security Group and the complete tree underneath. Returns the populated Security Group object. |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/groups/securitygroups/<securitygroup-name>
(Experimental)
(Deprecated)
|
List IPSetsPaginated list of all Realized IPSets |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/ip-sets/ip-sets-nsxt
(Experimental)
(Deprecated)
|
Read IPSet Realized stateRead an IPSet |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/ip-sets/ip-sets-nsxt/<ip-set-name>
(Experimental)
(Deprecated)
|
List MACSetsPaginated list of all Realized MACSets |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/mac-sets/mac-sets-nsxt
(Experimental)
(Deprecated)
|
Read MACSet Realized stateRead an MACSet |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/mac-sets/mac-sets-nsxt/<mac-set-name>
(Experimental)
(Deprecated)
|
List Realized NSServicesPaginated list of all Realized NSService. |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/services/nsservices
(Experimental)
(Deprecated)
|
Read NSServiceRead a NSService. |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/services/nsservices/<nsservice-name>
(Experimental)
(Deprecated)
|
Listing of VIFs on the NSX ManagerThis API lists VIFs from the specified NSX Manager. |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/vifs
|
Listing of Virtual machines on the NSX ManagerThis API filters objects of type virtual machines from the specified NSX Manager. This API has been deprecated. Please use the new API GET /infra/realized-state/virtual-machines |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/virtual-machines
(Deprecated)
|
Apply tags on virtual machineAllows an admin to apply multiple tags to a virtual machine. This operation does not store the intent on the policy side. It applies the tag directly on the specified enforcement point. This operation will replace the existing tags on the virtual machine with the ones that have been passed. If the application of tag fails on the enforcement point, then an error is reported. The admin will have to retry the operation again. Policy framework does not perform a retry. Failure could occur due to multiple reasons. For e.g enforcement point is down, Enforcement point could not apply the tag due to constraints like max tags limit exceeded, etc. |
POST /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/virtual-machines?action=update_tags
|
Read the details of a virtual machine on the NSX ManagerThis API return optional details about a virtual machines (e.g. user login session) from the specified enforcement point. In case of NSXT, virtual-machine-id would be the value of the external_id of the virtual machine. |
GET /policy/api/v1/infra/realized-state/enforcement-points/<enforcement-point-name>/virtual-machines/<virtual-machine-id>/details
|
Get list of realized objects associated with intent objectGet list of realized entities associated with intent object, specified by path in query parameter |
GET /policy/api/v1/infra/realized-state/realized-entities
|
Get realized entity uniquely identified by realized pathGet realized entity uniquely identified by realized path, specified by query parameter |
GET /policy/api/v1/infra/realized-state/realized-entity
|
Refresh all realized entities associated with the intent-pathRefresh the status and statistics of all realized entities associated with given intent path synchronously. The vmw-async: True HTTP header cannot be used with this API. |
POST /policy/api/v1/infra/realized-state/realized-entity?action=refresh
|
Get consolidated status of an intent objectGet Consolidated Status of an intent object (with or without enforcement specific status details). The request is evaluated as follows: - enforcement point specific details. - the given intent with enforcement point specific details. |
GET /policy/api/v1/infra/realized-state/status
|
List all virtual machines which are not part of any groupThis API filters objects of type virtual machine which are not part of any group. This API also gives some VM details such as VM name, IDs and the current state of the VMs. |
GET /policy/api/v1/infra/realized-state/unassociated-virtual-machines
|
List all virtual machinesThis API filters objects of type virtual machine. This API also gives some VM details such as VM name, IDs and the current state of the VMs. |
GET /policy/api/v1/infra/realized-state/virtual-machines
|
List SitesList Sites under Infra. |
GET /policy/api/v1/infra/sites
GET /policy/api/v1/global-infra/sites |
Delete a siteDelete a site under Infra. |
DELETE /policy/api/v1/infra/sites/<site-id>
|
Read a siteRead a site under Infra. |
GET /policy/api/v1/infra/sites/<site-id>
GET /policy/api/v1/global-infra/sites/<site-id> |
Create or patch SiteCreate or patch Site under Infra. |
PATCH /policy/api/v1/infra/sites/<site-id>
|
Create or fully replace a Site under infraCreate or fully replace a Site under Infra. Revision is optional for creation and required for update. |
PUT /policy/api/v1/infra/sites/<site-id>
|
List enforcementpoints under SitePaginated list of all enforcementpoints under Site. |
GET /policy/api/v1/infra/sites/<site-id>/enforcement-points
GET /policy/api/v1/global-infra/sites/<site-id>/enforcement-points |
Full sync EnforcementPoint from SiteFull sync EnforcementPoint from Site |
POST /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>?action=full-sync
|
Delete EnforcementPoint from SiteDelete EnforcementPoint from Site |
DELETE /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>
|
Read an Enforcement Point under Infra/SiteRead an Enforcement Point under Infra/Site |
GET /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>
GET /policy/api/v1/global-infra/sites/<site-id>/enforcement-points/<enforcementpoint-id> |
Patch a new Enforcement Point under SiteIf the passed Enforcement Point does not already exist, create a new Enforcement Point. If it already exists, patch it. |
PATCH /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>
|
Reload an Enforcement Point under SiteReload an Enforcement Point under Site. This will read and update fabric configs from enforcement point. |
POST /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>?action=reload
|
Create/update a new Enforcement Point under SiteIf the passed Enforcement Point does not already exist, create a new Enforcement Point. If it already exists, replace it. |
PUT /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>
|
List Edge Clusters under an Enforcement PointPaginated list of all Edge Clusters under an Enforcement Point |
GET /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/edge-clusters
GET /policy/api/v1/global-infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/edge-clusters |
Read a Edge Cluster under an Enforcement PointRead a Edge Cluster under an Enforcement Point |
GET /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/edge-clusters/<edge-cluster-id>
GET /policy/api/v1/global-infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/edge-clusters/<edge-cluster-id> |
List Edge Nodes under an Enforcement Point, Edge ClusterPaginated list of all Edge Nodes under an Enforcement Point, Edge Cluster |
GET /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/edge-clusters/<edge-cluster-id>/edge-nodes
GET /policy/api/v1/global-infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/edge-clusters/<edge-cluster-id>/edge-nodes |
Read a Edge Node under an Enforcement Point, Edge ClusterRead a Edge Node under an Enforcement Point, Edge Cluster |
GET /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/edge-clusters/<edge-cluster-id>/edge-nodes/<edge-node-id>
GET /policy/api/v1/global-infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/edge-clusters/<edge-cluster-id>/edge-nodes/<edge-node-id> |
List Transport Zones under an Enforcement PointPaginated list of all Transport Zones under an Enforcement Point |
GET /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/transport-zones
GET /policy/api/v1/global-infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/transport-zones |
Read a Transport Zone under an Enforcement PointRead a Transport Zone under an Enforcement Point |
GET /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/transport-zones/<transport-zone-id>
GET /policy/api/v1/global-infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/transport-zones/<transport-zone-id> |
Returns the certificate of the listenerConnects to the given IP and port, and, if an SSL listener is present, returns the certificate of the listener. Intent of this API is "Do you trust this certificate?". |
GET /policy/api/v1/infra/sites/listener_certificate
GET /policy/api/v1/global-infra/sites/listener_certificate |
List all unique tags.Returns paginated list of all unique tags. Supports filtering by scope, tag and source from which tags are synched. Supports starts with, equals and contains operators on scope and tag values. To filter tags by starts with on scope or tag, use '*' as prefix before the value. To filter tags by ends with on scope or tag, use '*' as suffix after the value. To filter tags by contain on scope or tag, use '*' as prefix and suffix on the value. Below special characters in the filter value needs to be escaped with hex values. - Character '&' needs to be escaped as '%26' - Character '[' needs to be escaped as '%5B' - Character ']' needs to be escaped as '%5D' - Character '+' needs to be escaped as '%2B' - Character '#' needs to be escaped as '%23' |
GET /policy/api/v1/infra/tags
GET /policy/api/v1/global-infra/tags |
List all objects assigned with matching scope and tag valuesPaginated list of all objects assigned with matching scope and tag values. Objects are represented in form of resource reference. |
GET /policy/api/v1/infra/tags/effective-resources
GET /policy/api/v1/global-infra/tags/effective-resources |
Get details of tag bulk operation requestGet details of tag bulk operation request with which tag is applied or removed on virtual machines. |
GET /policy/api/v1/infra/tags/tag-operations/<operation-id>
GET /policy/api/v1/global-infra/tags/tag-operations/<operation-id> |
Assign or Unassign tag on multiple Virtual Machines.Tag can be assigned or unassigned on multiple objects. Supported object type is restricted to Virtual Machine for now and support for other objects will be added later. Permissions for tag bulk operation would be similar to virtual machine tag permissions. |
PUT /policy/api/v1/infra/tags/tag-operations/<operation-id>
|
Get status of tag bulk operationGet status of tag bulk operation with details of tag operation on each virtual machine. |
GET /policy/api/v1/infra/tags/tag-operations/<operation-id>/status
GET /policy/api/v1/global-infra/tags/tag-operations/<operation-id>/status |