Policy > Security > Service Insertion

Associated URIs:

API Description API Path

List all Service Definitions registered on given enforcement point.


List all Service Definitions registered on given enforcement point.
GET /policy/api/v1/enforcement-points/<enforcement-point-id>/service-definitions

Create a Service Definition on given enforcement point.


Create a Service Definition on given enforcement point.
POST /policy/api/v1/enforcement-points/<enforcement-point-id>/service-definitions

Delete an existing Service Definition on the given enforcement point


Delete an existing Service Definition on the given enforcement point.
DELETE /policy/api/v1/enforcement-points/<enforcement-point-id>/service-definitions/<service-definition-id>

Read Service Definition with given service-definition-id.


Read Service Definition with given service-definition-id.
GET /policy/api/v1/enforcement-points/<enforcement-point-id>/service-definitions/<service-definition-id>

Update an existing Service Definition on the given enforcement point


Update an existing Service Definition on the given enforcement point.
PUT /policy/api/v1/enforcement-points/<enforcement-point-id>/service-definitions/<service-definition-id>

List redirection policys for a domain


List redirection policys for a domain
GET /policy/api/v1/infra/domains/<domain-id>/redirection-policies

Delete redirection policy


Delete redirection policy.
DELETE /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>

Read redirection policy


Read redirection policy.
GET /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>

Create or update redirection policy


Create or update the redirection policy.
Performance Note: If you want to edit several rules in a redirection policy
use this API. It will perform better than several individual rule APIs.
Just pass all the rules which you wish to edit as embedded rules to it.
PATCH /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>

Create or update redirection policy


Create or update the redirection policy.
Performance Note: If you want to edit several rules in a redirection policy
use this API. It will perform better than several individual rule APIs.
Just pass all the rules which you wish to edit as embedded rules to it.
PUT /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>

List rules


List rules
GET /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>/rules

Delete RedirectionRule


Delete RedirectionRule
DELETE /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>/rules/<rule-id>

Read rule


Read rule
GET /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>/rules/<rule-id>

Update redirection rule


Create a rule with the rule-id is not already present, otherwise update the rule.
Performance Note: If you want to edit several rules in a redirection
policy, prefer below mentioned API for optimal performance.
Pass all the rules which you wish to edit as embedded rules to it.
Use this API - PATCH (or PUT)
/infra/domains/<domain-id>/redirection-policies/<red-policy-id>
PATCH /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>/rules/<rule-id>

Update redirection rule


Create a rule with the rule-id is not already present, otherwise update the rule.
Performance Note: If you want to edit several rules in a redirection
policy,prefer below mentioned API for optimal performance.
Pass all the rules which you wish to edit as embedded rules to it.
Use this API - PATCH (or PUT)
/infra/domains/<domain-id>/redirection-policies/<red-policy-id>
PUT /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>/rules/<rule-id>

List redirection policys


List all redirection policys across all domains ordered by precedence.
GET /policy/api/v1/infra/domains/redirection-policies

Read partner services


Read all the partner services available for service insertion
GET /policy/api/v1/infra/partner-services

Read partner service identified by provided name


Read the specific partner service identified by provided name.
GET /policy/api/v1/infra/partner-services/<service-name>

List service chains


List all the service chains available for service insertion
GET /policy/api/v1/infra/service-chains

Delete Service chain


This API can be user to delete service chain with given service-chain-id.
DELETE /policy/api/v1/infra/service-chains/<service-chain-id>

Read service chain


This API can be used to read service chain with given service-chain-id.
GET /policy/api/v1/infra/service-chains/<service-chain-id>

Create service chain


Create Service chain representing the sequence in which 3rd party
services must be consumed.
PATCH /policy/api/v1/infra/service-chains/<service-chain-id>

Create or update service chain


Create or update Service chain representing the sequence in which 3rd party
services must be consumed.
PUT /policy/api/v1/infra/service-chains/<service-chain-id>

Read service paths for a given service chain


This API can be used to read service paths for a given service-chain-id.
GET /policy/api/v1/infra/service-chains/<service-chain-id>/service-paths

List service references


List all the partner service references available for service insertion
GET /policy/api/v1/infra/service-references

Delete Service Reference


This API can be used to delete a service reference with the given service-reference-id.
DELETE /policy/api/v1/infra/service-references/<service-reference-id>

Read service reference


This API can be used to read service reference with the given service-reference-id.
GET /policy/api/v1/infra/service-references/<service-reference-id>

Create service reference


Create Service Reference representing the intent to consume a given 3rd party
service.
PATCH /policy/api/v1/infra/service-references/<service-reference-id>

Create service reference


Create Service Reference representing the intent to consume a given 3rd party
service.
PUT /policy/api/v1/infra/service-references/<service-reference-id>

List service profiles


List all the service profiles available for given service reference
GET /policy/api/v1/infra/service-references/<service-reference-id>/service-profiles

Delete Service profile


This API can be used to delete service profile with given service-profile-id
DELETE /policy/api/v1/infra/service-references/<service-reference-id>/service-profiles/<service-profile-id>

Read service profile


This API can be used to read service profile with given service-profile-id
GET /policy/api/v1/infra/service-references/<service-reference-id>/service-profiles/<service-profile-id>

Create service profile


Create Service profile to specify vendor template attri- butes for a given 3rd party service.
PATCH /policy/api/v1/infra/service-references/<service-reference-id>/service-profiles/<service-profile-id>

Create or update service profile


Create or update Service profile to specify vendor temp- late attributes for a given 3rd party service.
PUT /policy/api/v1/infra/service-references/<service-reference-id>/service-profiles/<service-profile-id>

Get Groups used in Redirection rules for a given Service Profile.


List of Groups used in Redirection rules for a given Service Profile.
GET /policy/api/v1/infra/service-references/<service-reference-id>/service-profiles/<service-profile-id>/group-associations

List all service chain mappings for given service profile.


List all service chain mappings in the system for the given service profile.
If no explicit enforcement point is provided in the request, will return for
default. Else, will return for specified points.
GET /policy/api/v1/infra/service-references/<service-reference-id>/service-profiles/<service-profile-id>/service-chain-mappings

Additional API to read service insertion exclude list without filtering out the system owned members


Read exclude list for service insertion
GET /policy/api/v1/infra/settings/service-insertion/security/exclude-list?system_owned=true

Default API to read service insertion exclude list with system owned members filtered out


Read exclude list for service insertion
GET /policy/api/v1/infra/settings/service-insertion/security/exclude-list

Patch service insertion exclusion list for security policy


Patch service insertion exclusion list for security policy.
PATCH /policy/api/v1/infra/settings/service-insertion/security/exclude-list

Update service insertion exclusion list


Update the exclusion list for service insertion policy
PUT /policy/api/v1/infra/settings/service-insertion/security/exclude-list

Get service insertion configuration status


Get the current service insertion status configuration.
GET /policy/api/v1/infra/settings/service-insertion/security/status

Update service insertion status configuration


Update service insertion status.
PATCH /policy/api/v1/infra/settings/service-insertion/security/status

Update service insertion status configuration


Update service insertion status.
PUT /policy/api/v1/infra/settings/service-insertion/security/status

Read all BYOD service instance objects under a tier-0


Read all BYOD service instance objects under a tier-0
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/byod-service-instances

Delete BYOD policy service instance


Delete BYOD policy service instance
DELETE /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>

Read BYOD service instance


Read BYOD service instance
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>

Create BYOD service instance


Create BYOD Service Instance which represent instance of service definition created on manager.
PATCH /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>

Create BYOD service instance


Create BYOD Service Instance which represent instance of service definition created on manager.
PUT /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>

List all service instance endpoint


List all service instance endpoint
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>/service-instance-endpoints

Delete service instance endpoint


Delete service instance endpoint
DELETE /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>/service-instance-endpoints/<service-instance-endpoint-id>

Read service instance endpoint


Read service instance endpoint
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>/service-instance-endpoints/<service-instance-endpoint-id>

Create service instance endpoint


Create Service instance endpoint.
PATCH /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>/service-instance-endpoints/<service-instance-endpoint-id>

Create service instance endpoint


Create service instance endpoint with given request if not exist.
Modification of service instance endpoint is not allowed.
PUT /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>/service-instance-endpoints/<service-instance-endpoint-id>

List all virtual endpoints


List all virtual endpoints
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/endpoints/virtual-endpoints

Delete virtual endpoint


Delete virtual endpoint
DELETE /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/endpoints/virtual-endpoints/<virtual-endpoint-id>

Read virtual endpoint


Read virtual endpoint with given id under given Tier0.
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/endpoints/virtual-endpoints/<virtual-endpoint-id>

Create or update virtual endpoint


Create or update virtual endpoint.
PATCH /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/endpoints/virtual-endpoints/<virtual-endpoint-id>

Create or update virtual endpoint


Create or update virtual endpoint.
PUT /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/endpoints/virtual-endpoints/<virtual-endpoint-id>

Read all service instance objects under a tier-0


Read all service instance objects under a tier-0
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/service-instances

Delete policy service instance


Delete policy service instance
DELETE /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/service-instances/<service-instance-id>

Read service instance


Read service instance
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/service-instances/<service-instance-id>

Create service instance


Create Service Instance.
Please note that, only display_name, description and deployment_spec_name
are allowed to be modified in an exisiting entity. If the deployment spec
name is changed, it will trigger the upgrade operation for the SVMs.
PATCH /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/service-instances/<service-instance-id>

Create service instance


Create service instance.
Please note that, only display_name, description and deployment_spec_name
are allowed to be modified in an exisiting entity. If the deployment spec
name is changed, it will trigger the upgrade operation for the SVMs.
PUT /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/service-instances/<service-instance-id>

Get statistics for all runtimes associated with this PolicyServiceInstance


Get statistics for all data NICs on all runtimes associated with this PolicyServiceInstance.
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/service-instances/<service-instance-id>/statistics

Read all Tier1 BYOD service instance objects under a tier-1


Read all Tier1 BYOD service instance objects under a tier-1
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/byod-service-instances

Delete BYOD policy service instance


Delete BYOD policy service instance
DELETE /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>

Read Tier1 BYOD service instance


Read Tier1 BYOD service instance
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>

Create Tier1 BYOD service instance


Create Tier1 BYOD Service Instance which represents instance of service definition created on manager.
PATCH /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>

Create Tier1 BYOD service instance


Create Tier1 BYOD Service Instance which represent instance of service definition created on manager.
PUT /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>

List all Tier1 service instance endpoint


List all Tier1 service instance endpoint
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>/service-instance-endpoints

Delete Tier1 service instance endpoint


Delete Tier1 service instance endpoint
DELETE /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>/service-instance-endpoints/<service-instance-endpoint-id>

Read Tier1 service instance endpoint


Read Tier1 service instance endpoint
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>/service-instance-endpoints/<service-instance-endpoint-id>

Create Tier1 service instance endpoint


Create Tier1 Service instance endpoint.
PATCH /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>/service-instance-endpoints/<service-instance-endpoint-id>

Create Tier1 service instance endpoint


Create Tier1 service instance endpoint with given request if not exist.
Modification of Tier1 service instance endpoint is not allowed.
PUT /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/byod-service-instances/<service-instance-id>/service-instance-endpoints/<service-instance-endpoint-id>

List all virtual endpoints


List all virtual endpoints
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/endpoints/virtual-endpoints

Delete virtual endpoint


Delete virtual endpoint
DELETE /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/endpoints/virtual-endpoints/<virtual-endpoint-id>

Read virtual endpoint


Read virtual endpoint with given id under given Tier1.
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/endpoints/virtual-endpoints/<virtual-endpoint-id>

Create or update virtual endpoint


Create or update virtual endpoint.
PATCH /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/endpoints/virtual-endpoints/<virtual-endpoint-id>

Create or update virtual endpoint


Create or update virtual endpoint.
PUT /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/endpoints/virtual-endpoints/<virtual-endpoint-id>

Read all service instance objects under a tier-1


Read all service instance objects under a tier-1
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/service-instances

Delete Tier1 policy service instance


Delete Tier1 policy service instance
DELETE /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/service-instances/<service-instance-id>

Read Tier1 service instance


Read Tier1 service instance
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/service-instances/<service-instance-id>

Create Tier1 service instance


Create Tier1 Service Instance.
Please note that, only display_name, description and deployment_spec_name
are allowed to be modified in an exisiting entity. If the deployment spec
name is changed, it will trigger the upgrade operation for the SVMs.
PATCH /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/service-instances/<service-instance-id>

Create Tier1 service instance


Create Tier1 service instance.
Please note that, only display_name, description and deployment_spec_name
are allowed to be modified in an exisiting entity. If the deployment spec
name is changed, it will trigger the upgrade operation for the SVMs.
PUT /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/service-instances/<service-instance-id>

Get statistics for all runtimes associated with this Tier1 PolicyServiceInstance


Get statistics for all data NICs on all runtimes associated with this Tier1 PolicyServiceInstance.
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/service-instances/<service-instance-id>/statistics