| API Description | API Path |
|---|---|
Read node authentication policy configurationReturns information about the currently configured authentication policies on the node. |
GET /api/v1/transport-nodes/<transport-node-id>/node/aaa/auth-policy
GET /api/v1/node/aaa/auth-policy GET /api/v1/cluster/<cluster-node-id>/node/aaa/auth-policy |
Update node authentication policy configurationUpdate the currently configured authentication policy on the node. If any of api_max_auth_failures, api_failed_auth_reset_period, or api_failed_auth_lockout_period are modified, the http service is automatically restarted. |
PUT /api/v1/transport-nodes/<transport-node-id>/node/aaa/auth-policy
PUT /api/v1/node/aaa/auth-policy PUT /api/v1/cluster/<cluster-node-id>/node/aaa/auth-policy |
List node usersReturns the list of users configured to log in to the NSX appliance. |
GET /api/v1/transport-nodes/<transport-node-id>/node/users
GET /api/v1/cluster/<cluster-node-id>/node/users GET /api/v1/node/users |
Reset a user's own password. Requires current passwordEnables a user to reset their own password. |
POST /api/v1/node/users?action=reset_own_password
POST /api/v1/cluster/<cluster-node-id>/node/users?action=reset_own_password |
Read node userReturns information about a specified user who is configured to log in to the NSX appliance. The valid user IDs are: 0, 10000, 10002. |
GET /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>
GET /api/v1/cluster/<cluster-node-id>/node/users/<userid> GET /api/v1/node/users/<userid> |
Activate a user account with a passwordActivates the account for this user. When an account is successfully activated, the "status" field in the response is "ACTIVE". This API is not supported for userid 0 and userid 10000. |
POST /api/v1/node/users/<userid>?action=activate
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>?action=activate |
Reset a user's password without requiring their current passwordUnlike the PUT version of this call (PUT /node/users/<userid>), this API does not require that the current password for the user be provided. The account of the target user must be "ACTIVE" for the call to succeed. This API only supports user IDs 10002, 10003, and 10004. |
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>?action=reset_password
POST /api/v1/node/users/<userid>?action=reset_password |
Deactivate a user accountDeactivates the account for this user. Deactivating an account is permanent, unlike an account that is temporarily locked because of too many password failures. A deactivated account has to be explicitly activated. When an account is successfully deactivated, the "status" field in the response is "NOT_ACTIVATED". This API is not supported for userid 0 and userid 10000. |
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>?action=deactivate
POST /api/v1/node/users/<userid>?action=deactivate |
Update node userUpdates attributes of an existing NSX appliance user. This method cannot be used to add a new user. Modifiable attributes include the username, full name of the user, and password. If you specify a password in a PUT request, it is not returned in the response. Nor is it returned in a GET request. The specified password does not meet the following complexity requirements: - minimum 12 characters in length - minimum 1 uppercase character - minimum 1 lowercase character - minimum 1 numeric character - minimum 1 special character - minimum 5 unique characters - default password complexity rules as enforced by the Linux PAM module The valid user IDs are: 0, 10000, 10002. Note that invoking this API does not update any user-related properties of existing objects in the system and does not modify the username field in existing audit log entries. |
PUT /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>
PUT /api/v1/cluster/<cluster-node-id>/node/users/<userid> PUT /api/v1/node/users/<userid> |
List SSH keys from authorized_keys file for node userReturns a list of all SSH keys from authorized_keys file for node user |
GET /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>/ssh-keys
GET /api/v1/cluster/<cluster-node-id>/node/users/<userid>/ssh-keys GET /api/v1/node/users/<userid>/ssh-keys |
Remove SSH public key from authorized_keys file for node user |
POST /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>/ssh-keys?action=remove_ssh_key
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>/ssh-keys?action=remove_ssh_key POST /api/v1/node/users/<userid>/ssh-keys?action=remove_ssh_key |
Add SSH public key to authorized_keys file for node user |
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>/ssh-keys?action=add_ssh_key
POST /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>/ssh-keys?action=add_ssh_key POST /api/v1/node/users/<userid>/ssh-keys?action=add_ssh_key |