NSX Autonomous Edge REST API

Associated URIs:

API Description API Path

Read node properties


Returns information about the NSX appliance. Information includes
release number, time zone, system time, kernel version, message of the day
(motd), and host name.
GET /node

Set the node system time


Set the node system time to the given time in UTC in the RFC3339 format
'yyyy-mm-ddThh:mm:ssZ'.
POST /node?action=set_system_time

Restart or shutdown node


Restarts or shuts down the NSX appliance.
POST /node?action=restart
POST /node?action=shutdown

Update node properties


Modifies NSX appliance properties. Modifiable properties include the
timezone, message of the day (motd), and hostname. The NSX appliance
node_version, system_time, and kernel_version are read only and cannot be
modified with this method.
PUT /node

Read node authentication policy and password complexity configuration


Returns information about the currently configured authentication policies and password complexity
on the node.
GET /node/aaa/auth-policy

Resets node authentication policy and password complexity configuration


Resets to default, currently configured authentication policy and password complexity on the node.
Administrators need to enforce password change for existing user accounts
in order to match newly configured complexity requirements in system.

reset-all: resets configured Authentication policy and Password complexity


reset-auth-policies: resets only configured Authentication policy

includes - {api_failed_auth_lockout_period, api_failed_auth_reset_period,
api_max_auth_failures, cli_failed_auth_lockout_period, cli_max_auth_failures}


reset-pwd-complexity: resets only configured Password complexity


POST /node/aaa/auth-policy?action=reset-all
POST /node/aaa/auth-policy?action=reset-auth-policies
POST /node/aaa/auth-policy?action=reset-pwd-complexity

Update node authentication policy and password complexity configuration


Update the currently configured authentication policy and password complexity on the node.
If any of api_max_auth_failures, api_failed_auth_reset_period, or
api_failed_auth_lockout_period are modified, the http service is
automatically restarted.
Whereas change in any password complexity will not be applicable on already configured
user passwords. Administrators need to enforce password change for existing user accounts
in order to match newly configured complexity requirements enforced in system.
All values from AuthenticationPolicyProperties are in sync among the management cluster nodes.
PUT /node/aaa/auth-policy

Read api certificate properties


GET /node/api-certificate

Update api certificate properties


POST /node/api-certificate

Read edge config diagnosis


GET /node/diagnosis

Read edge diagnosis inconsistency


GET /node/diagnosis/inconsistency

Delete directory in remote file server


Delete a directory or file on the remote server.
When remote directory is specified for deletion,
it removes all of files and sub-directories residing
within the specified remote directory for deletion.
Supports only SFTP. You must provide the remote server's SSH fingerprint.
See the NSX Administration Guide for information and instructions
about finding the SSH fingerprint.
DELETE /node/file-store?action=delete_remote_directory

List node files


GET /node/file-store

Retrieve ssh fingerprint for given remote server


Retrieve ssh fingerprint for a given remote server and port.
POST /node/file-store?action=retrieve_ssh_fingerprint

Create directory in remote file server


Create a directory on the remote remote server. Supports only SFTP.
You must provide the remote server's SSH fingerprint. See the
NSX Administration Guide for information and instructions
about finding the SSH fingerprint.
POST /node/file-store?action=create_remote_directory

Delete file


DELETE /node/file-store/{file-name}

Read file properties


GET /node/file-store/{file-name}

Copy file in the file store to a remote file store


Copy a file in the file store to a remote server. If you use scp or
sftp, you must provide the remote server's SSH fingerprint. See the
NSX-T Administration Guide for information and instructions
about finding the SSH fingerprint.
POST /node/file-store/{file-name}?action=copy_to_remote_file

Copy a remote file to the file store


Copy a remote file to the file store. If you use scp or sftp,
you must provide the remote server's SSH fingerprint. See the
NSX-T Administration Guide for information and instructions
about finding the SSH fingerprint.
POST /node/file-store/{file-name}?action=copy_from_remote_file

Upload a file to the file store


When you issue this API, the client must specify:
- HTTP header Content-Type:application/octet-stream.
- Request body with the contents of the file in the filestore.
In the CLI, you can view the filestore with the get files command.
POST /node/file-store/{file-name}

Read file contents


GET /node/file-store/{file-name}/data

Replace file contents


PUT /node/file-store/{file-name}/data

Read file thumbprint


GET /node/file-store/{file-name}/thumbprint

Gets the enable status for Mandatory Access Control


GET /node/hardening-policy/mandatory-access-control

Enable or disable Mandatory Access Control


PUT /node/hardening-policy/mandatory-access-control

Get the report for Mandatory Access Control


GET /node/hardening-policy/mandatory-access-control/report

Logical-router diagnosis


Returns information of specified logical-router configured on edge.
GET /node/logical-routers/{logical-router-id}/diagnosis

Logical-routers diagnosis


Returns information of all logical-routers or specified type of
logical-routers configured on edge.
GET /node/logical-routers/diagnosis

List available node logs


Returns the number of log files and lists the log files that reside on the
NSX virtual appliance. The list includes the filename, file size,
and last-modified time in milliseconds since epoch (1 January 1970) for each
log file. Knowing the last-modified time with millisecond accuracy since
epoch is helpful when you are comparing two times, such as the time of a
POST request and the end time on a server.
GET /node/logs

Read node log properties


For a single specified log file, lists the filename, file size, and
last-modified time.
GET /node/logs/{log-name}

Read node log contents


For a single specified log file, returns the content of the log file.
This method supports byte-range requests. To request just a portion of a
log file, supply an HTTP Range header, e.g. "Range: bytes=<start>-<end>".
<end> is optional, and, if omitted, the file contents from start to the
end of the file are returned.'
GET /node/logs/{log-name}/data

Get Edge maintenance mode


GET /node/maintenance-mode

Set Edge maintenance mode


PUT /node/maintenance-mode

Read node message of the day


Returns the message of the day (motd) text.
GET /node/motd

Read network configuration properties


GET /node/network

List the Node's Network Interfaces


Returns the number of interfaces on the node appliance and detailed
information about each interface. Interface information includes MTU,
broadcast and host IP addresses, link and admin status, MAC address, network
mask, and the IP configuration method (static or DHCP).
GET /node/network/interfaces

Read the Node's Network Interface


Returns detailed information about the specified interface. Interface
information includes MTU, broadcast and host IP addresses, link and admin
status, MAC address, network mask, and the IP configuration method.
GET /node/network/interfaces/{interface-id}

Update the Node's Network Interface


Updates the specified interface properties. You cannot change the properties
ip_configuration, ip_addresses, or plane.
NSX Manager must have a static IP address. You must use NSX CLI to configure a
controller or an edge node.
Note: NSX manager reboot is required after adding IPv6 address.
PUT /node/network/interfaces/{interface-id}

Read the Node's Network Interface Statistics


On the specified interface, returns the number of received (rx), transmitted
(tx), and dropped packets; the number of bytes and errors received and
transmitted on the interface; and the number of detected collisions.
GET /node/network/interfaces/{interface-id}/stats

Read the Node's Name Servers


Returns the list of servers that the node uses to look up IP
addresses associated with given domain names.
GET /node/network/name-servers

Update the Node's Name Servers


Modifies the list of servers that the node uses to look up IP
addresses associated with given domain names. If DHCP is configured, this
method returns a 409 CONFLICT error, because DHCP manages the list of name
servers.
PUT /node/network/name-servers

List node network routes


Returns detailed information about each route in the node routing table.
Routes can be of any type i.e. IPv4 or IPv6 or both. Route information
includes the route ipv6 flag (True or False), route type (default, static,
and so on), a unique route identifier, the route metric, the protocol from
which the route was learned, the route source (which is the preferred egress
interface), the route destination, and the route scope. If ipv6 flag is True
then route information is for IPv6 route else for IPv4 route. The route scope
refers to the distance to the destination network: The "host" scope leads to
a destination address on the node, such as a loopback address; the "link" scope
leads to a destination on the local network; and the "global" scope leads to
addresses that are more than one hop away.
GET /node/network/routes

Create node network route


Add a route to the node routing table. For static routes, the
route_type, interface_id, netmask, and destination are required parameters.
For default routes, the route_type, gateway address, and interface_id
are required. For blackhole routes, the route_type and destination are
required. All other parameters are optional. When you add a static route,
the scope and route_id are created automatically. When you add a default or
blackhole route, the route_id is created automatically. The route_id is
read-only, meaning that it cannot be modified. All other properties can be
modified by deleting and readding the route.
POST /node/network/routes

Delete node network route


Delete a route from the node routing table. You can modify an
existing route by deleting it and then posting the modified version of the
route. To verify, remove the route ID from the URI, issue a GET request, and
note the absense of the deleted route.
DELETE /node/network/routes/{route-id}

Read node network route


Returns detailed information about a specified route in the node
routing table.
GET /node/network/routes/{route-id}

Read the Node's Search Domains


Returns the domain list that the node uses to complete
unqualified host names. When a host name does not include a fully
qualified domain name (FQDN), the NSX Management node appends the
first-listed domain name to the host name before the host name is looked
up. The NSX Management node continues this for each entry in the domain
list until it finds a match.
GET /node/network/search-domains

Update the Node's Search Domains


Modifies the list of domain names that the node uses to complete
unqualified host names. If DHCP is configured, this method returns
a 409 CONFLICT error, because DHCP manages the list of name servers.
PUT /node/network/search-domains

List node processes


Returns the number of processes and information about each
process. Process information includes 1) mem_resident, which is roughly
equivalent to the amount of RAM, in bytes, currently used by the process,
2) parent process ID (ppid), 3) process name, 4) process up time in milliseconds,
5) mem_used, wich is the amount of virtual memory used by the process, in
bytes, 6) process start time, in milliseconds since epoch, 7) process ID
(pid), 8) CPU time, both user and the system, consumed by the process in
milliseconds.
GET /node/processes

Read node process


Returns information for a specified process ID (pid).
GET /node/processes/{process-id}

List node services


Returns a list of all services available on the node applicance.
GET /node/services

Read NSX EdgeDatapath service properties


GET /node/services/dataplane

Restart, start or stop the NSX EdgeDatapath service


POST /node/services/dataplane?action=restart
POST /node/services/dataplane?action=start
POST /node/services/dataplane?action=stop

Update NSX Edge Datapath service properties


PUT /node/services/dataplane

Get NSX Edge dataplane cpu stats


GET /node/services/dataplane/cpu-stats

Update NSX Edge dataplane control packets prioritization setting


Enable or disable NSX Edge dataplane control packets prioritization.
Dataplane service must be restarted for the change to take effect.
PUT /node/services/dataplane/ctrl-prio

Get NSX Edge dataplane flow cache setting


GET /node/services/dataplane/flow-cache

Update NSX Edge dataplane flow cache setting


Enable or disable NSX Edge dataplane flow cache. Dataplane service must be
restarted for the change to take effect.
PUT /node/services/dataplane/flow-cache

Return top 10 flows information


Run flow monitor for timeout seconds for all or certain CPU core(s)
and return top 10 flows.
GET /node/services/dataplane/flow-mon

Start NSX Edge dataplane flow monitor


Starts NSX Edge dataplane flow monitor on all or certain CPU core(s) with a timeout.
Stops flow monitor after timeout and dumps the flow file on local file store
on edge. If top_10 argument is set to true top 10 flows are collected,
else all flows are collected.
PUT /node/services/dataplane/flow-mon

Update NSX Edge dataplane interrupt mode setting


Enable or disable NSX Edge dataplane interrupt mode.
Dataplane service must be restarted for the change to take effect.
PUT /node/services/dataplane/intr-mode

Get NSX Edge dataplane l2vpn pmtu message generation setting


GET /node/services/dataplane/l2vpn-pmtu

Update NSX Edge dataplane l2vpn pmtu message generation setting


Enable or disable NSX Edge dataplane pmtu cache in l2vpn.
PUT /node/services/dataplane/l2vpn-pmtu

Depreciated. Please use /node/services/dataplane/pmtu-learning


GET /node/services/dataplane/l3vpn-pmtu (Deprecated)

Depreciated. Please use /node/services/dataplane/pmtu-learning


PUT /node/services/dataplane/l3vpn-pmtu (Deprecated)

Get NSX Edge dataplane pmtu learning setting


GET /node/services/dataplane/pmtu-learning

Update NSX Edge dataplane pmtu learning setting


Enable or disable NSX Edge dataplane pmtu learning
PUT /node/services/dataplane/pmtu-learning

Update NSX Edge dataplane QAT feature enabled status


Enable or disable NSX Edge dataplane QAT feature. Dataplane service must be
restarted for the change to take effect.
PUT /node/services/dataplane/qat-enable

Get NSX Edge dataplane QAT setting


GET /node/services/dataplane/qat-status

Get NSX Edge rx and tx queue number per port per core


Get NSX Edge rx and tx queue number per port per core.
GET /node/services/dataplane/queue-num-per-port-per-core

Set NSX Edge rx and tx queue number per port per core


Set NSX Edge rx and tx queue number per port per core.
Dataplane service must be restarted for the change to take effect.
PUT /node/services/dataplane/queue-num-per-port-per-core

Return rx/tx ring size information


GET /node/services/dataplane/ring-size

Set NSX Edge rx ring size for physical ports


Set NSX Edge rx ring size for physical ports.
Dataplane service must be restarted for the change to take effect.
PUT /node/services/dataplane/rx-ring-size

Read NSX EdgeDatapath service status


GET /node/services/dataplane/status

Set NSX Edge tx ring size for physical ports


Set NSX Edge tx ring size for physical ports.
Dataplane service must be restarted for the change to take effect.
PUT /node/services/dataplane/tx-ring-size

Check UPT mode enabled status of NSX Edge dataplane


Check current status of NSX Edge dataplane UPT mode.
GET /node/services/dataplane/upt-mode

Read NSX Edge Docker service properties


Read the Docker service process properties from Edge.
GET /node/services/docker

Read NSX Edge Docker service status


Checks the status of dockerd process on the Edge.
If dockerd process is running, returns "running",
returns "stopped" otherwise.
GET /node/services/docker/status

Read NSX Edge Ipsec VPN service properties


Read the IPsec VPN service process properties from Edge.
GET /node/services/ipsecvpn

Update NSX Edge Ipsec VPN service properties


PUT /node/services/ipsecvpn

Read NSX Edge Ipsec VPN service status


Checks the status of iked process on the Edge.
If iked process is running, returns "running",
returns "stopped" otherwise.
GET /node/services/ipsecvpn/status

Read liagent service properties


GET /node/services/liagent

Restart, start or stop the liagent service


POST /node/services/liagent?action=restart
POST /node/services/liagent?action=start
POST /node/services/liagent?action=stop

Read liagent service status


GET /node/services/liagent/status

Read NSX Edge NSXA service properties


GET /node/services/local-controller

Restart, start or stop the NSX EdgeNSXA service


POST /node/services/local-controller?action=restart
POST /node/services/local-controller?action=start
POST /node/services/local-controller?action=stop

Update NSX Edge NSXA service properties


PUT /node/services/local-controller

Read NSX EdgeNSXA service status


GET /node/services/local-controller/status

Read NSX Nestdb service properties


GET /node/services/nestdb

Restart, start or stop the NSX Nestdb service


POST /node/services/nestdb?action=restart
POST /node/services/nestdb?action=start
POST /node/services/nestdb?action=stop

Read NSX Nestdb service status


GET /node/services/nestdb/status

Read appliance management service properties


GET /node/services/node-mgmt

Restart the node management service


POST /node/services/node-mgmt?action=restart

Retrieve Node Management loglevel


GET /node/services/node-mgmt/loglevel

Set Node Management loglevel


PUT /node/services/node-mgmt/loglevel

Read appliance management service status


GET /node/services/node-mgmt/status

Read NSX Platform Client service properties


GET /node/services/nsx-platform-client

Restart, start or stop the NSX Platform Client service


POST /node/services/nsx-platform-client?action=restart
POST /node/services/nsx-platform-client?action=start
POST /node/services/nsx-platform-client?action=stop

Read NSX Platform Client service status


GET /node/services/nsx-platform-client/status

Read NSX upgrade Agent service properties


GET /node/services/nsx-upgrade-agent

Restart, start or stop the NSX upgrade agent service


POST /node/services/nsx-upgrade-agent?action=restart
POST /node/services/nsx-upgrade-agent?action=start
POST /node/services/nsx-upgrade-agent?action=stop

Read Nsx upgrade agent service status


GET /node/services/nsx-upgrade-agent/status

Read NTP service properties


GET /node/services/ntp

Restart, start or stop the NTP service


POST /node/services/ntp?action=restart
POST /node/services/ntp?action=start
POST /node/services/ntp?action=stop

Update NTP service properties


PUT /node/services/ntp

Read NTP service status


GET /node/services/ntp/status

Read NSX Edge Replica Agent service properties


GET /node/services/replica-agent

Restart, start or stop the NSX Edge Replica Agent service


POST /node/services/replica-agent?action=restart
POST /node/services/replica-agent?action=start
POST /node/services/replica-agent?action=stop

Read NSX Autonomous Edge Replica Agent client status from the seconday node


GET /node/services/replica-agent/client/status

Read NSX Edge Replica Agent service status


GET /node/services/replica-agent/status

Read NSX EdgeMSR service properties


GET /node/services/router

Read NSX EdgeMSRConfig service properties


GET /node/services/router-config

Read NSX EdgeMSRConfig service status


GET /node/services/router-config/status

Read NSX EdgeMSR service status


GET /node/services/router/status

Read SNMP service properties


Read SNMP service properties.
GET /node/services/snmp

Restart, start or stop the SNMP service


POST /node/services/snmp?action=restart
POST /node/services/snmp?action=start
POST /node/services/snmp?action=stop

Update SNMP service properties


Update SNMP service properties.
PUT /node/services/snmp

Read SNMP service status


GET /node/services/snmp/status

Read SNMP V3 Engine ID


GET /node/services/snmp/v3-engine-id

Update SNMP V3 Engine ID


PUT /node/services/snmp/v3-engine-id

Read ssh service properties


GET /node/services/ssh

Restart, start or stop the ssh service


POST /node/services/ssh?action=start
POST /node/services/ssh?action=stop
POST /node/services/ssh?action=restart

Remove a host's fingerprint from known hosts file


POST /node/services/ssh?action=remove_host_fingerprint

Update ssh service properties


Update ssh service properties. If the start_on_boot property is updated to true, existing ssh sessions if any are stopped and the ssh service is restarted.
PUT /node/services/ssh

Restart, start or stop the ssh service


POST /node/services/ssh/notify_mpa?action=start
POST /node/services/ssh/notify_mpa?action=stop
POST /node/services/ssh/notify_mpa?action=restart

Read ssh service status


GET /node/services/ssh/status

Read syslog service properties


GET /node/services/syslog

Restart, start or stop the syslog service


POST /node/services/syslog?action=restart
POST /node/services/syslog?action=start
POST /node/services/syslog?action=stop

Delete all node syslog exporters


Removes all syslog exporter rules.
DELETE /node/services/syslog/exporters

List node syslog exporters


Returns the collection of registered syslog exporter rules, if any. The
rules specify the collector IP address and port, and the protocol to use.
GET /node/services/syslog/exporters

Add node syslog exporter


Adds a rule for exporting syslog information to a specified server. The
required parameters are the rule name (exporter_name); severity level
(emerg, alert, crit, and so on); transmission protocol (TCP or UDP); and
server IP address or hostname. The optional parameters are the syslog port
number, which can be 1 through 65,535 (514, by default); facility level to
use when logging messages to syslog (kern, user, mail, and so on); and
message IDs (msgids), which identify the types of messages to export.
POST /node/services/syslog/exporters

Verify node syslog exporter


Collect iptables rules needed for all existing syslog exporters and verify
if the existing iptables rules are the same. If not, remove the stale rules
and add the new rules to make sure all exporters work properly.
POST /node/services/syslog/exporters?action=verify

Delete node syslog exporter


Removes a specified rule from the collection of syslog exporter rules.
DELETE /node/services/syslog/exporters/{exporter-name}

Read node syslog exporter


Returns information about a specific syslog collection point.
GET /node/services/syslog/exporters/{exporter-name}

Read syslog service status


GET /node/services/syslog/status

Read node status


Returns information about the node appliance's file system, CPU,
memory, disk usage, and uptime.
GET /node/status

Update node status


Clear node bootup status
POST /node/status?action=clear_bootup_error

Read node support bundle


GET /node/support-bundle

List appliance management tasks


GET /node/tasks

Delete task


DELETE /node/tasks/{task-id}

Read task properties


GET /node/tasks/{task-id}

Cancel specified task


POST /node/tasks/{task-id}?action=cancel

Read asynchronous task response


GET /node/tasks/{task-id}/response

List node users


Returns the list of users configured to log in to the NSX appliance.
GET /node/users
GET /node/users?internal=true

Delete node user


Delete specified user who is configured to log in to the NSX appliance.
Whereas local users root and administrator are not allowed to be deleted,
but local user audit is deletable on-demand.

Caution, users deleted from following node types cannot be recovered,
kindly plan the removal of user accounts accordingly.


  • Autonomous Edge

  • Cloud Service Manager

  • Edge

  • Public Cloud Gateway


DELETE /node/users/{userid}

Read node user


Returns information about a specified user who is configured to log in to the
NSX appliance. The valid user IDs are: 0, 10000, 10002 or other users managed by administrators.
GET /node/users/{userid}

Update node user


Updates attributes of an existing NSX appliance user. This method
cannot be used to add a new user. Modifiable attributes include the
username, full name of the user, and password. If you specify a password in
a PUT request, it is not returned in the response. Nor is it returned in a
GET request.


The specified password does not meet the following (default) complexity requirements:
- minimum 12 characters in length
- minimum 128 characters in length
- minimum 1 uppercase character
- minimum 1 lowercase character
- minimum 1 numeric character
- minimum 1 special character
- minimum 5 unique characters
- default password complexity rules as enforced by the Linux PAM module


the configured password complexity may vary as per defined Authentication and Password policies,
which shall be available at: [GET]: /api/v1/node/aaa/auth-policy


The valid user IDs are: 0, 10000, 10002 or other users managed by administrators.
Note that invoking this API does not update any user-related properties of
existing objects in the system and does not modify the username field in existing
audit log entries.


PUT /node/users/{userid}

List SSH keys from authorized_keys file for node user


Returns a list of all SSH keys from authorized_keys file for node user
GET /node/users/{userid}/ssh-keys

Remove SSH public key from authorized_keys file for node user


POST /node/users/{userid}/ssh-keys?action=remove_ssh_key

Add SSH public key to authorized_keys file for node user


POST /node/users/{userid}/ssh-keys?action=add_ssh_key

Read node version


GET /node/version