NSX-T Data Center REST API
Associated URIs:
| API Description | API Path | 
|---|---|
| List gateway policiesList all gateway policies for specified Domain. | GET /policy/api/v1/infra/domains/{domain-id}/gateway-policies GET /policy/api/v1/global-infra/domains/{domain-id}/gateway-policies GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies | 
| Delete GatewayPolicyDelete GatewayPolicy | DELETE /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id} DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id} | 
| Read gateway policyRead gateway policy for a domain. | GET /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id} GET /policy/api/v1/global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id} GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id} | 
| Update gateway policyUpdate the gateway policy for a domain. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a gateway policy use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. | PATCH /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id} PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id} | 
| Revise the positioning of gateway policyThis is used to set a precedence of a gateway policy w.r.t others. | POST /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}?action=revise POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}?action=revise | 
| Update gateway policyUpdate the gateway policy for a domain. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a gateway policy, use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. | PUT /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id} PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id} | 
| List rulesList rules | GET /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules GET /policy/api/v1/global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules | 
| Delete ruleDelete rule | DELETE /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id} DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id} | 
| Read ruleRead rule | GET /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id} GET /policy/api/v1/global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id} GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id} | 
| Update gateway ruleUpdate the gateway rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you want to edit several rules in a gateway policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/domains/<domain-id>/gateway-policies/<gateway-policy-id> Concurrency Note: Concurrent firewall rule creation is not supported under the same Gateway Policy. | PATCH /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id} PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id} | 
| Revise the positioning of gateway ruleThis is used to re-order a gateway rule within a gateway policy. | POST /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id}?action=revise POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id}?action=revise | 
| Update gateway ruleUpdate the gateway rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you want to edit several rules in a gateway policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/domains/<domain-id>/gateway-policies/<gateway-policy-id> Concurrency Note: Concurrent firewall rule creation is not supported under the same Gateway Policy. | PUT /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id} PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id} | 
| Get gateway rule statisticsGet statistics of a gateway rule. - no enforcement point path specified: Stats will be evaluated on each enforcement. point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. | GET /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id}/statistics GET /policy/api/v1/global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id}/statistics GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id}/statistics | 
| Get gateway policy statisticsGet statistics of a gateay policy. - no enforcement point path specified: Stats will be evaluated on each enforcement. point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. | GET /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/statistics GET /policy/api/v1/global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/statistics GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/statistics | 
| Get the list of gateway firewall dependent servicesGet the list of gateway firewall dependent services | GET /policy/api/v1/infra/settings/firewall/gateway/dependent-services | 
| Delete FqdnAnalysisConfigDelete FqdnAnalysisConfig from the passed edge cluser node. | DELETE /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}/edge-clusters/{edge-cluster-id}/fqdn-analysis-config | 
| Get FqdnAnalysisConfigGets a FqdnAnalysisConfig. This returns the details of the config like whether the FQDN Analysis is activated or deactivated for the given edge cluster. | GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}/edge-clusters/{edge-cluster-id}/fqdn-analysis-config | 
| Create or Update FqdnAnalysisConfigCreates/Updates a FqdnAnalysisConfig object. If FqdnAnalysisConfig object does not exists for the passed edge-cluster node, create a new FqdnAnalysisConfig object. If it already exists, patch it. | PATCH /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}/edge-clusters/{edge-cluster-id}/fqdn-analysis-config | 
| Create or Update FqdnAnalysisConfigCreates/Updates FqdnAnalysisConfig Object for the given edge cluster. If FqdnAnalysisConfig object is not already present, creates it. If it already exists, replace with this object. | PUT /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}/edge-clusters/{edge-cluster-id}/fqdn-analysis-config | 
| Delete PolicyUrlCategorizationConfigDelete PolicyUrlCategorizationConfig. If deleted, the URL categorization will be deactivated for that edge cluster. | DELETE /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}/edge-clusters/{edge-cluster-id}/url-categorization-configs/{url-categorization-config-id} | 
| Get PolicyUrlCategorizationConfigGets a PolicyUrlCategorizationConfig. This returns the details of the config like whether the URL categorization is activated or deactivated, the id of the context profiles which are used to filter the categories, and the update frequency of the data from the cloud. | GET /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}/edge-clusters/{edge-cluster-id}/url-categorization-configs/{url-categorization-config-id} | 
| Create or Update PolicyUrlCategorizationConfigCreates/Updates a PolicyUrlCategorizationConfig. Creating or updating the PolicyUrlCategorizationConfig will activate or deactivate URL categorization for the given edge cluster. If the context_profiles field is empty, the edge cluster will detect all the categories of URLs. If context_profiles field has any context profiles, the edge cluster will detect only the categories listed within those context profiles. The context profiles should have attribute type URL_CATEGORY. The update_frequency specifies how frequently in minutes, the edge cluster will get updates about the URL data from the URL categorization cloud service. If the update_frequency is not specified, the default update frequency will be 30 min. | PATCH /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}/edge-clusters/{edge-cluster-id}/url-categorization-configs/{url-categorization-config-id} | 
| Create or Update PolicyUrlCategorizationConfigCreates/Updates a PolicyUrlCategorizationConfig. Creating or updating the PolicyUrlCategorizationConfig will activate or deactivate URL categorization for the given edge cluster. If the context_profiles field is empty, the edge cluster will detect all the categories of URLs. If context_profiles field has any context profiles, the edge cluster will detect only the categories listed within those context profiles. The context profiles should have attribute type URL_CATEGORY. The update_frequency specifies how frequently in minutes, the edge cluster will get updates about the URL data from the URL categorization cloud service. If the update_frequency is not specified, the default update frequency will be 30 min. | PUT /policy/api/v1/infra/sites/{site-id}/enforcement-points/{enforcement-point-id}/edge-clusters/{edge-cluster-id}/url-categorization-configs/{url-categorization-config-id} | 
| Get list of gateway policies with rules that belong to the specific Tier-0 logical router.Get filtered view of gateway rules associated with the Tier-0. The gateay policies are returned in the order of category and precedence. | GET /policy/api/v1/infra/tier-0s/{tier-0-id}/gateway-firewall GET /policy/api/v1/global-infra/tier-0s/{tier-0-id}/gateway-firewall | 
| Get list of gateway policies with rules that belong to the specific Tier-0 LocalServices.Get filtered view of Gateway Firewall rules associated with the Tier-0 Locale Services. The gateway policies are returned in the order of category and sequence number. | GET /policy/api/v1/infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}/gateway-firewall GET /policy/api/v1/global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}/gateway-firewall | 
| Delete security configAPI has been deprecated as the delete of Tier0SecurityConfig is linked with the deletion of T0. To remove a particular feature from T0SecurityConfig please use PUT/PATCH. | DELETE /policy/api/v1/infra/tier-0s/{tier-0-id}/security-config
                           (Deprecated) | 
| Read Security FeatureRead Security Feature. | GET /policy/api/v1/infra/tier-0s/{tier-0-id}/security-config | 
| Create or Update security configurationCreate a T0 security configuration if it is not already present, otherwise update the security configuration. | PATCH /policy/api/v1/infra/tier-0s/{tier-0-id}/security-config | 
| Create or Update security configurationCreate or update security configuration. | PUT /policy/api/v1/infra/tier-0s/{tier-0-id}/security-config | 
| Get list of gateway policies with rules that belong to the specific Tier-1.Get filtered view of Gateway Firewall rules associated with the Tier-1. The gateway policies are returned in the order of category and sequence number. | GET /policy/api/v1/infra/tier-1s/{tier-1-id}/gateway-firewall GET /policy/api/v1/global-infra/tier-1s/{tier-1-id}/gateway-firewall GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tier-1s/{tier-1-id}/gateway-firewall | 
| Get list of gateway policies with rules that belong to the specific Tier-1 LocalServices.Get filtered view of Gateway Firewall rules associated with the Tier-1 Locale Services. The gateway policies are returned in the order of category and sequence number. | GET /policy/api/v1/infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}/gateway-firewall GET /policy/api/v1/global-infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}/gateway-firewall GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}/gateway-firewall | 
| Read Security FeatureRead Security Feature. | GET /policy/api/v1/infra/tier-1s/{tier-1-id}/security-config GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tier-1s/{tier-1-id}/security-config | 
| Create or Update security configurationCreate a security configuration if it is not already present, otherwise update the security configuration. | PATCH /policy/api/v1/infra/tier-1s/{tier-1-id}/security-config PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tier-1s/{tier-1-id}/security-config | 
| Create or Update security configurationCreate or update security configuration. | PUT /policy/api/v1/infra/tier-1s/{tier-1-id}/security-config PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tier-1s/{tier-1-id}/security-config | 
| TLS inspection execution state details for the tier1TLS inspection execution state details for the tier1 | GET /policy/api/v1/infra/tier-1s/{tier-1-id}/tls-inspection-state | 
| TLS inspection execution state fqdn details for the tier1TLS inspection execution state fqdn details for the tier1 | GET /policy/api/v1/infra/tier-1s/{tier-1-id}/tls-inspection-state/fqdns | 
| Get TLS inspection FQDN stateGet TLS inspection FQDN state | GET /policy/api/v1/infra/tier-1s/{tier-1-id}/tls-inspection-state/fqdns/{fqdn-id} | 
| Get Tls profiles available.List all the Tls profiles available by requested resource_type. | GET /policy/api/v1/infra/tls-inspection-action-profiles | 
| Delete a Tls profile.Deletes a Tls profile. | DELETE /policy/api/v1/infra/tls-inspection-action-profiles/{action-profile-id} | 
| Get TLS profile with id.Return Tls profile. | GET /policy/api/v1/infra/tls-inspection-action-profiles/{action-profile-id} | 
| Create a Tls profile.Create a Tls profile with values provided. It creates profile based on the resource_type in the payload. Each action profile supports the following 3 pre-defined config setting defaults: Balanced, High Fidelity and High Security. 1 - External Profile Balanced (default) Sample intent path: /infra/tls-inspection-action-profiles/external-balanced-profile API payload: 
 Profile with default settings: 
 2 - External Profile High Fidelity Sample intent path: /infra/tls-inspection-action-profiles/external-high-fidelity-profile Sample intent path: 
 Profile with default settings: 
 3 - External Profile High Security Sample intent path:/infra/tls-inspection-action-profiles/external-high-security-profile Sample intent path: 
 Profile with default settings: 
 4 - Internal Profile Balanced Sample intent path:/infra/tls-inspection-action-profiles/internal-balanced-profile Sample intent path: 
 Profile with default settings: 
 5 - Internal Profile High Fidelity Sample intent path:/infra/tls-inspection-action-profiles/internal-high-fidelity-profile Sample intent path: 
 Profile with default settings: 
 6 - Internal Profile High Security Sample intent path:/infra/tls-inspection-action-profiles/internal-high-security-profile Sample intent path: 
 Profile with default settings: 
 | PATCH /policy/api/v1/infra/tls-inspection-action-profiles/{action-profile-id} | 
| Update a Tls profile.Update user configurable properties of Tls profile. Each action profile supports the following 3 pre-defined config setting defaults: Balanced, High Fidelity and High Security. 1 - External Profile Balanced (default) Sample intent path: /infra/tls-inspection-action-profiles/external-balanced-profile API payload: 
 Profile with default settings: 
 2 - External Profile High Fidelity Sample intent path: /infra/tls-inspection-action-profiles/external-high-fidelity-profile Sample intent path: 
 Profile with default settings: 
 3 - External Profile High Security Sample intent path:/infra/tls-inspection-action-profiles/external-high-security-profile Sample intent path: 
 Profile with default settings: 
 4 - Internal Profile Balanced Sample intent path:/infra/tls-inspection-action-profiles/internal-balanced-profile Sample intent path: 
 Profile with default settings: 
 5 - Internal Profile High Fidelity Sample intent path:/infra/tls-inspection-action-profiles/internal-high-fidelity-profile Sample intent path: 
 Profile with default settings: 
 6 - Internal Profile High Security Sample intent path:/infra/tls-inspection-action-profiles/internal-high-security-profile Sample intent path: 
 Profile with default settings: 
 | PUT /policy/api/v1/infra/tls-inspection-action-profiles/{action-profile-id} | 
| List TLS policiesList all TLS policies. | GET /policy/api/v1/infra/tls-inspection-policies | 
| Delete TlsPolicyDelete TlsPolicy | DELETE /policy/api/v1/infra/tls-inspection-policies/{policy-id} | 
| Read tls policyRead TLS policy. | GET /policy/api/v1/infra/tls-inspection-policies/{policy-id} | 
| Update TLS policyUpdate the TLS policy. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a TLS policy use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. | PATCH /policy/api/v1/infra/tls-inspection-policies/{policy-id} | 
| Update TLS policyUpdate the TLS policy. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a TLS policy, use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. | PUT /policy/api/v1/infra/tls-inspection-policies/{policy-id} | 
| List TLS rulesList TLS rules | GET /policy/api/v1/infra/tls-inspection-policies/{policy-id}/rules | 
| Delete ruleDelete rule | DELETE /policy/api/v1/infra/tls-inspection-policies/{policy-id}/rules/{rule-id} | 
| Read ruleRead rule | GET /policy/api/v1/infra/tls-inspection-policies/{policy-id}/rules/{rule-id} | 
| Update TLS ruleUpdate the TLS rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you want to edit several rules in a TLS policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/tls-inspection-policies/<policy-id> | PATCH /policy/api/v1/infra/tls-inspection-policies/{policy-id}/rules/{rule-id} | 
| Update TLS ruleUpdate the TLS rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you want to edit several rules in a TLS policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/tls-inspection-policies/<policy-id> | PUT /policy/api/v1/infra/tls-inspection-policies/{policy-id}/rules/{rule-id} | 
| Get the list of URL categories.Gets the list of categories. This will provide all the supported categories along with their ids. Few examples of these categories are Shopping, Social Networks, Streaming sites, etc. | GET /policy/api/v1/infra/url-categories | 
| Get the list of reputation severityGets the list of reputation severities. This will provide all the supported severities along with their ids, min and max reputaitons. The min_reputation and max_reputation specify the range of the reputations which belong to a particular severity. For instance, any reputation between 1 to 20 belongs to the severity 'High Risk'. Similary a reputation between 81 to 100 belong to the severity 'Trustworthy'. | GET /policy/api/v1/infra/url-reputation-severities | 
