| API Description | API Path |
|---|---|
Read node authentication policy and password complexity configurationReturns information about the currently configured authentication policies and password complexity on the node. |
GET /api/v1/transport-nodes/<transport-node-id>/node/aaa/auth-policy
GET /api/v1/node/aaa/auth-policy GET /api/v1/cluster/<cluster-node-id>/node/aaa/auth-policy |
Resets node authentication policy and password complexity configurationResets to default, currently configured authentication policy and password complexity on the node. Administrators need to enforce password change for existing user accounts in order to match newly configured complexity requirements in system. reset-all: resets configured Authentication policy and Password complexity reset-auth-policies: resets only configured Authentication policy reset-pwd-complexity: resets only configured Password complexity |
POST /api/v1/node/aaa/auth-policy?action=reset-all|reset-auth-policies|reset-pwd-complexity
POST /api/v1/transport-nodes/<transport-node-id>/node/aaa/auth-policy?action=reset-all|reset-auth-policies|reset-pwd-complexity POST /api/v1/cluster/<cluster-node-id>/node/aaa/auth-policy?action=reset-all|reset-auth-policies|reset-pwd-complexity |
Update node authentication policy and password complexity configurationUpdate the currently configured authentication policy and password complexity on the node. If any of api_max_auth_failures, api_failed_auth_reset_period, or api_failed_auth_lockout_period are modified, the http service is automatically restarted. Whereas change in any password complexity will not be applicable on already configured user passwords. Administrators need to enforce password change for existing user accounts in order to match newly configured complexity requirements enforced in system. All values from AuthenticationPolicyProperties are in sync among the management cluster nodes. |
PUT /api/v1/transport-nodes/<transport-node-id>/node/aaa/auth-policy
PUT /api/v1/node/aaa/auth-policy PUT /api/v1/cluster/<cluster-node-id>/node/aaa/auth-policy |
List node usersReturns the list of users configured to log in to the NSX appliance. |
GET /api/v1/transport-nodes/<transport-node-id>/node/users
GET /api/v1/cluster/<cluster-node-id>/node/users GET /api/v1/node/users |
Reset a user's own password. Requires current passwordEnables a user to reset their own password. |
POST /api/v1/node/users?action=reset_own_password
POST /api/v1/cluster/<cluster-node-id>/node/users?action=reset_own_password |
Read node userReturns information about a specified user who is configured to log in to the NSX appliance. The valid user IDs are: 0, 10000, 10002. |
GET /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>
GET /api/v1/cluster/<cluster-node-id>/node/users/<userid> GET /api/v1/node/users/<userid> |
Activate a user account with a passwordActivates the account for this user. When an account is successfully activated, the "status" field in the response is "ACTIVE". This API is not supported for userid 0 and userid 10000. |
POST /api/v1/node/users/<userid>?action=activate
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>?action=activate |
Reset a user's password without requiring their current passwordUnlike the PUT version of this call (PUT /node/users/<userid>), this API does not require that the current password for the user be provided. The account of the target user must be "ACTIVE" for the call to succeed. This API only supports user IDs 10002, 10003, and 10004. |
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>?action=reset_password
POST /api/v1/node/users/<userid>?action=reset_password |
Deactivate a user accountDeactivates the account for this user. Deactivating an account is permanent, unlike an account that is temporarily locked because of too many password failures. A deactivated account has to be explicitly activated. When an account is successfully deactivated, the "status" field in the response is "NOT_ACTIVATED". This API is not supported for userid 0 and userid 10000. |
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>?action=deactivate
POST /api/v1/node/users/<userid>?action=deactivate |
Update node userUpdates attributes of an existing NSX appliance user. This method
The specified password does not meet the following (default) complexity requirements:
the configured password complexity may vary as per defined Authentication and Password policies, which shall be available at: [GET]: /api/v1/node/aaa/auth-policy The valid user IDs are: 0, 10000, 10002.
|
PUT /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>
PUT /api/v1/cluster/<cluster-node-id>/node/users/<userid> PUT /api/v1/node/users/<userid> |
List SSH keys from authorized_keys file for node userReturns a list of all SSH keys from authorized_keys file for node user |
GET /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>/ssh-keys
GET /api/v1/cluster/<cluster-node-id>/node/users/<userid>/ssh-keys GET /api/v1/node/users/<userid>/ssh-keys |
Remove SSH public key from authorized_keys file for node user |
POST /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>/ssh-keys?action=remove_ssh_key
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>/ssh-keys?action=remove_ssh_key POST /api/v1/node/users/<userid>/ssh-keys?action=remove_ssh_key |
Add SSH public key to authorized_keys file for node user |
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>/ssh-keys?action=add_ssh_key
POST /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>/ssh-keys?action=add_ssh_key POST /api/v1/node/users/<userid>/ssh-keys?action=add_ssh_key |