vCloud Director API for NSX. Programmers’ Guide

vCloud Director API for NSX

The vCloud Director API for NSX is a proxy API that allows vCloud API clients to make requests to the NSX API. Use this document as an extension to NSX vSphere API (NSX version 6.2 or later). This document lists a subset of NSX API requests supported by vCloud Director for NSX API and provides information about the differences between these requests as described in the NSX API documentation and how you should use them when using the vCloud Director for NSX API interface.

Connecting with the NSX API

The vCloud Director for NSX API interface supports a subset of the operations and objects defined in the NSX vSphere API Guide (NSX 6.2). The API supports NSX 6.2 and 6.3. You can download the NSX vSphere API Guide from (NSX 6.2) or (NSX 6.3). The queries listed in this document and the corresponding examples described in the NSX vSphere API Guide can be used by those using the vCloud Director API for NSX with a few modifications and some additional restrictions.

Multi-Tenant Support

The NSX API is designed to solve NSX tasks in a global domain such as the VMware® vCenter ™ datacenter. The NSX Proxy API is designed to solve NSX tasks within the vCloud Director tenant organisation.

If the NSX API uses internal edge identifiers such as edge-1 (typically specified as edgeId in the NSX vSphere API guide) to identify the edge, the vCloud Director API for NSX uses the identifier that vCloud Director assigns to the edge. This is a unique identifier in the form of a UUID as defined by RFC 4122. By using this identifier, the API can restrict access to members of the organisation that owns the edge. Members' access to the edge is also governed by their role in the organisation and the rights associated with that role. vCloud Director API for NSX uses this UUID of this edge only to discover the edge, identify the NSX manager responsible for the edge, and obtain its internal NSX edge ID, which it uses in subsequent NSX API operations on the edge.

Operations on other NSX objects, such as certificates and grouping objects, typically require vCloud Director organization or VUU UUIDs to be enabled in the request to restrict access to tenants with vCloud Director object rights.

VCloud Director system administrators can view or update all edges in the system.

Safety

HTTP communication between the client and the vCloud API server is secured using SSL. API clients must also complete a login request to obtain an authorisation token that must be included in all subsequent requests.

Request Headers

The following HTTP headers are typically included in requests:

Accept	All requests must include the HTTP Accept header, which specifies the vCloud Director API for the version of NSX that the client is using. Accept: application/+xml;version=api-version For example, the following header indicates that the request is coming from the vCloud Director API for NSX client version 29.0. Accept: application/+xml;version=29.0
Accept-Encoding	By default, the system returns the response content as uncompressed XML. Compressing the response can improve performance, especially if the response is large and network bandwidth is an issue. (Requests cannot be compressed.) To request a response that is returned as compressed XML, include the following header: Accept-Encoding: gzip The response is encoded using gzip encoding as described in RFC 1952 and includes the following header: Content-Encoding: gzip By default, responses smaller than 64KB are never compressed.
Accept-Language	Message strings in ErrorType responses are localised. Use the Accept-Language request header to specify the required language in responses. To request a response with message strings localised to French, use the following header: Accept-Language: fr
Authorization	All requests to create a vCloud API session must include the header of the authorisation form required by your organisation's identity provider. See the vCloud API Programmer's Guide for Service Providers.
Content-Type	Requests that include a request body must include the following HTTP Content-Type header Content-type: application/xml
x-vcloud-authorization	This header, which is returned with the session response after a successful login, must be included in all subsequent requests from clients authenticating to the Integrated Identity Provider or SAML Identity Provider. See the vCloud API Programmer's Guide for Service Providers.
X-VMWARE-VCLOUD-CLIENT-REQUEST-ID	The value of this header is used to construct the request ID that is returned as the X-VMWARE-VCLOUD-REQUEST-ID header. The value of this header cannot contain more than 128 characters from the set of letters, numbers and the hyphen (-). Values containing invalid characters will be ignored. Values greater than 128 characters are truncated.

NSX Edge Gateway Management

Each NSX Edge Gateway provides network security and a gateway to isolate the virtualized network.

Requesting or upgrading the Edge Gateway

Edge DHCP Services

Edge Firewall Services

Edge NAT Services

Edge Routing Services

Edge Load Balancer Services

Edge SSL VPN Services

Edge L2 VPN Services

Edge IPSec VPN Services

Edge interfaces, Logging, Statistics and Remote Access Properties/

NSX distributed firewall services

The distributed NSX firewall can provide firewall functionality directly to the vNIC virtual machine and supports a micro-segmentation security model in which East-West traffic can be inspected while processing at a similar rate.

- https://code.vmware.com/doc/preview?id=5705#/doc/GUID-442E3FDF-47AC-44F2-906B-B37666795970.html

Certificate management

Apps and App Groups

Security groups

Security tags