Skip to main content



In-Product Automation (IPA) is a core BlueXP platform service enabling license enforcement and policy-driven operational control for a variety of software licensing models. It supports several different NetApp product families, including ONTAP (AFF, FAS, Cloud Volumes ONTAP), E-Series, StorageGRID, SolidFire as well as additional host-based solutions such as OnCommand Insight. IPA provides a REST API you can use to access the features available with the service.

The BlueXP IPA service orchestrates the overall IPA configuration to facilitate the management of licenses, services, and NetApp Support Site user data. It provides streamlined orchestration of Cloud Volumes ONTAP system management of IPA functions.

The IPA service provides secure and granular role-based access control (RBAC) for the resources available through the BlueXP control plane. The service operates within the context of a BlueXP account. The identity of the API caller and the account are established using a user or service token.

There are four components defined within the IPA service that expose REST endpoints.

  • License

  • Services

  • NSS

  • Support

The IPA service has two modes of operation:

  • Legacy password-based authentication mode

  • Current token-based authentication mode

The operational mode used depends on how the license is registered for a given serial number. Token-based authentication is preferred. If a license is registered with a password,
the legacy Oracle password-based authentication mode is used.

The key benefits of the IPA service include:

  • A consistent user experience for all the IPA-related features (such as license and NSS)

  • An intuitive REST API to manage the IPA-related features which can be used to return a license, service, and NetApp Support site user within the same context

All IPA service API calls are short-lived and run synchronously. Asynchronous processing and internal process tracking are not supported.

Note: Before using the API reference documentation, review the Get started section for the BlueXP APIs.
For more information about the security tokens and identifiers you'll need when using the API, review the Common workflows and tasks section.

REST implementation

HTTP methods

Method Description


Create an object instance


Retrieve an object instance or collection


Update an existing object's specified properties


Remove an existing object

Request headers

Request Header Description


Required. Contains the JWT token (user/service)


Used to tag a request with application-specific keys for improved supportability. Free-text string

Query parameters

You can use query parameters with endpoints in the following components:

Component Query Parameter


accountId (required)nssKeyId (required)resourceId (required)

Response headers

This API uses the standard HTTP response headers common with all BlueXP APIs. See REST implementation for more information.

HTTP status codes

HTTP Status Code Description


OK: Returned for successful operation completion


Bad Request: Returned if the input is malformed and could not be parsed


Unauthorized: Returned if user authentication failed or the token has expired


Forbidden: Returned for authorization errors depending on the resource and token


Not Found: Returned if the requested resource could not be found


Processing Error: Returned if an error occurs on the server while processing the API call

Error handling

There are three processes involved with error handling and processing:

  • The error is logged for supportability

  • The error is returned to the caller for specific handling

  • The database connection is rolled back

cURL examples

Retrieve NSS data for a specified account

This cURL example retrieves NSS data by using a specified account ID and NSS key ID.
The NSS data contains the NSS ID, username, and email ID.

  curl -X GET "<accountId>/nss-key/<nssKeyId>/nss-data
" -H  "accept: application/json" -H  "authorization: <user token>"