Authorization and authentication

The NetApp Service Engine REST API is accessible by using any web browser or programming platform that can issue HTTP requests. NetApp Service Engine supports basic HTTP authentication mechanism as well as Java Web Token (JWT) Bearer authentication. Before you call an API, you must authenticate a user.

For reference APIs, you can log in to the NetApp Service Engine web interface and view the Swagger interface from the left navigation pane > Support > API Documentation.

HTTP status codes

While running the APIs or troubleshooting issues, you should be aware of the various HTTP status codes and error codes that are used by NetApp Service Engine APIs.

The following table lists the error codes related to authentication.

HTTP Status Code Status Code Title Description



Returned on successful execution of synchronous API calls.



Creation of new resources by synchronous calls, such as configuration of Active Directory.



Returned on successful execution of asynchronous calls for provisioning functions, such as creating LUNs and files shares.


Invalid Request

Indicates input validation failure. User must correct the inputs, for example, valid keys in a request body.


Unauthorized Request

You are not authorized to view the resource/unauthorized.


Forbidden Request

Accessing the resource you were trying to reach is forbidden.


Resource Not Found

The resource you were trying to reach is not found.


Method Not Allowed

Method not allowed.


Precondition Failed

One or more preconditions were not met.


Internal Server Error

Internal server error. Failed to get a response from the server.
This internal server error might or might not be permanent. For example, if you run a GET or GET ALL operation and receive this error, it is recommended that you repeat this operation for a minimum of five retries. If it is a permanent error, then the status code returned continues to be 500. If the operation succeeds, the status code returned is 200.

Recommendations for using the APIs

When using the APIs, you should follow certain recommended practices:

  • For a valid execution, make sure all response content type are in the following format:

  • While updating array values, you must update the entire string of values. You cannot append values to an array—you can only replace an existing array.

  • Avoid querying objects by using a combination of the filter operators wildcard (*) and pipe (|). It might retrieve an incorrect number of objects.