What's new with the ONTAP REST API
Each ONTAP release updates the ONTAP REST API to bring you new features, enhancements, and bug fixes.
You should review the ONTAP Release Notes for additional information including known limitations or issues. Also see Changes to ONTAP REST API calls for any changes that might impact your automation software. |
ONTAP 9.16.1
ONTAP 9.16.1 includes over two dozen new API calls which continue to expand the capabilities of the ONTAP REST API. These enhancements focus primarily on security but also include improvements with metrics and bucket administration.
The ONTAP REST API exposed to users of NetApp ASA r2 systems (ASA A1K, ASA A70, and ASA A90) is different than the REST API provided with all other FAS, AFF, and ASA systems. See REST API support for ASA r2 systems for more information. |
- OAuth 2.0 support for Microsoft Entra ID
-
OAuth 2.0 support was first introduced with ONTAP 9.14.1. The OAuth 2.0 capabilities have been enhanced with ONTAP 9.16.1 to support the Microsoft Entra ID authorization server (formerly Azure AD) with standard OAuth 2.0 claims. Two major features are included as described below.
- OAuth 2.0 with groups as UUIDs
-
The Entra ID standard group claims based on UUID style values are supported through two new capabilities with ten new API calls:
-
Group UUID to group name mapping (
/security/groups
) -
UUID group to role mapping (
/security/group/role-mapping
)
-
- OAuth 2.0 with external roles
-
An external role is defined at an OAUTH 2.0 identify provider defined to ONTAP. You can create and administer mapping relationships between these external roles and the ONTAP roles. Five new API calls have been added.
- Web authentication
-
Web authentication (WebAuthn) is a web standard for securely authenticating users based on public key cryptography. With ONTAP, it supports the administration of phishing-resistant MFAs through System Manager and the ONTAP REST API. Seven new API calls have been added across several endpoints.
- Autonomous Ransomware Protection versioning and updates
-
Two API calls have been added with a new endpoint to manage the Autonomous Ransomware Protection package used by ONTAP. You can display the version of and update the Autonomous Ransomware Protection package.
- Qtree metrics
-
ONTAP 9.16.1 includes an optional qtree extended performance monitoring feature. With the feature enabled, ONTAP captures additional data including latency metrics and historical data. A new endpoint has been added to allow you to retrieve this performance data.
- S3 bucket snapshots
-
Four new API calls have been added to enable you to create and administer snapshots of your S3 buckets. Each snapshot is an image of the bucket as it existed when the snapshot was created.
ONTAP 9.15.1
ONTAP 9.15.1 continues to expand the capabilities of the ONTAP REST API, including support for two new features.
- NFS over TLS
-
There are three new endpoints available with this feature. You can issue these API calls to retrieve all the NFS over TLS interfaces, retrieve a specific interface by UUID, and update the configuration properties for a TLS interface. Collectively these API calls provide an equivalent to the set of
vserver nfs tls interface
CLI commands.
NFS over TLS is available in ONTAP 9.15.1 as a public preview. As a preview offering, this feature is not supported for production workloads with ONTAP 9.15.1. |
- Windows backup applications and Unix-style symlinks
-
When a Windows backup application encounters a Unix-style symbolic link (symlink), the link is traversed and the data is returned by ONTAP and backed up. Beginning with ONTAP 9.15.1, you also have the option of backing up the symlink instead of the data it points to. This can provide several benefits, including improved performance of your backup applications. The endpoint
/protocols/cifs/services/{svm.uuid}
has been updated to include the new parameterbackup-symlink-enabled
in theoptions
object.
ONTAP 9.14.1
The ONTAP 9.14.1 release includes over three dozen new API calls which continue to expand the capabilities of the ONTAP REST API. These endpoints support several new ONTAP features as well as updates to existing features. This release focuses primarily on security enhancements but also includes improvements to NAS, QOS, and performance metrics.
- Security
-
There are two major security features that have been introduced with ONTAP 9.14.1. Open Authorization (OAuth 2.0) is a token-based framework that can be used to restrict access to your ONTAP storage resources. You can use it with clients that access ONTAP through the REST API. Configuration can be performed with any of the ONTAP administrative interfaces including the REST API. The ONTAP 9.14.1 release also includes support for Cisco Duo which provides two-factor authentication for SSH logins. You can configure Duo to operate at the ONTAP cluster or SVM level. In addition to these two new features, several endpoints have been added to improve control over your key stores.
- FPolicy persistent storage
-
FPolicy provides a platform for ONTAP policy management. It provides a container for the various components or elements, such as events and the policy engine. You can now use the REST API to configure and administer a persistent store for the ONTAP FPolicy configuration and events. Each SVM can have one persistent store which is shared for the multiple policies within the SVM.
- QOS options
-
Two endpoints have been introduced to allow you to retrieve and set QOS options for the cluster. For example, you can reserve a percentage of available system processing resources for background tasks.
- Performance metrics
-
ONTAP maintains statistical information about the operational characteristics of the system. This information is presented in a database format consisting of tables and rows. With ONTAP 9.14.1, additional metrics data is added in several resources categories, including Fibre Channel, iSCSI, LUNs, and NVME. This additional metrics data continues to bring the ONTAP REST API closer to parity with the Data ONTAP API (ONTAPI or ZAPI).
- Miscellaneous enhancements
-
There are several additional enhancements which can be helpful depending on your environment. These new endpoints improve access to the SAN initiators and control of the host cache settings as well as enable access to individual AutoSupport messages.
ONTAP 9.13.1
ONTAP 9.13.1 continues to expand the capabilities of the ONTAP REST API with over two dozen new API calls. These endpoints support new ONTAP features as well as enhancements to existing features. This release focuses on improvements to security, resource management, enhanced SVM configuration options, and performance metrics.
- Resource tagging
-
You can use tags to group REST API resources. You might do this to associate related resources within a specific project or organizational group. Using tags can help to organize and track resources more effectively.
- Consistency groups
-
ONTAP 9.13.1 continues to expand the availability of performance counter data. You can now access this type of statistical information to track historical performance and capacity for consistency groups. In addition, enhancements have been included that allow the parent-child relationships among consistency groups to be configured and managed.
- DNS configuration per SVM
-
The existing DNS endpoints have been expanded to allow DNS domain and server configuration to be performed for individual SVMs.
- EMS role configuration
-
The existing EMS support feature has been expanded to allow for the management of roles and the access control configuration assigned to the roles. This provides the ability to limit or filter the events and messages based on the role configuration.
- Security
-
You can use the REST API to configure the time-based one-time password (TOTP) profiles for accounts that sign in and access ONTAP using SSH. In addition, the key manager endpoints have been expanded to provide a restore operation from a specified key management server.
- CIFS configuration per SVM
-
The existing CIFS endpoints have been expanded to allow the configuration for a specific SVM to be updated.
- S3 bucket rules
-
The existing S3 bucket endpoints have been expanded to include a rule definition. Each rule is a list objects and defines the set of actions to be performed on an object within the bucket. Collectively these rules allow you to better manage the lifecycle of your S3 buckets.
ONTAP 9.12.1
ONTAP 9.12.1 continues to expand the capabilities of the ONTAP REST API with over forty new API calls. These endpoints support new ONTAP features as well as enhancements to existing features. This release focuses on improvements to security and NAS capabilities.
- Security enhancements
-
Amazon Web Services includes a key management service that provides secure storage for keys and other secrets. You can access this service through the REST API to allow ONTAP to securely store its encryption keys in the cloud. In addition, you can create and list the authentication keys used with NetApp Storage Encryption.
- Active Directory
-
You can manage the Active Directory accounts defined for an ONTAP cluster. This includes creating new accounts as well as displaying, updating, and deleting accounts.
- CIFS group policies
-
The REST API has been enhanced to support the creation and management of CIFS group policies. The configuration information is available and administered through group policy objects that are applied to all or specific SVMs.
ONTAP 9.11.1
ONTAP 9.11.1 continues to expand the capabilities of the ONTAP REST API with nearly a hundred new API calls. These endpoints support the new ONTAP features as well as enhancements to existing features.
- Granular RBAC
-
The ONTAP role-based access control (RBAC) capability has been enhanced to provide additional granularity. You can use the traditional roles or create new custom roles as needed through the REST API. Every role is associated with one or more privileges, each of which identifies a REST API call or CLI command along with the access level. New access levels are available for REST roles, such as
read_create
andread_modify
. This enhancement provides parity with the Data ONTAP API (ONTAPI or ZAPI) and supports customer migration to the REST API. See RBAC security for more information. - Performance counters
-
Previous ONTAP releases have maintained statistical information about the operational characteristics of the system. With the 9.11.1 release, this information has been enhanced and is now available through the REST API. An administrator or automated process can access the data to determine system performance. The statistical information, as maintained by the counter manager subsystem, is presented in a database format using tables and rows. This enhancement brings the ONTAP REST API closer to parity with the Data ONTAP API (ONTAPI or ZAPI).
- Aggregate management
-
The management of ONTAP storage aggregates has been enhanced. You can use the updated REST endpoints to move aggregates online and offline as well as manage the spares.
- IP subnet capability
-
The ONTAP networking capability has been expanded to include support for IP subnets. The REST API provides access to the configuration and management of the IP subnets within an ONTAP cluster.
- Multiple administrator verification
-
The multiple administrator verification feature provides a flexible authorization framework for protecting access to ONTAP commands or operations. You can define rules that identify the restricted commands. When a user requests access to a specific command, approval can be granted by multiple ONTAP administrators as appropriate.
- SnapMirror enhancements
-
The SnapMirror capability has been enhanced in several areas including scheduling. The SnapVault relationship parity has been added in a DP relationship with ONTAP 9.11.1 Also, the throttle feature available with the REST API has reached parity with the Data ONTAP API (ONTAPI or ZAPI). Related to this, support is available to create and manage bulk snapshot copies.
- Storage pools
-
Several endpoints have been added to provide access to the ONTAP storage pools. Support is included for creating and listing the storage pools in a cluster as well as updating and deleting specific pools by ID.
- Name services cache support
-
ONTAP name services has been enhanced to support caching which improves performance and resiliency. Configuration of the name services cache can now be accessed through the REST API. Settings can be applied at multiple levels including hosts, unix-users, unix-groups, and netgroups.
- ONTAPI reporting tool
-
The ONTAPI reporting tool helps customers and partners identify the ONTAPI usage in their environment. This tool provides valuable insights for customers planning their migration from ONTAPI to the ONTAP REST API.
ONTAP 9.10.1
ONTAP 9.10.1 continues to expand the capabilities of the ONTAP REST API. Over a hundred new endpoints have been added to support new ONTAP features as well as enhancements to existing features. A summary of the REST API enhancements is presented below.
- Application consistency group
-
A consistency group is a set of volumes that are grouped together when performing certain operations such as a snapshot. This feature extends the same crash consistency and data integrity implicit with single-volume operations across a set of volumes. It is valuable for large multi-volume workload applications.
- SVM migration
-
You can migrate an SVM from a source cluster to a destination cluster. The new endpoints provide complete control, including the ability to pause, resume, retrieve status, and abort a migration operation.
- File cloning and management
-
Volume-level file cloning and management have been enhanced. New REST endpoints support file move, copy, and split operations.
- Improved S3 auditing
-
Auditing of the S3 events is a security improvement allowing you to track and log certain S3 events. An S3 audit event selector can be set on a per SVM per bucket basis.
- Ransomware defense
-
ONTAP detects files potentially containing a ransomware threat. You can retrieve a list of these suspect files as well as remove them from a volume.
- Miscellaneous security enhancements
-
There are several general security enhancements that expand existing protocols and introduce new capabilities. Improvements have been made to IPSEC, key management, SSH configuration, and file permissions.
- CIFS domains and local groups
-
Support for CIFS domains has been added at the cluster and SVM level. You can retrieve the domain configuration as well as create and remove preferred domain controllers.
- Expanded volume analytics
-
Volume analytics and metrics have been expanded through additional endpoints to support top files, directories, and users.
- Support enhancements
-
Support has been enhanced through several new features. Automatic updates can keep your ONTAP systems current by downloading and applying the latest software updates. You can also retrieve and manage the memory core dumps generated by a node.
ONTAP 9.9.1
ONTAP 9.9.1 continues to expand the capabilities of the ONTAP REST API. There are new API endpoints for existing ONTAP features, including SAN port sets and vServer file directory security. In addition, endpoints have been added to support new ONTAP 9.9.1 features and enhancements. And the related documentation has also been improved. A summary of the enhancements is presented below.
- Mapping ONTAPI to the ONTAP 9 REST API
-
To help you transition your ONTAP automation code to the REST API, NetApp provides API mapping documentation. This reference includes a list of ONTAPI calls and the REST API equivalent for each. The mapping document has been updated to include the new ONTAP 9.9.1 API end points. See ONTAPI to REST API mapping for more information.
- API endpoints for new ONTAP 9.9.1 core features
-
Support for new ONTAP 9.9.1 features that are not available through the ONTAPI API has been added to the REST API. This includes support for nested igroups and Google Cloud Key Management Services.
- Improved support for transitioning to REST from ONTAPI
-
More of the legacy ONTAPI calls now have corresponding REST API equivalents. This includes local Unix users and groups, management of NTFS file security without the need for a client, SAN port sets, and volume space attributes. These changes are also included in the updated ONTAPI to REST mapping documentation.
- Enhanced online documentation
-
The ONTAP online documentation reference page now includes labels indicating the ONTAP release when each REST endpoint or parameter was introduced, including those new with ONTAP 9.9.1.
ONTAP 9.8
ONTAP 9.8 includes several new features which enhance your ability to automate the deployment and management of ONTAP storage systems. In addition, support has been improved for assisting with the transition to REST from the legacy ONTAPI API.
- Mapping ONTAPI to the ONTAP 9 REST API
-
To help you update your ONTAPI automation, NetApp provides a list of ONTAPI calls that require one or more input parameters, along with a mapping of those calls to the equivalent ONTAP 9 REST API call. See ONTAPI to REST API mapping for more information.
- API endpoints for new ONTAP 9.8 features
-
Support for the new ONTAP 9.8 features not available through ONTAPI has been added to the REST API. This includes REST API support for ONTAP S3 buckets and services, SnapMirror active sync (formerly SnapMirror Business Continuity) and File System Analytics.
- Expanded support for enhanced security
-
Security has been enhanced through the support of several services and protocols, including Azure Key Vault, Google Cloud Key Management Services, IPSec, and Certificate Signing Requests.
- Enhancements to improve simplicity
-
ONTAP 9.8 delivers more efficient and modern workflows using the REST API. For example, one-click firmware updates are now available for several different types of firmware.
- Enhanced online documentation
-
The ONTAP online documentation page includes labels indicating the ONTAP release that each REST endpoint or parameter was introduced, including those new in 9.8.
- Improved support for transitioning to REST from ONTAPI
-
More legacy ONTAPI calls now have corresponding REST API equivalents. Documentation is also available to help identify which REST endpoint should be used in place of an existing ONTAPI call.
- Expanded performance metrics
-
Performance metrics for the REST API have been expanded to include several new storage and network objects.
ONTAP 9.7
ONTAP 9.7 extends the functional scope of the ONTAP REST API by introducing three new resource categories, each with several REST endpoints:
-
NDMP
-
Object store
-
SnapLock
ONTAP 9.7 also introduces one or more new REST endpoints in several of the existing resource categories:
-
Cluster
-
NAS
-
Networking
-
NVMe
-
SAN
-
Security
-
Storage
-
Support
ONTAP 9.6
ONTAP 9.6 greatly extends the REST API support originally introduced in ONTAP 9.4. The ONTAP 9.6 REST API supports most ONTAP configuration and administration tasks.
REST APIs in ONTAP 9.6 include the following key areas and many more:
-
Cluster setup
-
Protocol configuration
-
Provisioning
-
Performance monitoring
-
Data protection
-
Application aware data management