security
Suggest changes
PDFs
security-config-get
GET /api/security
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
cluster-security-config-ready |
No REST Equivalent |
|
interface |
No REST Equivalent |
This was required in ONTAPI but only allowed a single valid value. Not exposed in the REST API. |
is-fips-enabled |
fips.enabled |
|
supported-ciphers |
No REST Equivalent |
This was optional in ONTAPI but is now deprecated in favor of supported-cipher-suites. Not exposed in the REST API. |
supported-cipher-suites |
tls.cipher_suites |
|
supported-protocols |
tls.protocol_versions |
|
interface |
No REST Equivalent |
This was required in ONTAPI but only allowed a single valid value. Not exposed in the REST API. |
security-config-modify
PATCH /api/security
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
interface |
No REST Equivalent |
This was required in ONTAPI but only allowed a single valid value. Not exposed in the REST API. |
is-fips-enabled |
fips.enabled |
|
supported-ciphers |
No REST Equivalent |
This was optional in ONTAPI but is now deprecated in favor of supported-cipher-suites. Not exposed in the REST API. |
supported-cipher-suites |
tls.cipher_suites |
|
supported-protocols |
tls.protocol_versions |
security-config-ocsp-disable
This ONTAPI call does not have an equivalent REST API call.
security-config-ocsp-enable
This ONTAPI call does not have an equivalent REST API call.
security-config-ocsp-get-iter
This ONTAPI call does not have an equivalent REST API call.
security-last-login-info
This ONTAPI call does not have an equivalent REST API call.
security-login-create
POST /api/security/accounts
Note: You cannot create SNMP users by using this endpoint. To create SNMP users, use the POST /api/support/snmp/users REST API endpoint.
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
applications.application |
|
authentication-method |
applications.authentication_methods |
|
comment |
comment |
|
is-ns-switch-group |
No REST Equivalent |
|
is-password-hashed |
No REST Equivalent |
|
password |
password |
|
remote-switch-ipaddress |
No REST Equivalent |
|
role-name |
role.name |
|
second-authentication-method |
applications.second_authentication_method |
|
snmpv3-login-info |
No REST Equivalent |
SNMP (including SNMPv3) users are managed by the "/api/support/snmp/users" REST API endpoint. |
user-name |
name |
name is specified as a path parameter. |
vserver |
owner.name |
Can also use owner.uuid |
security-login-delete
DELETE /api/security/accounts/{owner.uuid}/{name}
Note: The /api/security/accounts/\{owner.uuid\}/{name} REST API endpoint deletes all the entries for the user account, that is, it deletes entries for all applications and all authentication methods corresponding to the user account. You cannot delete SNMP users by using this endpoint. To delete SNMP users, use the DELETE /api/support/snmp/users/{engine-id}/{name} REST API endpoint.
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
applications.application |
|
authentication-method |
applications.authentication_methods |
|
remote-switch-ipaddress |
No REST Equivalent |
|
user-name |
name |
name is specified as a path parameter. |
vserver |
owner.uuid |
owner.uuid is specified as a path parameter. |
security-login-delete-iter
DELETE /api/security/accounts
Note: You cannot delete SNMP users by using this endpoint. To delete a set of SNMP users, use the DELETE /api/support/snmp/users REST API collection.
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
continue-on-failure |
No REST Equivalent |
|
max-failure-count |
No REST Equivalent |
|
max-records |
max_records |
Specifies the maximum number of records to return before paging. |
application |
applications.application |
|
authentication-method |
applications.authentication_methods |
|
comment |
comment |
|
is-locked |
locked |
|
is-ns-switch-group |
No REST Equivalent |
|
password-hash-algorithm |
No REST Equivalent |
|
remote-switch-ipaddress |
No REST Equivalent |
|
role-name |
role.name |
|
second-authentication-method |
applications.second_authentication_method |
|
user-name |
name |
|
vserver |
owner.name |
Can also specify "owner.uuid" |
return-failure-list |
No REST Equivalent |
|
return-success-list |
No REST Equivalent |
security-login-expire-password
This ONTAPI call does not have an equivalent REST API call.
security-login-expire-password-iter
This ONTAPI call does not have an equivalent REST API call.
security-login-get
GET /api/security/accounts/{owner.uuid}/{name}
Note: You cannot retrieve SNMP users by using this endpoint. To retrieve SNMP users, use GET /api/support/snmp/users/{engine_id}/{name} REST API call.
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
applications.application |
|
authentication-method |
applications.authentication_methods |
|
comment |
comment |
|
is-locked |
locked |
|
is-ns-switch-group |
No REST Equivalent |
|
password-hash-algorithm |
No REST Equivalent |
|
remote-switch-ipaddress |
No REST Equivalent |
|
role-name |
role.name |
|
second-authentication-method |
applications.second_authentication_method |
|
user-name |
name |
name is specified as a path parameter. |
vserver |
owner.uuid |
owner.uuid is specified as a path parameter. |
security-login-get-iter
GET /api/security/accounts
Note: You cannot retrieve SNMP users by using this endpoint. To retrieve a set of SNMP users, use the GET /api/support/snmp/users REST API collection.
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
applications.application |
|
authentication-method |
applications.authentication_methods |
|
comment |
comment |
|
is-locked |
locked |
|
is-ns-switch-group |
No REST Equivalent |
|
password-hash-algorithm |
No REST Equivalent |
|
remote-switch-ipaddress |
No REST Equivalent |
|
role-name |
role.name |
|
second-authentication-method |
applications.second_authentication_method |
|
user-name |
name |
|
vserver |
owner.name |
Can also use "owner.uuid" |
max-records |
max_records |
Specifies the maximum number of records to return before paging. |
security-login-lock
PATCH /api/security/accounts/{owner.uuid}/{name}
Note: Set the "locked" REST API attribute to "true".
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
user-name |
name |
name is specified as a path parameter. |
vserver |
owner.uuid |
owner.uuid is specified as a path parameter. |
security-login-modify
PATCH /api/security/accounts/{owner.uuid}/{name}
Note: You cannot modify SNMP users by using this endpoint. To modify SNMP users, use the PATCH /api/support/snmp/users/{engine_id}/{name} REST API call.
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
applications.application |
|
authentication-method |
applications.authentication_methods |
|
comment |
comment |
|
is-ns-switch-group |
No REST Equivalent |
|
remote-switch-ipaddress |
No REST Equivalent |
|
role-name |
role.name |
|
second-authentication-method |
applications.second_authentication_method |
|
user-name |
name |
name is specified as a path parameter. |
vserver |
owner.uuid |
owner.uuid is specified as a path parameter. |
security-login-modify-iter
PATCH /api/security/accounts
Note: Update SNMP users by using the /api/support/snmp/users REST API endpoint.
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
applications.application |
Can specify as a query parameter. |
authentication-method |
applications.authentication_methods |
Can specify as a query parameter. |
comment |
comment |
Must specify in the PATCH body. |
is-locked |
locked |
Must specify in the PATCH body. |
is-ns-switch-group |
No REST Equivalent |
|
password-hash-algorithm |
No REST Equivalent |
|
remote-switch-ipaddress |
No REST Equivalent |
|
role-name |
role.name |
Must specify in the PATCH body. |
second-authentication-method |
applications.second_authentication_method |
|
user-name |
name |
Must specify as a query parameter. |
vserver |
owner.name |
Can also use owner.uuid. |
continue-on-failure |
No REST Equivalent |
|
max-failure-count |
No REST Equivalent |
|
max-records |
max_records |
Specifies the maximum number of records to return before paging. |
return-failure-list |
No REST Equivalent |
|
return-success-list |
No REST Equivalent |
security-login-modify-password
POST /api/security/authentication/password
Note: In the REST API, specify owner.name, that is, the SVM name or owner.uuid (SVM UUID REST API attributes in the body of a POST request) to specify the SVM to which the user belongs. If you do not specify owner.uuid or owner.name, the SVM is selected based on the LIF or IP address to which the REST API is issued.
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
is-password-hashed |
No REST Equivalent |
|
new-password |
password |
|
password-hash-algorithm |
No REST Equivalent |
|
user-name |
name |
security-login-role-config-get
This ONTAPI call does not have an equivalent REST API call.
security-login-role-config-get-iter
This ONTAPI call does not have an equivalent REST API call.
security-login-role-config-modify
This ONTAPI call does not have an equivalent REST API call.
security-login-role-config-modify-iter
This ONTAPI call does not have an equivalent REST API call.
security-login-role-create
Note: This ONTAPI creates a new legacy role. Use the private CLI passthrough with the POST method of REST API /api/private/cli/security/login/role to create a new legacy role through the REST API. You can use the POST method of the /security/roles endpoint to create a new REST API role.
This ONTAPI call does not have an equivalent REST API call.
security-login-role-delete
This ONTAPI call does not have an equivalent REST API call.
security-login-role-delete-iter
This ONTAPI call does not have an equivalent REST API call.
security-login-role-get
This ONTAPI call does not have an equivalent REST API call.
security-login-role-get-iter
This ONTAPI call does not have an equivalent REST API call.
security-login-role-modify
This ONTAPI call does not have an equivalent REST API call.
security-login-role-modify-iter
This ONTAPI call does not have an equivalent REST API call.
security-login-unlock
PATCH /api/security/accounts/{owner.uuid}/{name}
Note: Set the locked REST API attribute to false.
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
user-name |
name |
name is specified as a path parameter. |
vserver |
owner.uuid |
owner.uuid is a path parameter. |
security-login-whoami
This ONTAPI call does not have an equivalent REST API call.
security-protocol-get
GET /api/security
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
management_protocols |
To retrieve RSH and Telnet protocols, use the /api/security?fields=management_protocols REST API call. |
enabled |
management_protocols |
To retrieve RSH and Telnet protocol statuses, use the fields management_protocols.rsh_enabled and management_protocols.telnet_enabled. |
security-protocol-modify
PATCH /api/security
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
management_protocols |
|
enabled |
management_protocols |
To modify RSH and Telnet protocols, use the parameters rsh_enabled and telnet_enabled. |
security-protocol-ssh-get
GET /api/security/ssh
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
connections-per-second |
connections_per_second |
|
max-instances |
max_instances |
|
per-source-limit |
per_source_limit |
security-protocol-ssh-modify
PATCH /api/security/ssh
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
connections-per-second |
connections_per_second |
|
max-instances |
max_instances |
|
per-source-limit |
per_source_limit |
security-reset
This ONTAPI call does not have an equivalent REST API call.
security-saml-sp-create-async
POST /api/security/authentication/cluster/saml-sp
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
cert-ca |
certificate.ca |
|
cert-common-name |
certificate.common_name |
|
cert-serial |
certificate.serial_number |
|
idp-uri |
idp_uri |
|
sp-host |
host |
|
verify-metadata-server |
verify_metadata_server |
security-saml-sp-destroy
DELETE /api/security/authentication/cluster/saml-sp
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
There are no attributes defined for this ONTAPI call.
security-saml-sp-get
GET /api/security/authentication/cluster/saml-sp
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
cert-ca |
certificate.ca |
|
cert-common-name |
certificate.common_name |
|
cert-serial |
certificate.serial_number |
|
idp-uri |
idp_uri |
|
is-enabled |
enabled |
|
sp-host |
host |
|
verify-metadata-server |
verify_metadata_server |
security-saml-sp-modify
PATCH /api/security/authentication/cluster/saml-sp
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
is-enabled |
enabled |
security-saml-sp-repair
This ONTAPI call does not have an equivalent REST API call.
security-saml-sp-status-get-iter
This ONTAPI call does not have an equivalent REST API call.
security-security-login-password-prepare-to-downgrade
Note: This is an unsupported ZAPI. Hence it is not exposed through a REST API.
This ONTAPI call does not have an equivalent REST API call.
security-ssh-add
PATCH /api/security/ssh/svms/{svm.uuid}
Note: To use the functionality of security-ssh-add for "Administrative SVM", use the PATCH /api/security/ssh REST API call.
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
ciphers |
ciphers |
|
key-exchange-algorithms |
key_exchange_algorithms |
|
mac-algorithms |
mac_algorithms |
|
vserver |
svm.uuid |
svm.uuid is specified as a path parameter.The vserver parameter defaults to Administrative SVM for /api/security/ssh REST API. |
security-ssh-get-iter
GET /api/security/ssh/svms
Note: To use the functionality of security-ssh-get-iter for "Administrative SVM", use GET on /api/security/ssh REST API call
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
ciphers |
ciphers |
|
key-exchange-algorithms |
key_exchange_algorithms |
|
mac-algorithms |
mac_algorithms |
|
max-authentication-retry-count |
max_authentication_retry_count |
|
vserver-name |
svm.name |
Vserver parameter defaults to "Administrative SVM" in the REST API /api/security/ssh. |
max-records |
max_records |
Specifies the maximum number of records to return before paging. |
security-ssh-remove
PATCH /api/security/ssh/svms/{svm.uuid}
Note: To use the functionality of security-ssh-remove for "Administrative SVM", use the PATCH /api/security/ssh REST API call.
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
ciphers |
ciphers |
|
key-exchange-algorithms |
key_exchange_algorithms |
|
mac-algorithms |
mac_algorithms |
|
vserver |
svm.uuid |
svm.uuid is specified as a path parameter.The vserver parameter defaults to Administrative SVM for /api/security/ssh REST API. |
security-ssh-reset
PATCH /api/security/ssh/svms/{svm.uuid}
Note: To reset the SSH configuration for "Administrative SVM", use the PATCH /api/security/ssh REST API call.
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
ciphers |
ciphers |
|
key-exchange-algorithms |
key_exchange_algorithms |
|
mac-algorithms |
mac_algorithms |
|
max-authentication-retry-count |
max_authentication_retry_count |
|
vserver |
svm.uuid |
svm.uuid is specified as a path parameter.The vserver parameter defaults to Administrative SVM for /api/security/ssh REST API. |
ssh-prepare-to-downgrade
This ONTAPI call does not have an equivalent REST API call.