security
Suggest changes
PDFs
security-config-get
GET /api/security
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
cluster-security-config-ready |
No REST Equivalent |
|
interface |
No REST Equivalent |
This used to be required in ONTAPI, but only ever allowed a single valid value. It has never been exposed via REST. |
is-fips-enabled |
fips.enabled |
|
supported-ciphers |
No REST Equivalent |
This used to be optional in ONTAPI, but is now deprecated in favor of supported-cipher-suites. It has never been exposed via REST. |
supported-cipher-suites |
No REST Equivalent |
|
supported-protocols |
No REST Equivalent |
|
interface |
No REST Equivalent |
This used to be required in ONTAPI, but only ever allowed a single valid value. It has never been exposed via REST. |
security-config-modify
PATCH /api/security
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
interface |
No REST Equivalent |
This used to be required in ONTAPI, but only ever allowed a single valid value. It has never been exposed via REST. |
is-fips-enabled |
fips.enabled |
|
supported-ciphers |
No REST Equivalent |
This used to be optional in ONTAPI, but is now deprecated in favor of supported-cipher-suites. It has never been exposed via REST. |
supported-cipher-suites |
No REST Equivalent |
|
supported-protocols |
No REST Equivalent |
security-config-ocsp-disable
This ONTAPI call does not have an equivalent REST API call.
security-config-ocsp-enable
This ONTAPI call does not have an equivalent REST API call.
security-config-ocsp-get-iter
This ONTAPI call does not have an equivalent REST API call.
security-last-login-info
This ONTAPI call does not have an equivalent REST API call.
security-login-create
POST /api/security/accounts
Note: SNMP users cannot be created using this endpoint.To create SNMP users, use 'POST' method of '/api/support/snmp/users'.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
applications.application |
|
authentication-method |
applications.authentication_methods |
|
comment |
comment |
|
is-ns-switch-group |
No REST Equivalent |
|
is-password-hashed |
No REST Equivalent |
|
password |
password |
|
remote-switch-ipaddress |
No REST Equivalent |
|
role-name |
role.name |
|
second-authentication-method |
applications.second_authentication_method |
|
snmpv3-login-info |
No REST Equivalent |
SNMP (including SNMPv3) users are managed by '/api/support/snmp/users' REST endpoint |
user-name |
name |
'name' is specified as a path parameter. |
vserver |
owner.name |
Can also use owner.uuid |
security-login-delete
DELETE /api/security/accounts/{owner.uuid}/{name}
Note: '/api/security/accounts/\{owner.uuid\}/{name}' endpoint will delete all the entries for the user account i.e. it will delete entries for all applications and all authentication methods corresponding to the user account.SNMP users cannot be deleted using this endpoint.To delete SNMP users, use 'DELETE' method of '/api/support/snmp/users/{engine-id}/{name}'.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
applications.application |
|
authentication-method |
applications.authentication_methods |
|
remote-switch-ipaddress |
No REST Equivalent |
|
user-name |
name |
'name' is specified as a path parameter. |
vserver |
owner.uuid |
'owner.uuid' is specified as a path parameter. |
security-login-delete-iter
DELETE /api/security/accounts
Note: SNMP users cannot be deleted using this endpoint. To delete a set of SNMP users, use 'DELETE' method of '/api/support/snmp/users' collection.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
continue-on-failure |
No REST Equivalent |
|
max-failure-count |
No REST Equivalent |
|
max-records |
max_records |
The maximum number of records to return before paging |
application |
applications.application |
|
authentication-method |
applications.authentication_methods |
|
comment |
comment |
|
is-locked |
locked |
|
is-ns-switch-group |
No REST Equivalent |
|
password-hash-algorithm |
No REST Equivalent |
|
remote-switch-ipaddress |
No REST Equivalent |
|
role-name |
role.name |
|
second-authentication-method |
applications.second_authentication_method |
|
user-name |
name |
|
vserver |
owner.name |
Can also specify 'owner.uuid' |
return-failure-list |
No REST Equivalent |
|
return-success-list |
No REST Equivalent |
security-login-expire-password
This ONTAPI call does not have an equivalent REST API call.
security-login-expire-password-iter
This ONTAPI call does not have an equivalent REST API call.
security-login-get
GET /api/security/accounts/{owner.uuid}/{name}
Note: SNMP users cannot be fetched using this endpoint. To fetch SNMP users, use 'GET' method of '/api/support/snmp/users/{engine_id}/{name}'.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
applications.application |
|
authentication-method |
applications.authentication_methods |
|
comment |
comment |
|
is-locked |
locked |
|
is-ns-switch-group |
No REST Equivalent |
|
password-hash-algorithm |
No REST Equivalent |
|
remote-switch-ipaddress |
No REST Equivalent |
|
role-name |
role.name |
|
second-authentication-method |
applications.second_authentication_method |
|
user-name |
name |
'name' is specified as a path parameter. |
vserver |
owner.uuid |
'owner.uuid' is specified as a path parameter. |
security-login-get-iter
GET /api/security/accounts
Note: SNMP users cannot be fetched using this endpoint. To fetch a set of SNMP users, use 'GET' method of '/api/support/snmp/users' collection.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
applications.application |
|
authentication-method |
applications.authentication_methods |
|
comment |
comment |
|
is-locked |
locked |
|
is-ns-switch-group |
No REST Equivalent |
|
password-hash-algorithm |
No REST Equivalent |
|
remote-switch-ipaddress |
No REST Equivalent |
|
role-name |
role.name |
|
second-authentication-method |
applications.second_authentication_method |
|
user-name |
name |
|
vserver |
owner.name |
Can also use 'owner.uuid' |
max-records |
max_records |
The maximum number of records to return before paging |
security-login-lock
PATCH /api/security/accounts/{owner.uuid}/{name}
Note: Set the 'locked' REST attribute to 'true'.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
user-name |
name |
'name' is specified as a path parameter. |
vserver |
owner.uuid |
'owner.uuid' is specified as a path parameter. |
security-login-modify
PATCH /api/security/accounts/{owner.uuid}/{name}
Note: SNMP users cannot be modified using this endpoint. To modify SNMP users, use 'PATCH' method of '/api/support/snmp/users/{engine_id}/{name}'.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
applications.application |
|
authentication-method |
applications.authentication_methods |
|
comment |
comment |
|
is-ns-switch-group |
No REST Equivalent |
|
remote-switch-ipaddress |
No REST Equivalent |
|
role-name |
role.name |
|
second-authentication-method |
applications.second_authentication_method |
|
user-name |
name |
'name' is specified as a path parameter. |
vserver |
owner.uuid |
'owner.uuid' is specified as a path parameter. |
security-login-modify-iter
PATCH /api/security/accounts
Note: SNMP users are modified using '/api/support/snmp/users' REST endpoint.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
applications.application |
Can be specified as a query parameter. |
authentication-method |
applications.authentication_methods |
Can be specified as a query parameter. |
comment |
comment |
Must be specified in the 'PATCH' body. |
is-locked |
locked |
Must be specified in the 'PATCH' body. |
is-ns-switch-group |
No REST Equivalent |
|
password-hash-algorithm |
No REST Equivalent |
|
remote-switch-ipaddress |
No REST Equivalent |
|
role-name |
role.name |
Must be specified in the 'PATCH' body. |
second-authentication-method |
applications.second_authentication_method |
|
user-name |
name |
Must be specified as a query parameter. |
vserver |
owner.name |
Can also use 'owner.uuid'. |
continue-on-failure |
No REST Equivalent |
|
max-failure-count |
No REST Equivalent |
|
max-records |
max_records |
The maximum number of records to return before paging |
return-failure-list |
No REST Equivalent |
|
return-success-list |
No REST Equivalent |
security-login-modify-password
POST /api/security/authentication/password
Note: Specify 'owner.name' i.e. SVM name or 'owner.uuid' i.e. SVM uuid rest attributes in the body of POST request to specify the SVM to which the user belongs.If 'owner.uuid' or 'owner.name' is not specified, SVM is selected based on LIF or IP address to which the REST API is issued.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
is-password-hashed |
No REST Equivalent |
|
new-password |
password |
|
password-hash-algorithm |
No REST Equivalent |
|
user-name |
name |
security-login-role-config-get
GET /api/private/cli/security/login/role/config
Note: Use the private CLI passthrough with the GET method of ONTAP REST API '/api/private/cli/security/login/role/config' to fetch the configuration parameters for a role through REST.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
account-expiry-time |
account_expiry_time |
|
account-inactive-limit |
account_inactive_limit |
|
change-password-duration-in-days |
change_delay |
|
delay-after-failed-login |
delay_after_failed_login |
|
last-passwords-disallowed-count |
disallowed_reuse |
|
lockout-duration |
lockout_duration |
|
max-failed-login-attempts |
max_failed_login_attempts |
|
min-passwd-specialchar |
passwd_min_special_chars |
|
min-password-size |
passwd_minlength |
|
min-username-size |
username_minlength |
|
passwd-expiry-warn-time |
passwd_expiry_warn_time |
|
passwd-min-digits |
passwd_min_digits |
|
passwd-min-lowercase-chars |
passwd_min_lowercase_chars |
|
passwd-min-uppercase-chars |
passwd_min_uppercase_chars |
|
password-expiration-duration |
passwd_expiry_time |
|
require-initial-password-update |
require_initial_passwd_update |
|
require-password-alpha-numeric |
passwd_alphanum |
|
require-username-alpha-numeric |
username_alphanum |
|
role-name |
role |
|
vserver |
vserver |
security-login-role-config-get-iter
GET /api/private/cli/security/login/role/config
Note: Use the private CLI passthrough with the GET method of ONTAP REST API '/api/private/cli/security/login/role/config' and wildcards in GET body parameters to iterate over a list of roles configurations through REST.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
account-expiry-time |
account_expiry_time |
|
account-inactive-limit |
account_inactive_limit |
|
change-password-duration-in-days |
change_delay |
|
delay-after-failed-login |
delay_after_failed_login |
|
last-passwords-disallowed-count |
disallowed_reuse |
|
lockout-duration |
lockout_duration |
|
max-failed-login-attempts |
max_failed_login_attempts |
|
min-passwd-specialchar |
passwd_min_special_chars |
|
min-password-size |
passwd_minlength |
|
min-username-size |
username_minlength |
|
passwd-expiry-warn-time |
passwd_expiry_warn_time |
|
passwd-min-digits |
passwd_min_digits |
|
passwd-min-lowercase-chars |
passwd_min_lowercase_chars |
|
passwd-min-uppercase-chars |
passwd_min_uppercase_chars |
|
password-expiration-duration |
passwd_expiry_time |
|
require-initial-password-update |
require_initial_passwd_update |
|
require-password-alpha-numeric |
passwd_alphanum |
|
require-username-alpha-numeric |
username_alphanum |
|
role-name |
role |
|
vserver |
vserver |
|
max-records |
max_records |
The maximum number of records to return before paging |
security-login-role-config-modify
PATCH /api/private/cli/security/login/role/config
Note: Use the private CLI passthrough with the PATCH method of ONTAP REST API '/api/private/cli/security/login/role/config' to modify the configuration parameters for a role through REST.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
account-expiry-time |
account_expiry_time |
|
account-inactive-limit |
account_inactive_limit |
|
change-password-duration-in-days |
change_delay |
|
delay-after-failed-login |
delay_after_failed_login |
|
last-passwords-disallowed-count |
disallowed_reuse |
|
lockout-duration |
lockout_duration |
|
max-failed-login-attempts |
max_failed_login_attempts |
|
min-passwd-specialchar |
passwd_min_special_chars |
|
min-password-size |
passwd_minlength |
|
min-username-size |
username_minlength |
|
passwd-expiry-warn-time |
passwd_expiry_warn_time |
|
passwd-min-digits |
passwd_min_digits |
|
passwd-min-lowercase-chars |
passwd_min_lowercase_chars |
|
passwd-min-uppercase-chars |
passwd_min_uppercase_chars |
|
password-expiration-duration |
passwd_expiry_time |
|
require-initial-password-update |
require_initial_passwd_update |
|
require-password-alpha-numeric |
passwd_alphanum |
|
require-username-alpha-numeric |
username_alphanum |
|
role-name |
role |
|
vserver |
vserver |
security-login-role-config-modify-iter
PATCH /api/private/cli/security/login/role/config
Note: Use the private CLI passthrough with the PATCH method of ONTAP REST API '/api/private/cli/security/login/role/config' and wildcards in PATCH body parameters to modify configuration parameters for a list of roles through REST.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
account-expiry-time |
account_expiry_time |
|
account-inactive-limit |
account_inactive_limit |
|
change-password-duration-in-days |
change_delay |
|
delay-after-failed-login |
delay_after_failed_login |
|
last-passwords-disallowed-count |
disallowed_reuse |
|
lockout-duration |
lockout_duration |
|
max-failed-login-attempts |
max_failed_login_attempts |
|
min-passwd-specialchar |
passwd_min_special_chars |
|
min-password-size |
passwd_minlength |
|
min-username-size |
username_minlength |
|
passwd-expiry-warn-time |
passwd_expiry_warn_time |
|
passwd-min-digits |
passwd_min_digits |
|
passwd-min-lowercase-chars |
passwd_min_lowercase_chars |
|
passwd-min-uppercase-chars |
passwd_min_uppercase_chars |
|
password-expiration-duration |
passwd_expiry_time |
|
require-initial-password-update |
require_initial_passwd_update |
|
require-password-alpha-numeric |
passwd_alphanum |
|
require-username-alpha-numeric |
username_alphanum |
|
role-name |
role |
|
vserver |
vserver |
|
continue-on-failure |
No REST Equivalent |
|
max-failure-count |
No REST Equivalent |
|
max-records |
max_records |
The maximum number of records to return before paging |
return-failure-list |
No REST Equivalent |
|
return-success-list |
No REST Equivalent |
security-login-role-create
POST /api/private/cli/security/login/role
Note: This ONTAPI will create a new legacy role. Use the private CLI passthrough with the POST method of ONTAP REST API '/api/private/cli/security/login/role' to create new legacy role through REST. POST method of '/security/roles' endpoint can be used to create a new REST role.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
access-level |
access |
|
command-directory-name |
cmddirname |
|
return-record |
No REST Equivalent |
|
role-name |
role |
|
role-query |
query |
|
vserver |
vserver |
security-login-role-delete
DELETE /api/private/cli/security/login/role
Note: This ONTAPI will delete an existing legacy role. Use the private CLI passthrough with the DELETE method of ONTAP REST API '/api/private/cli/security/login/role' to delete existing legacy role through REST. DELETE method of '/security/roles' REST endpoint can be used to delete an existing REST role.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
command-directory-name |
cmddirname |
|
role-name |
role |
|
vserver |
vserver |
security-login-role-delete-iter
DELETE /api/private/cli/security/login/role
Note: This ONTAPI will delete a set of existing legacy roles. Use the private CLI passthrough with the DELETE method of ONTAP REST API '/api/private/cli/security/login/role' and wildcard parameters in DELETE body to delete existing legacy roles through REST.Query-based DELETE on '/security/roles' collection can be used to delete a set of existing REST roles.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
continue-on-failure |
No REST Equivalent |
|
max-failure-count |
No REST Equivalent |
|
max-records |
max_records |
The maximum number of records to return before paging |
access-level |
access |
|
command-directory-name |
cmddirname |
|
role-name |
role |
|
role-query |
query |
|
vserver |
vserver |
|
return-failure-list |
No REST Equivalent |
|
return-success-list |
No REST Equivalent |
security-login-role-get
GET /api/private/cli/security/login/role
Note: This ONTAPI will fetch an existing legacy role. Use the private CLI passthrough with the GET method of ONTAP REST API '/api/private/cli/security/login/role' to fetch existing legacy role through REST.GET method of '/security/roles/\{owner.uuid\}/{name}' endpoint can be used to fetch an existing REST role.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
command-directory-name |
cmddirname |
|
access-level |
access |
|
role-name |
role |
|
role-query |
query |
|
vserver |
vserver |
security-login-role-get-iter
GET /api/private/cli/security/login/role
Note: This ONTAPI will iterate over a list of existing legacy roles. Use the private CLI passthrough with the GET method of ONTAP REST API '/api/private/cli/security/login/role' and wildcards in GET body parameters to iterate over a list of existing legacy roles through REST.GET on '/security/roles' collection can be used to iterate over a list of existing REST roles.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
access-level |
access |
|
command-directory-name |
cmddirname |
|
role-name |
role |
|
role-query |
query |
|
vserver |
vserver |
|
max-records |
max_records |
The maximum number of records to return before paging |
security-login-role-modify
PATCH /api/private/cli/security/login/role
Note: This ONTAPI will modify an existing legacy role. Use the private CLI passthrough with the PATCH method of ONTAP REST API '/api/private/cli/security/login/role' to modify existing legacy role through REST.PATCH method of '/security/roles/\{owner.uuid\}/{name}' REST endpoint can be used to modify an existing REST role.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
access-level |
access |
|
command-directory-name |
cmddirname |
|
role-name |
role |
|
role-query |
query |
|
vserver |
vserver |
security-login-role-modify-iter
PATCH /api/private/cli/security/login/role
Note: This ONTAPI will modify a set of existing legacy roles. Use the private CLI passthrough with the PATCH method of ONTAP REST API '/api/private/cli/security/login/role' and wildcard parameters in PATCH body to modify a set of existing legacy roles through REST.Query-based PATCH on '/security/roles' collection can be used to modify a set of existing REST roles.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
access-level |
access |
|
command-directory-name |
cmddirname |
|
role-name |
role |
|
role-query |
query |
|
vserver |
vserver |
|
continue-on-failure |
No REST Equivalent |
|
max-failure-count |
No REST Equivalent |
|
max-records |
max_records |
The maximum number of records to return before paging |
return-failure-list |
No REST Equivalent |
|
return-success-list |
No REST Equivalent |
security-login-unlock
PATCH /api/security/accounts/{owner.uuid}/{name}
Note: Set the 'locked' REST attribute to 'false'.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
user-name |
name |
'name' is specified as a path parameter. |
vserver |
owner.uuid |
'owner.uuid' is a path parameter. |
security-login-whoami
This ONTAPI call does not have an equivalent REST API call.
security-protocol-get
GET /api/private/cli/security/protocol
Note: Use the private CLI passthrough with GET method of ONTAP REST API '/api/private/cli/security/protocol' to get 'enabled' status of applications.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
application |
|
enabled |
enabled |
security-protocol-modify
PATCH /api/private/cli/security/protocol
Note: Use the private CLI passthrough with PATCH method of ONTAP REST API '/api/private/cli/security/protocol' to modify 'enabled' status of applications.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
application |
application |
|
enabled |
enabled |
security-protocol-ssh-get
GET /api/security/ssh
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
connections-per-second |
connections_per_second |
|
max-instances |
max_instances |
|
per-source-limit |
per_source_limit |
security-protocol-ssh-modify
PATCH /api/security/ssh
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
connections-per-second |
connections_per_second |
|
max-instances |
max_instances |
|
per-source-limit |
per_source_limit |
security-reset
This ONTAPI call does not have an equivalent REST API call.
security-saml-sp-create-async
POST /api/security/authentication/cluster/saml-sp
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
cert-ca |
certificate.ca |
|
cert-common-name |
certificate.common_name |
|
cert-serial |
certificate.serial_number |
|
idp-uri |
idp_uri |
|
sp-host |
host |
|
verify-metadata-server |
No REST Equivalent |
security-saml-sp-destroy
DELETE /api/security/authentication/cluster/saml-sp
There are no attributes defined for this ONTAPI call.
security-saml-sp-get
GET /api/security/authentication/cluster/saml-sp
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
cert-ca |
certificate.ca |
|
cert-common-name |
certificate.common_name |
|
cert-serial |
certificate.serial_number |
|
idp-uri |
idp_uri |
|
is-enabled |
enabled |
|
sp-host |
host |
|
verify-metadata-server |
verify_metadata_server |
security-saml-sp-modify
PATCH /api/security/authentication/cluster/saml-sp
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
is-enabled |
enabled |
security-saml-sp-repair
This ONTAPI call does not have an equivalent REST API call.
security-saml-sp-status-get-iter
This ONTAPI call does not have an equivalent REST API call.
security-security-login-password-prepare-to-downgrade
This ONTAPI call does not have an equivalent REST API call.
security-ssh-add
PATCH /api/security/ssh
Note: The functionality of 'security-ssh-add' can be achieved using 'PATCH' method of '/api/security/ssh'.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
ciphers |
ciphers |
|
key-exchange-algorithms |
key_exchange_algorithms |
|
mac-algorithms |
mac_algorithms |
|
vserver |
No REST Equivalent |
The 'vserver' parameter is defaulted to 'Admin SVM' in REST. |
security-ssh-get-iter
GET /api/security/ssh
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
ciphers |
ciphers |
|
key-exchange-algorithms |
key_exchange_algorithms |
|
mac-algorithms |
mac_algorithms |
|
max-authentication-retry-count |
max_authentication_retry_count |
|
vserver-name |
No REST Equivalent |
The 'vserver' parameter is defaulted to 'Admin SVM' in REST. |
max-records |
max_records |
The maximum number of records to return before paging |
security-ssh-remove
PATCH /api/security/ssh
Note: The functionality of 'security-ssh-remove' can be achieved using 'PATCH' method of '/api/security/ssh'.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
ciphers |
ciphers |
|
key-exchange-algorithms |
key_exchange_algorithms |
|
mac-algorithms |
mac_algorithms |
|
vserver |
No REST Equivalent |
The 'vserver' parameter is defaulted to 'Admin SVM' in REST. |
security-ssh-reset
PATCH /api/security/ssh
Note: ssh configuration for 'Admin SVM' only can be reset via REST.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
ciphers |
ciphers |
|
key-exchange-algorithms |
key_exchange_algorithms |
|
mac-algorithms |
mac_algorithms |
|
max-authentication-retry-count |
max_authentication_retry_count |
ssh-prepare-to-downgrade
This ONTAPI call does not have an equivalent REST API call.