security

Contributors

security-config-get

GET /api/security

ONTAPI attribute REST attribute Comment

cluster-security-config-ready

No REST Equivalent

interface

No REST Equivalent

This used to be required in ONTAPI, but only ever allowed a single valid value. It has never been exposed via REST.

is-fips-enabled

fips.enabled

supported-ciphers

No REST Equivalent

This used to be optional in ONTAPI, but is now deprecated in favor of supported-cipher-suites. It has never been exposed via REST.

supported-cipher-suites

No REST Equivalent

supported-protocols

No REST Equivalent

interface

No REST Equivalent

This used to be required in ONTAPI, but only ever allowed a single valid value. It has never been exposed via REST.

security-config-modify

PATCH /api/security

ONTAPI attribute REST attribute Comment

interface

No REST Equivalent

This used to be required in ONTAPI, but only ever allowed a single valid value. It has never been exposed via REST.

is-fips-enabled

fips.enabled

supported-ciphers

No REST Equivalent

This used to be optional in ONTAPI, but is now deprecated in favor of supported-cipher-suites. It has never been exposed via REST.

supported-cipher-suites

No REST Equivalent

supported-protocols

No REST Equivalent

security-config-ocsp-disable

This ONTAPI call does not have an equivalent REST API call.

security-config-ocsp-enable

This ONTAPI call does not have an equivalent REST API call.

security-config-ocsp-get-iter

This ONTAPI call does not have an equivalent REST API call.

security-last-login-info

This ONTAPI call does not have an equivalent REST API call.

security-login-create

POST /api/security/accounts

Note: SNMP users cannot be created using this endpoint.To create SNMP users, use 'POST' method of '/api/support/snmp/users'.

ONTAPI attribute REST attribute Comment

application

applications.application

authentication-method

applications.authentication_methods

comment

comment

is-ns-switch-group

No REST Equivalent

is-password-hashed

No REST Equivalent

password

password

remote-switch-ipaddress

No REST Equivalent

role-name

role.name

second-authentication-method

applications.second_authentication_method

snmpv3-login-info

No REST Equivalent

SNMP (including SNMPv3) users are managed by '/api/support/snmp/users' REST endpoint

user-name

name

'name' is specified as a path parameter.

vserver

owner.name

Can also use owner.uuid

security-login-delete

DELETE /api/security/accounts/{owner.uuid}/{name}

Note: '/api/security/accounts/\{owner.uuid\}/{name}' endpoint will delete all the entries for the user account i.e. it will delete entries for all applications and all authentication methods corresponding to the user account.SNMP users cannot be deleted using this endpoint.To delete SNMP users, use 'DELETE' method of '/api/support/snmp/users/{engine-id}/{name}'.

ONTAPI attribute REST attribute Comment

application

applications.application

authentication-method

applications.authentication_methods

remote-switch-ipaddress

No REST Equivalent

user-name

name

'name' is specified as a path parameter.

vserver

owner.uuid

'owner.uuid' is specified as a path parameter.

security-login-delete-iter

DELETE /api/security/accounts

Note: SNMP users cannot be deleted using this endpoint. To delete a set of SNMP users, use 'DELETE' method of '/api/support/snmp/users' collection.

ONTAPI attribute REST attribute Comment

continue-on-failure

No REST Equivalent

max-failure-count

No REST Equivalent

max-records

max_records

The maximum number of records to return before paging

application

applications.application

authentication-method

applications.authentication_methods

comment

comment

is-locked

locked

is-ns-switch-group

No REST Equivalent

password-hash-algorithm

No REST Equivalent

remote-switch-ipaddress

No REST Equivalent

role-name

role.name

second-authentication-method

applications.second_authentication_method

user-name

name

vserver

owner.name

Can also specify 'owner.uuid'

return-failure-list

No REST Equivalent

return-success-list

No REST Equivalent

security-login-expire-password

This ONTAPI call does not have an equivalent REST API call.

security-login-expire-password-iter

This ONTAPI call does not have an equivalent REST API call.

security-login-get

GET /api/security/accounts/{owner.uuid}/{name}

Note: SNMP users cannot be fetched using this endpoint. To fetch SNMP users, use 'GET' method of '/api/support/snmp/users/{engine_id}/{name}'.

ONTAPI attribute REST attribute Comment

application

applications.application

authentication-method

applications.authentication_methods

comment

comment

is-locked

locked

is-ns-switch-group

No REST Equivalent

password-hash-algorithm

No REST Equivalent

remote-switch-ipaddress

No REST Equivalent

role-name

role.name

second-authentication-method

applications.second_authentication_method

user-name

name

'name' is specified as a path parameter.

vserver

owner.uuid

'owner.uuid' is specified as a path parameter.

security-login-get-iter

GET /api/security/accounts

Note: SNMP users cannot be fetched using this endpoint. To fetch a set of SNMP users, use 'GET' method of '/api/support/snmp/users' collection.

ONTAPI attribute REST attribute Comment

application

applications.application

authentication-method

applications.authentication_methods

comment

comment

is-locked

locked

is-ns-switch-group

No REST Equivalent

password-hash-algorithm

No REST Equivalent

remote-switch-ipaddress

No REST Equivalent

role-name

role.name

second-authentication-method

applications.second_authentication_method

user-name

name

vserver

owner.name

Can also use 'owner.uuid'

max-records

max_records

The maximum number of records to return before paging

security-login-lock

PATCH /api/security/accounts/{owner.uuid}/{name}

Note: Set the 'locked' REST attribute to 'true'.

ONTAPI attribute REST attribute Comment

user-name

name

'name' is specified as a path parameter.

vserver

owner.uuid

'owner.uuid' is specified as a path parameter.

security-login-modify

PATCH /api/security/accounts/{owner.uuid}/{name}

Note: SNMP users cannot be modified using this endpoint. To modify SNMP users, use 'PATCH' method of '/api/support/snmp/users/{engine_id}/{name}'.

ONTAPI attribute REST attribute Comment

application

applications.application

authentication-method

applications.authentication_methods

comment

comment

is-ns-switch-group

No REST Equivalent

remote-switch-ipaddress

No REST Equivalent

role-name

role.name

second-authentication-method

applications.second_authentication_method

user-name

name

'name' is specified as a path parameter.

vserver

owner.uuid

'owner.uuid' is specified as a path parameter.

security-login-modify-iter

PATCH /api/security/accounts

Note: SNMP users are modified using '/api/support/snmp/users' REST endpoint.

ONTAPI attribute REST attribute Comment

application

applications.application

Can be specified as a query parameter.

authentication-method

applications.authentication_methods

Can be specified as a query parameter.

comment

comment

Must be specified in the 'PATCH' body.

is-locked

locked

Must be specified in the 'PATCH' body.

is-ns-switch-group

No REST Equivalent

password-hash-algorithm

No REST Equivalent

remote-switch-ipaddress

No REST Equivalent

role-name

role.name

Must be specified in the 'PATCH' body.

second-authentication-method

applications.second_authentication_method

user-name

name

Must be specified as a query parameter.

vserver

owner.name

Can also use 'owner.uuid'.

continue-on-failure

No REST Equivalent

max-failure-count

No REST Equivalent

max-records

max_records

The maximum number of records to return before paging

return-failure-list

No REST Equivalent

return-success-list

No REST Equivalent

security-login-modify-password

POST /api/security/authentication/password

Note: Specify 'owner.name' i.e. SVM name or 'owner.uuid' i.e. SVM uuid rest attributes in the body of POST request to specify the SVM to which the user belongs.If 'owner.uuid' or 'owner.name' is not specified, SVM is selected based on LIF or IP address to which the REST API is issued.

ONTAPI attribute REST attribute Comment

is-password-hashed

No REST Equivalent

new-password

password

password-hash-algorithm

No REST Equivalent

user-name

name

security-login-role-config-get

GET /api/private/cli/security/login/role/config

Note: Use the private CLI passthrough with the GET method of ONTAP REST API '/api/private/cli/security/login/role/config' to fetch the configuration parameters for a role through REST.

ONTAPI attribute REST attribute Comment

account-expiry-time

account_expiry_time

account-inactive-limit

account_inactive_limit

change-password-duration-in-days

change_delay

delay-after-failed-login

delay_after_failed_login

last-passwords-disallowed-count

disallowed_reuse

lockout-duration

lockout_duration

max-failed-login-attempts

max_failed_login_attempts

min-passwd-specialchar

passwd_min_special_chars

min-password-size

passwd_minlength

min-username-size

username_minlength

passwd-expiry-warn-time

passwd_expiry_warn_time

passwd-min-digits

passwd_min_digits

passwd-min-lowercase-chars

passwd_min_lowercase_chars

passwd-min-uppercase-chars

passwd_min_uppercase_chars

password-expiration-duration

passwd_expiry_time

require-initial-password-update

require_initial_passwd_update

require-password-alpha-numeric

passwd_alphanum

require-username-alpha-numeric

username_alphanum

role-name

role

vserver

vserver

security-login-role-config-get-iter

GET /api/private/cli/security/login/role/config

Note: Use the private CLI passthrough with the GET method of ONTAP REST API '/api/private/cli/security/login/role/config' and wildcards in GET body parameters to iterate over a list of roles configurations through REST.

ONTAPI attribute REST attribute Comment

account-expiry-time

account_expiry_time

account-inactive-limit

account_inactive_limit

change-password-duration-in-days

change_delay

delay-after-failed-login

delay_after_failed_login

last-passwords-disallowed-count

disallowed_reuse

lockout-duration

lockout_duration

max-failed-login-attempts

max_failed_login_attempts

min-passwd-specialchar

passwd_min_special_chars

min-password-size

passwd_minlength

min-username-size

username_minlength

passwd-expiry-warn-time

passwd_expiry_warn_time

passwd-min-digits

passwd_min_digits

passwd-min-lowercase-chars

passwd_min_lowercase_chars

passwd-min-uppercase-chars

passwd_min_uppercase_chars

password-expiration-duration

passwd_expiry_time

require-initial-password-update

require_initial_passwd_update

require-password-alpha-numeric

passwd_alphanum

require-username-alpha-numeric

username_alphanum

role-name

role

vserver

vserver

max-records

max_records

The maximum number of records to return before paging

security-login-role-config-modify

PATCH /api/private/cli/security/login/role/config

Note: Use the private CLI passthrough with the PATCH method of ONTAP REST API '/api/private/cli/security/login/role/config' to modify the configuration parameters for a role through REST.

ONTAPI attribute REST attribute Comment

account-expiry-time

account_expiry_time

account-inactive-limit

account_inactive_limit

change-password-duration-in-days

change_delay

delay-after-failed-login

delay_after_failed_login

last-passwords-disallowed-count

disallowed_reuse

lockout-duration

lockout_duration

max-failed-login-attempts

max_failed_login_attempts

min-passwd-specialchar

passwd_min_special_chars

min-password-size

passwd_minlength

min-username-size

username_minlength

passwd-expiry-warn-time

passwd_expiry_warn_time

passwd-min-digits

passwd_min_digits

passwd-min-lowercase-chars

passwd_min_lowercase_chars

passwd-min-uppercase-chars

passwd_min_uppercase_chars

password-expiration-duration

passwd_expiry_time

require-initial-password-update

require_initial_passwd_update

require-password-alpha-numeric

passwd_alphanum

require-username-alpha-numeric

username_alphanum

role-name

role

vserver

vserver

security-login-role-config-modify-iter

PATCH /api/private/cli/security/login/role/config

Note: Use the private CLI passthrough with the PATCH method of ONTAP REST API '/api/private/cli/security/login/role/config' and wildcards in PATCH body parameters to modify configuration parameters for a list of roles through REST.

ONTAPI attribute REST attribute Comment

account-expiry-time

account_expiry_time

account-inactive-limit

account_inactive_limit

change-password-duration-in-days

change_delay

delay-after-failed-login

delay_after_failed_login

last-passwords-disallowed-count

disallowed_reuse

lockout-duration

lockout_duration

max-failed-login-attempts

max_failed_login_attempts

min-passwd-specialchar

passwd_min_special_chars

min-password-size

passwd_minlength

min-username-size

username_minlength

passwd-expiry-warn-time

passwd_expiry_warn_time

passwd-min-digits

passwd_min_digits

passwd-min-lowercase-chars

passwd_min_lowercase_chars

passwd-min-uppercase-chars

passwd_min_uppercase_chars

password-expiration-duration

passwd_expiry_time

require-initial-password-update

require_initial_passwd_update

require-password-alpha-numeric

passwd_alphanum

require-username-alpha-numeric

username_alphanum

role-name

role

vserver

vserver

continue-on-failure

No REST Equivalent

max-failure-count

No REST Equivalent

max-records

max_records

The maximum number of records to return before paging

return-failure-list

No REST Equivalent

return-success-list

No REST Equivalent

security-login-role-create

POST /api/private/cli/security/login/role

Note: This ONTAPI will create a new legacy role. Use the private CLI passthrough with the POST method of ONTAP REST API '/api/private/cli/security/login/role' to create new legacy role through REST. POST method of '/security/roles' endpoint can be used to create a new REST role.

ONTAPI attribute REST attribute Comment

access-level

access

command-directory-name

cmddirname

return-record

No REST Equivalent

role-name

role

role-query

query

vserver

vserver

security-login-role-delete

DELETE /api/private/cli/security/login/role

Note: This ONTAPI will delete an existing legacy role. Use the private CLI passthrough with the DELETE method of ONTAP REST API '/api/private/cli/security/login/role' to delete existing legacy role through REST. DELETE method of '/security/roles' REST endpoint can be used to delete an existing REST role.

ONTAPI attribute REST attribute Comment

command-directory-name

cmddirname

role-name

role

vserver

vserver

security-login-role-delete-iter

DELETE /api/private/cli/security/login/role

Note: This ONTAPI will delete a set of existing legacy roles. Use the private CLI passthrough with the DELETE method of ONTAP REST API '/api/private/cli/security/login/role' and wildcard parameters in DELETE body to delete existing legacy roles through REST.Query-based DELETE on '/security/roles' collection can be used to delete a set of existing REST roles.

ONTAPI attribute REST attribute Comment

continue-on-failure

No REST Equivalent

max-failure-count

No REST Equivalent

max-records

max_records

The maximum number of records to return before paging

access-level

access

command-directory-name

cmddirname

role-name

role

role-query

query

vserver

vserver

return-failure-list

No REST Equivalent

return-success-list

No REST Equivalent

security-login-role-get

GET /api/private/cli/security/login/role

Note: This ONTAPI will fetch an existing legacy role. Use the private CLI passthrough with the GET method of ONTAP REST API '/api/private/cli/security/login/role' to fetch existing legacy role through REST.GET method of '/security/roles/\{owner.uuid\}/{name}' endpoint can be used to fetch an existing REST role.

ONTAPI attribute REST attribute Comment

command-directory-name

cmddirname

access-level

access

role-name

role

role-query

query

vserver

vserver

security-login-role-get-iter

GET /api/private/cli/security/login/role

Note: This ONTAPI will iterate over a list of existing legacy roles. Use the private CLI passthrough with the GET method of ONTAP REST API '/api/private/cli/security/login/role' and wildcards in GET body parameters to iterate over a list of existing legacy roles through REST.GET on '/security/roles' collection can be used to iterate over a list of existing REST roles.

ONTAPI attribute REST attribute Comment

access-level

access

command-directory-name

cmddirname

role-name

role

role-query

query

vserver

vserver

max-records

max_records

The maximum number of records to return before paging

security-login-role-modify

PATCH /api/private/cli/security/login/role

Note: This ONTAPI will modify an existing legacy role. Use the private CLI passthrough with the PATCH method of ONTAP REST API '/api/private/cli/security/login/role' to modify existing legacy role through REST.PATCH method of '/security/roles/\{owner.uuid\}/{name}' REST endpoint can be used to modify an existing REST role.

ONTAPI attribute REST attribute Comment

access-level

access

command-directory-name

cmddirname

role-name

role

role-query

query

vserver

vserver

security-login-role-modify-iter

PATCH /api/private/cli/security/login/role

Note: This ONTAPI will modify a set of existing legacy roles. Use the private CLI passthrough with the PATCH method of ONTAP REST API '/api/private/cli/security/login/role' and wildcard parameters in PATCH body to modify a set of existing legacy roles through REST.Query-based PATCH on '/security/roles' collection can be used to modify a set of existing REST roles.

ONTAPI attribute REST attribute Comment

access-level

access

command-directory-name

cmddirname

role-name

role

role-query

query

vserver

vserver

continue-on-failure

No REST Equivalent

max-failure-count

No REST Equivalent

max-records

max_records

The maximum number of records to return before paging

return-failure-list

No REST Equivalent

return-success-list

No REST Equivalent

security-login-unlock

PATCH /api/security/accounts/{owner.uuid}/{name}

Note: Set the 'locked' REST attribute to 'false'.

ONTAPI attribute REST attribute Comment

user-name

name

'name' is specified as a path parameter.

vserver

owner.uuid

'owner.uuid' is a path parameter.

security-login-whoami

This ONTAPI call does not have an equivalent REST API call.

security-protocol-get

GET /api/private/cli/security/protocol

Note: Use the private CLI passthrough with GET method of ONTAP REST API '/api/private/cli/security/protocol' to get 'enabled' status of applications.

ONTAPI attribute REST attribute Comment

application

application

enabled

enabled

security-protocol-modify

PATCH /api/private/cli/security/protocol

Note: Use the private CLI passthrough with PATCH method of ONTAP REST API '/api/private/cli/security/protocol' to modify 'enabled' status of applications.

ONTAPI attribute REST attribute Comment

application

application

enabled

enabled

security-protocol-ssh-get

GET /api/security/ssh

ONTAPI attribute REST attribute Comment

connections-per-second

connections_per_second

max-instances

max_instances

per-source-limit

per_source_limit

security-protocol-ssh-modify

PATCH /api/security/ssh

ONTAPI attribute REST attribute Comment

connections-per-second

connections_per_second

max-instances

max_instances

per-source-limit

per_source_limit

security-reset

This ONTAPI call does not have an equivalent REST API call.

security-saml-sp-create-async

POST /api/security/authentication/cluster/saml-sp

ONTAPI attribute REST attribute Comment

cert-ca

certificate.ca

cert-common-name

certificate.common_name

cert-serial

certificate.serial_number

idp-uri

idp_uri

sp-host

host

verify-metadata-server

No REST Equivalent

security-saml-sp-destroy

DELETE /api/security/authentication/cluster/saml-sp

There are no attributes defined for this ONTAPI call.

security-saml-sp-get

GET /api/security/authentication/cluster/saml-sp

ONTAPI attribute REST attribute Comment

cert-ca

certificate.ca

cert-common-name

certificate.common_name

cert-serial

certificate.serial_number

idp-uri

idp_uri

is-enabled

enabled

sp-host

host

verify-metadata-server

verify_metadata_server

security-saml-sp-modify

PATCH /api/security/authentication/cluster/saml-sp

ONTAPI attribute REST attribute Comment

is-enabled

enabled

security-saml-sp-repair

This ONTAPI call does not have an equivalent REST API call.

security-saml-sp-status-get-iter

This ONTAPI call does not have an equivalent REST API call.

security-security-login-password-prepare-to-downgrade

This ONTAPI call does not have an equivalent REST API call.

security-ssh-add

PATCH /api/security/ssh

Note: The functionality of 'security-ssh-add' can be achieved using 'PATCH' method of '/api/security/ssh'.

ONTAPI attribute REST attribute Comment

ciphers

ciphers

key-exchange-algorithms

key_exchange_algorithms

mac-algorithms

mac_algorithms

vserver

No REST Equivalent

The 'vserver' parameter is defaulted to 'Admin SVM' in REST.

security-ssh-get-iter

GET /api/security/ssh

ONTAPI attribute REST attribute Comment

ciphers

ciphers

key-exchange-algorithms

key_exchange_algorithms

mac-algorithms

mac_algorithms

max-authentication-retry-count

max_authentication_retry_count

vserver-name

No REST Equivalent

The 'vserver' parameter is defaulted to 'Admin SVM' in REST.

max-records

max_records

The maximum number of records to return before paging

security-ssh-remove

PATCH /api/security/ssh

Note: The functionality of 'security-ssh-remove' can be achieved using 'PATCH' method of '/api/security/ssh'.

ONTAPI attribute REST attribute Comment

ciphers

ciphers

key-exchange-algorithms

key_exchange_algorithms

mac-algorithms

mac_algorithms

vserver

No REST Equivalent

The 'vserver' parameter is defaulted to 'Admin SVM' in REST.

security-ssh-reset

PATCH /api/security/ssh

Note: ssh configuration for 'Admin SVM' only can be reset via REST.

ONTAPI attribute REST attribute Comment

ciphers

ciphers

key-exchange-algorithms

key_exchange_algorithms

mac-algorithms

mac_algorithms

max-authentication-retry-count

max_authentication_retry_count

ssh-prepare-to-downgrade

This ONTAPI call does not have an equivalent REST API call.