Vshield Api Conventions - VMware VSHIELD APP 1.0 - API Programming Manual

To write a RESTful client, you need to understand only the HTTP protocol and the semantics of standard
HTML markup. To use the vShield API effectively in such a client, you need to know three things:

the set of objects that the API supports, and what they represent (What is a vDC? How does it relate to an
Org?)

how the API represents these objects (What does the XML schema for the vShield Edge firewall rule set
look like? What do the individual elements and attributes represent?)

how the client refers to an object on which it wants to operate
To answer these questions, you need to understand the vShield API resource schemas. These schemas define
a number of XML types, many of which are extended by other types. The XML elements defined in these
schemas, along with their attributes and composition rules (minimum and maximum number of elements or
attributes, for example, or the prescribed hierarchy with which elements can be nested) represent the data
structures of vShield objects. A client can "read" an object by making an HTTP GET request to the object's
resource URL. A client can "write" (create or modify) an object with an HTTP PUT or POST request that
includes a new or changed XML body document for the object. And a client can usually delete an object with
an HTTP DELETE request.
In this document, we present example requests and responses, and also provide reference information on the
XML schemas that define the request and response bodies.

vShield API Conventions

The vShield API adheres to the following conventions:

All vShield API requests must be sent through the vShield Manager. You must encrypt each HTTP request
into HTTPS before sending the request to the vShield Manager.

All vShield REST requests require authorization. You can use the following basic authorization:
Authorization: Basic YWRtaW46ZGVmYXVsdA==
YWRtaW46ZGVmYXVsdA== represents the Base 64 encoding of the vShield Manager default login
credentials (admin:default).

For most requests, you must know the managed object ID (MOID) of a vCenter object. Each sample in this
document shows the the required MOID as a variable. You can get an MOID by using your vCenter's
Managed Object Browser (https://vcenter‐ipaddress/mob). You must have vCenter permissions to access
the MOB.
Table 1-1. Description of Managed Object IDs Required for vShield REST API Requests
Variable
base-node-moid
container-moid
dvs-moid
host-moid
portgroup-moid
vm-moid
VMware, Inc.
Description
The base node container, such as a datacenter, on which you want to create or
manage a Security Group. For example, datacenter-7.
The datacenter, cluster, or port group on which you want to configure vShield
App settings. For example, datacenter-7 or domain-c14 (cluster).
The vDS on which you want to enable or disable Port Group Isolation. For
example, dvs-1069.
The ESX host on which you want to install vShield services. For example,
host-5450.
The network—port group or vDS port group—on which you want to install
or configure a vShield Edge. For example, network-25 is a port group MOID,
and dvportgroup-25 is a vDS port group MOID.
The MOID of a virtual machine.
Chapter 1 Overview of VMware vShield
11