Management

Validate java path for the remote host machine.

SecurityApiKeyAuth
Request
path Parameters
engineId
required
string

The ID of the registered engine.

Request Body schema: application/json
required

The api to check connectivity of engine and a remote host on given port.

java_home
required
string

Path pointing to java home on the remote machine.

port
required
integer or null [ 0 .. 65535 ]

SSH port of the remote host machine that will be used to establish SSH connection.

username
string [ 1 .. 255 ] characters

The username of the user that will be used to connect to the remote host machine.

password
string [ 1 .. 255 ] characters

The password of the user that will be used to connect to the remote host machine.

host_name
required
string

Hostname of the remote host machine that will be used to establish connection.

use_engine_public_key
boolean

Whether to use public key authentication.

vault_id
string [ 1 .. 256 ] characters

The DCT id or name of the vault from which to read the host credentials.

hashicorp_vault_engine
string [ 1 .. 256 ] characters

Vault engine name where the credential is stored.

hashicorp_vault_secret_path
string [ 1 .. 256 ] characters

Path in the vault engine where the credential is stored.

hashicorp_vault_username_key
string [ 1 .. 256 ] characters

Key for the username in the key-value store.

hashicorp_vault_secret_key
string [ 1 .. 256 ] characters

Key for the password in the key-value store.

azure_vault_name
string [ 1 .. 256 ] characters

Azure key vault name (ORACLE, ASE and MSSQL_DOMAIN_USER only).

azure_vault_username_key
string [ 1 .. 256 ] characters

Azure vault key for the username in the key-value store (ORACLE, ASE and MSSQL_DOMAIN_USER only).

azure_vault_secret_key
string [ 1 .. 256 ] characters

Azure vault key for the password in the key-value store (ORACLE, ASE and MSSQL_DOMAIN_USER only).

cyberark_vault_query_string
string [ 1 .. 256 ] characters

Query to find a credential in the CyberArk vault.

use_kerberos_authentication
boolean

Whether to use kerberos authentication.

Responses
200

OK

post/management/engines/{engineId}/validate/java-path
Request samples
application/json
{
  • "java_home": "home/jdk/",
  • "port": 22,
  • "username": "username",
  • "password": "password",
  • "host_name": "test.host.com",
  • "use_engine_public_key": true,
  • "vault_id": "my-vault",
  • "hashicorp_vault_engine": "kv",
  • "hashicorp_vault_secret_path": "oracle-env",
  • "hashicorp_vault_username_key": "username",
  • "hashicorp_vault_secret_key": "secret",
  • "azure_vault_name": "azure_vault",
  • "azure_vault_username_key": "username",
  • "azure_vault_secret_key": "secret",
  • "cyberark_vault_query_string": "Safe=Test;Folder=Test;Object=Test",
  • "use_kerberos_authentication": true
}

Returns a list of registered engines.

SecurityApiKeyAuth
Request
query Parameters
limit
integer [ 1 .. 1000 ]
Default: 100

Maximum number of objects to return per query. The value must be between 1 and 1000. Default is 100.

Example: limit=50
cursor
string [ 1 .. 4096 ] characters

Cursor to fetch the next or previous page of results. The value of this property must be extracted from the 'prev_cursor' or 'next_cursor' property of a PaginatedResponseMetadata which is contained in the response of list and search API endpoints.

sort
string or null

The field to sort results by. A property name with a prepended '-' signifies descending order.

Enum: "id" "-id" "uuid" "-uuid" "type" "-type" "version" "-version" "name" "-name" "hostname" "-hostname" "cpu_core_count" "-cpu_core_count" "memory_size" "-memory_size" "data_storage_capacity" "-data_storage_capacity" "data_storage_used" "-data_storage_used" "username" "-username" "hashicorp_vault_id" "-hashicorp_vault_id" "connection_status" "-connection_status" "connection_status_details" "-connection_status_details" "engine_connection_status" "-engine_connection_status" "engine_connection_status_details" "-engine_connection_status_details" "masking_memory_used" "-masking_memory_used" "masking_allocated_memory" "-masking_allocated_memory" "masking_jobs_running" "-masking_jobs_running" "masking_max_concurrent_jobs" "-masking_max_concurrent_jobs" "masking_available_cores" "-masking_available_cores"
Example: sort=id
Responses
200

OK

get/management/engines
Response samples
application/json
{
  • "items": [
    ],
  • "response_metadata": {
    }
}

Register an engine.

SecurityApiKeyAuth
Request
Request Body schema: application/json
required

The parameters to register an engine.

name
required
string [ 1 .. 256 ] characters
hostname
required
string [ 1 .. 256 ] characters
username
string or null [ 1 .. 256 ] characters

The virtualization domain admin username.

password
string or null [ 1 .. 4096 ] characters

The virtualization domain admin password.

masking_username
string or null [ 1 .. 256 ] characters

The masking admin username.

masking_password
string or null [ 1 .. 4096 ] characters

The masking admin password.

hashicorp_vault_username_command_args
Array of strings or null [ 1 .. 100 ] items

Arguments to pass to the Vault CLI tool to retrieve the virtualzation username for the engine.

hashicorp_vault_masking_username_command_args
Array of strings or null [ 1 .. 100 ] items

Arguments to pass to the Vault CLI tool to retrieve the masking username for the engine.

hashicorp_vault_password_command_args
Array of strings or null [ 1 .. 100 ] items

Arguments to pass to the Vault CLI tool to retrieve the virtualization password for the engine.

hashicorp_vault_masking_password_command_args
Array of strings or null [ 1 .. 100 ] items

Arguments to pass to the Vault CLI tool to retrieve the masking password for the engine.

hashicorp_vault_id
integer or null <int64>

Reference to the Hashicorp vault to use to retrieve virtualization engine credentials.

masking_hashicorp_vault_id
integer or null <int64>

Reference to the Hashicorp vault to use to retrieve masking engine credentials.

insecure_ssl
boolean
Default: false

Allow connections to the engine over HTTPs without validating the TLS certificate. Even though the connection to the engine might be performed over HTTPs, setting this property eliminates the protection against a man-in-the-middle attach for connections to this engine. Instead, consider creating a truststore with a Certificate Authority to validate the engine's certificate, and set the truststore_filename property.

unsafe_ssl_hostname_check
boolean
Default: false

Ignore validation of the name associated to the TLS certificate when connecting to the engine over HTTPs. Setting this value must only be done if the TLS certificate of the engine does not match the hostname, and the TLS configuration of the engine cannot be fixed. Setting this property reduces the protection against a man-in-the-middle attack for connections to this engine. This is ignored if insecure_ssl is set.

truststore_filename
string or null [ 1 .. 1024 ] characters ^[a-zA-Z0-9_\.\-]+$

File name of a truststore which can be used to validate the TLS certificate of the engine. The truststore must be available at /etc/config/certs/

truststore_password
string or null [ 1 .. 1024 ] characters

Password to read the truststore.

object (AutoTaggingConfig)

Configuration settings for auto tagging.

Array of objects (Tag)

The tags to be created for this engine.

Responses
201

Created

post/management/engines
Request samples
application/json
{
  • "name": "string",
  • "hostname": "string",
  • "username": "string",
  • "password": "string",
  • "masking_username": "string",
  • "masking_password": "string",
  • "hashicorp_vault_username_command_args": [
    ],
  • "hashicorp_vault_masking_username_command_args": [
    ],
  • "hashicorp_vault_password_command_args": [
    ],
  • "hashicorp_vault_masking_password_command_args": [
    ],
  • "hashicorp_vault_id": 0,
  • "masking_hashicorp_vault_id": 0,
  • "insecure_ssl": false,
  • "unsafe_ssl_hostname_check": false,
  • "truststore_filename": "string",
  • "truststore_password": "string",
  • "auto_tagging_config": {
    },
  • "tags": [
    ]
}
Response samples
application/json
{
  • "id": "engine-123",
  • "uuid": "54290b71-58cd-463d-bd62-7219d4c4d2d5",
  • "type": "VIRTUALIZATION",
  • "version": "6.0.7.0",
  • "name": "My Favorite Engine",
  • "hostname": "eng09.dev.delphix.com",
  • "cpu_core_count": 4,
  • "memory_size": 16000000000,
  • "data_storage_capacity": 100000000000,
  • "data_storage_used": 85000000000,
  • "tags": [
    ],
  • "connection_status": "OFFLINE",
  • "connection_status_details": "Unable to authenticate with engine",
  • "hyperscale_instance_ids": [
    ],
  • "hyperscale_truststore_filename": "trustfile1",
  • "hyperscale_truststore_password": "*****"
}

Returns a registered engine by ID.

SecurityApiKeyAuth
Request
path Parameters
engineId
required
string

The ID of the registered engine.

Responses
200

OK

get/management/engines/{engineId}
Response samples
application/json
{
  • "id": "engine-123",
  • "uuid": "54290b71-58cd-463d-bd62-7219d4c4d2d5",
  • "type": "VIRTUALIZATION",
  • "version": "6.0.7.0",
  • "name": "My Favorite Engine",
  • "hostname": "eng09.dev.delphix.com",
  • "cpu_core_count": 4,
  • "memory_size": 16000000000,
  • "data_storage_capacity": 100000000000,
  • "data_storage_used": 85000000000,
  • "tags": [
    ],
  • "connection_status": "OFFLINE",
  • "connection_status_details": "Unable to authenticate with engine",
  • "hyperscale_instance_ids": [
    ],
  • "hyperscale_truststore_filename": "trustfile1",
  • "hyperscale_truststore_password": "*****"
}

Update a registered engine.

SecurityApiKeyAuth
Request
path Parameters
engineId
required
string

The ID of the registered engine.

Request Body schema: application/json
required

The updated registration engine information.

uuid
string or null

The unique identifier generated by this engine.

type
string or null

The type of this engine.

Enum: "VIRTUALIZATION" "MASKING" "BOTH" "UNSET"
version
string or null

The engine version.

name
string

The name of this engine.

ssh_public_key
string

The ssh public key of this engine.

hostname
string

The hostname of this engine.

cpu_core_count
integer or null <int32>

The total number of CPU cores on this engine.

memory_size
integer or null <int64>

The total amount of memory on this engine, in bytes.

data_storage_capacity
integer or null <int64>

The total amount of storage allocated for engine objects and system metadata, in bytes.

data_storage_used
integer or null <int64>

The amount of storage used by engine objects and system metadata, in bytes.

insecure_ssl
boolean

Allow connections to the engine over HTTPs without validating the TLS certificate. Even though the connection to the engine might be performed over HTTPs, setting this property eliminates the protection against a man-in-the-middle attach for connections to this engine. Instead, consider creating a truststore with a Certificate Authority to validate the engine's certificate, and set the truststore_filename property.

unsafe_ssl_hostname_check
boolean

Ignore validation of the name associated to the TLS certificate when connecting to the engine over HTTPs. Setting this value must only be done if the TLS certificate of the engine does not match the hostname, and the TLS configuration of the engine cannot be fixed. Setting this property reduces the protection against a man-in-the-middle attack for connections to this engine. This is ignored if insecure_ssl is set.

truststore_filename
string or null [ 1 .. 1024 ] characters ^[a-zA-Z0-9_\.]+$

File name of a truststore which can be used to validate the TLS certificate of the engine. The truststore must be available at /etc/config/certs/

truststore_password
string or null [ 1 .. 1024 ] characters

Password to read the truststore.

username
string or null [ 1 .. 256 ] characters

The virtualization domain admin username.

password
string or null [ 1 .. 4096 ] characters

The virtualization domain admin password.

masking_username
string or null [ 1 .. 256 ] characters

The masking admin username.

masking_password
string or null [ 1 .. 4096 ] characters

The masking admin password.

hashicorp_vault_username_command_args
Array of strings or null [ 1 .. 100 ] items

Arguments to pass to the Vault CLI tool to retrieve the virtualization username for the engine.

hashicorp_vault_masking_username_command_args
Array of strings or null [ 1 .. 100 ] items

Arguments to pass to the Vault CLI tool to retrieve the masking username for the engine.

hashicorp_vault_password_command_args
Array of strings or null [ 1 .. 100 ] items

Arguments to pass to the Vault CLI tool to retrieve the virtualization password for the engine.

hashicorp_vault_masking_password_command_args
Array of strings or null [ 1 .. 100 ] items

Arguments to pass to the Vault CLI tool to retrieve the masking password for the engine.

masking_hashicorp_vault_id
integer or null <int64>

Reference to the Hashicorp vault to use to retrieve masking engine credentials.

hashicorp_vault_id
integer or null <int64>

Reference to the Hashicorp vault to use to retrieve virtualization engine credentials.

Array of objects (Tag)

The tags to be created for this engine.

masking_memory_used
integer or null <int64>

The current amount of memory used by running masking jobs in bytes.

masking_allocated_memory
integer or null <int64>

The maximum amount of memory available for running masking jobs in bytes.

masking_jobs_running
integer or null

The number of masking jobs currently running.

masking_max_concurrent_jobs
integer or null

The maximum number of masking jobs that can be running at the same time.

masking_available_cores
integer or null

The number of CPU cores available to the masking engine.

hyperscale_instance_ids
Array of strings or null

List of Hyperscale Instances that this engine is connected to.

hyperscale_truststore_filename
string or null [ 1 .. 1024 ] characters ^[a-zA-Z0-9_\.]+$

File name of a truststore which can be used to validate the TLS certificate of the engine as expected by associated hyperscale instances.

hyperscale_truststore_password
string or null [ 1 .. 1024 ] characters

Password to read the truststore as expected by associated hyperscale instances.

Responses
200

OK

put/management/engines/{engineId}
Request samples
application/json
{
  • "id": "engine-123",
  • "uuid": "54290b71-58cd-463d-bd62-7219d4c4d2d5",
  • "type": "VIRTUALIZATION",
  • "version": "6.0.7.0",
  • "name": "My Favorite Engine",
  • "hostname": "eng09.dev.delphix.com",
  • "cpu_core_count": 4,
  • "memory_size": 16000000000,
  • "data_storage_capacity": 100000000000,
  • "data_storage_used": 85000000000,
  • "tags": [
    ],
  • "connection_status": "OFFLINE",
  • "connection_status_details": "Unable to authenticate with engine",
  • "hyperscale_instance_ids": [
    ],
  • "hyperscale_truststore_filename": "trustfile1",
  • "hyperscale_truststore_password": "*****"
}
Response samples
application/json
{
  • "id": "engine-123",
  • "uuid": "54290b71-58cd-463d-bd62-7219d4c4d2d5",
  • "type": "VIRTUALIZATION",
  • "version": "6.0.7.0",
  • "name": "My Favorite Engine",
  • "hostname": "eng09.dev.delphix.com",
  • "cpu_core_count": 4,
  • "memory_size": 16000000000,
  • "data_storage_capacity": 100000000000,
  • "data_storage_used": 85000000000,
  • "tags": [
    ],
  • "connection_status": "OFFLINE",
  • "connection_status_details": "Unable to authenticate with engine",
  • "hyperscale_instance_ids": [
    ],
  • "hyperscale_truststore_filename": "trustfile1",
  • "hyperscale_truststore_password": "*****"
}

Unregister an engine.

SecurityApiKeyAuth
Request
path Parameters
engineId
required
string

The ID of the registered engine.

Responses
200

OK

delete/management/engines/{engineId}
Response samples
application/json
{
  • "job": {
    }
}

Update a registered engine.

SecurityApiKeyAuth
Request
path Parameters
engineId
required
string

The ID of the registered engine.

Request Body schema: application/json
required

The updated registration engine information.

uuid
string or null

The unique identifier generated by this engine.

type
string or null

The type of this engine.

Enum: "VIRTUALIZATION" "MASKING" "BOTH" "UNSET"
version
string or null

The engine version.

name
string

The name of this engine.

ssh_public_key
string

The ssh public key of this engine.

hostname
string

The hostname of this engine.

cpu_core_count
integer or null <int32>

The total number of CPU cores on this engine.

memory_size
integer or null <int64>

The total amount of memory on this engine, in bytes.

data_storage_capacity
integer or null <int64>

The total amount of storage allocated for engine objects and system metadata, in bytes.

data_storage_used
integer or null <int64>

The amount of storage used by engine objects and system metadata, in bytes.

insecure_ssl
boolean

Allow connections to the engine over HTTPs without validating the TLS certificate. Even though the connection to the engine might be performed over HTTPs, setting this property eliminates the protection against a man-in-the-middle attach for connections to this engine. Instead, consider creating a truststore with a Certificate Authority to validate the engine's certificate, and set the truststore_filename property.

unsafe_ssl_hostname_check
boolean

Ignore validation of the name associated to the TLS certificate when connecting to the engine over HTTPs. Setting this value must only be done if the TLS certificate of the engine does not match the hostname, and the TLS configuration of the engine cannot be fixed. Setting this property reduces the protection against a man-in-the-middle attack for connections to this engine. This is ignored if insecure_ssl is set.

truststore_filename
string or null [ 1 .. 1024 ] characters ^[a-zA-Z0-9_\.]+$

File name of a truststore which can be used to validate the TLS certificate of the engine. The truststore must be available at /etc/config/certs/

truststore_password
string or null [ 1 .. 1024 ] characters

Password to read the truststore.

username
string or null [ 1 .. 256 ] characters

The virtualization domain admin username.

password
string or null [ 1 .. 4096 ] characters

The virtualization domain admin password.

masking_username
string or null [ 1 .. 256 ] characters

The masking admin username.

masking_password
string or null [ 1 .. 4096 ] characters

The masking admin password.

hashicorp_vault_username_command_args
Array of strings or null [ 1 .. 100 ] items

Arguments to pass to the Vault CLI tool to retrieve the virtualization username for the engine.

hashicorp_vault_masking_username_command_args
Array of strings or null [ 1 .. 100 ] items

Arguments to pass to the Vault CLI tool to retrieve the masking username for the engine.

hashicorp_vault_password_command_args
Array of strings or null [ 1 .. 100 ] items

Arguments to pass to the Vault CLI tool to retrieve the virtualization password for the engine.

hashicorp_vault_masking_password_command_args
Array of strings or null [ 1 .. 100 ] items

Arguments to pass to the Vault CLI tool to retrieve the masking password for the engine.

masking_hashicorp_vault_id
integer or null <int64>

Reference to the Hashicorp vault to use to retrieve masking engine credentials.

hashicorp_vault_id
integer or null <int64>

Reference to the Hashicorp vault to use to retrieve virtualization engine credentials.

Array of objects (Tag)

The tags to be created for this engine.

masking_memory_used
integer or null <int64>

The current amount of memory used by running masking jobs in bytes.

masking_allocated_memory
integer or null <int64>

The maximum amount of memory available for running masking jobs in bytes.

masking_jobs_running
integer or null

The number of masking jobs currently running.

masking_max_concurrent_jobs
integer or null

The maximum number of masking jobs that can be running at the same time.

masking_available_cores
integer or null

The number of CPU cores available to the masking engine.

hyperscale_instance_ids
Array of strings or null

List of Hyperscale Instances that this engine is connected to.

hyperscale_truststore_filename
string or null [ 1 .. 1024 ] characters ^[a-zA-Z0-9_\.]+$

File name of a truststore which can be used to validate the TLS certificate of the engine as expected by associated hyperscale instances.

hyperscale_truststore_password
string or null [ 1 .. 1024 ] characters

Password to read the truststore as expected by associated hyperscale instances.

Responses
200

OK

patch/management/engines/{engineId}
Request samples
application/json
{
  • "id": "engine-123",
  • "uuid": "54290b71-58cd-463d-bd62-7219d4c4d2d5",
  • "type": "VIRTUALIZATION",
  • "version": "6.0.7.0",
  • "name": "My Favorite Engine",
  • "hostname": "eng09.dev.delphix.com",
  • "cpu_core_count": 4,
  • "memory_size": 16000000000,
  • "data_storage_capacity": 100000000000,
  • "data_storage_used": 85000000000,
  • "tags": [
    ],
  • "connection_status": "OFFLINE",
  • "connection_status_details": "Unable to authenticate with engine",
  • "hyperscale_instance_ids": [
    ],
  • "hyperscale_truststore_filename": "trustfile1",
  • "hyperscale_truststore_password": "*****"
}
Response samples
application/json
{
  • "id": "engine-123",
  • "uuid": "54290b71-58cd-463d-bd62-7219d4c4d2d5",
  • "type": "VIRTUALIZATION",
  • "version": "6.0.7.0",
  • "name": "My Favorite Engine",
  • "hostname": "eng09.dev.delphix.com",
  • "cpu_core_count": 4,
  • "memory_size": 16000000000,
  • "data_storage_capacity": 100000000000,
  • "data_storage_used": 85000000000,
  • "tags": [
    ],
  • "connection_status": "OFFLINE",
  • "connection_status_details": "Unable to authenticate with engine",
  • "hyperscale_instance_ids": [
    ],
  • "hyperscale_truststore_filename": "trustfile1",
  • "hyperscale_truststore_password": "*****"
}

Returns the engine's auto tagging configuration.

SecurityApiKeyAuth
Request
path Parameters
engineId
required
string

The ID of the registered engine.

Responses
200

OK

get/management/engines/{engineId}/auto-tagging
Response samples
application/json
{
  • "enable_virtualization_dataset_groups": true,
  • "enable_masking_environments": true,
  • "enable_masking_applications": true,
  • "enable_engine_name": true,
  • "custom_tags": [
    ]
}

Update the engine's auto tagging configuration.

SecurityApiKeyAuth
Request
path Parameters
engineId
required
string

The ID of the registered engine.

Request Body schema: application/json
required

The auto tagging config update parameters.

enable_virtualization_dataset_groups
boolean

Include dataset group names as tags for dSources, VDBs, and vCDBs (key 'dlpx-dataset-group').

enable_masking_environments
boolean

Include masking environment names as tags for masking Jobs and Connectors (key 'dlpx-environment').

enable_masking_applications
boolean

Include masking app names as tags for masking Jobs and Connectors (key 'dlpx-application').

enable_engine_name
boolean

Include the engine name as a tag on discovered objects (key 'dlpx-engine').

Array of objects (Tag) [ 1 .. 1000 ] items unique

List of new custom tags to be added to discovered objects. These are appended to the AutoTaggingConfig's custom_tags list.

Array of objects (Tag) [ 1 .. 1000 ] items unique

List of tags to remove from the AutoTaggingConfig's custom_tags list (applied AFTER custom_tags_to_add).

Responses
200

OK

patch/management/engines/{engineId}/auto-tagging
Request samples
application/json
{
  • "enable_virtualization_dataset_groups": true,
  • "enable_masking_environments": true,
  • "enable_masking_applications": true,
  • "enable_engine_name": true,
  • "custom_tags_to_add": [
    ],
  • "custom_tags_to_remove": [
    ]
}
Response samples
application/json
{
  • "job": {
    }
}

Search for engines.

SecurityApiKeyAuth
Request
query Parameters
limit
integer [ 1 .. 1000 ]
Default: 100

Maximum number of objects to return per query. The value must be between 1 and 1000. Default is 100.

Example: limit=50
cursor
string [ 1 .. 4096 ] characters

Cursor to fetch the next or previous page of results. The value of this property must be extracted from the 'prev_cursor' or 'next_cursor' property of a PaginatedResponseMetadata which is contained in the response of list and search API endpoints.

sort
string or null

The field to sort results by. A property name with a prepended '-' signifies descending order.

Enum: "id" "-id" "uuid" "-uuid" "type" "-type" "version" "-version" "name" "-name" "hostname" "-hostname" "cpu_core_count" "-cpu_core_count" "memory_size" "-memory_size" "data_storage_capacity" "-data_storage_capacity" "data_storage_used" "-data_storage_used" "username" "-username" "hashicorp_vault_id" "-hashicorp_vault_id" "connection_status" "-connection_status" "connection_status_details" "-connection_status_details" "engine_connection_status" "-engine_connection_status" "engine_connection_status_details" "-engine_connection_status_details" "masking_memory_used" "-masking_memory_used" "masking_allocated_memory" "-masking_allocated_memory" "masking_jobs_running" "-masking_jobs_running" "masking_max_concurrent_jobs" "-masking_max_concurrent_jobs" "masking_available_cores" "-masking_available_cores"
Example: sort=id
Request Body schema: application/json

A request body containing a filter expression. This enables searching for items matching arbitrarily complex conditions. The list of attributes which can be used in filter expressions is available in the x-filterable vendor extension.

Filter Expression Overview

Note: All keywords are case-insensitive

Comparison Operators

Operator Description Example
CONTAINS Substring or membership testing for string and list attributes respectively. field3 CONTAINS 'foobar', field4 CONTAINS TRUE
IN Tests if field is a member of a list literal. List can contain a maximum of 100 values field2 IN ['Goku', 'Vegeta']
GE Tests if a field is greater than or equal to a literal value field1 GE 1.2e-2
GT Tests if a field is greater than a literal value field1 GT 1.2e-2
LE Tests if a field is less than or equal to a literal value field1 LE 9000
LT Tests if a field is less than a literal value field1 LT 9.02
NE Tests if a field is not equal to a literal value field1 NE 42
EQ Tests if a field is equal to a literal value field1 EQ 42

Search Operator

The SEARCH operator filters for items which have any filterable attribute that contains the input string as a substring, comparison is done case-insensitively. This is not restricted to attributes with string values. Specifically SEARCH '12' would match an item with an attribute with an integer value of 123.

Logical Operators

Ordered by precedence.

Operator Description Example
NOT Logical NOT (Right associative) NOT field1 LE 9000
AND Logical AND (Left Associative) field1 GT 9000 AND field2 EQ 'Goku'
OR Logical OR (Left Associative) field1 GT 9000 OR field2 EQ 'Goku'

Grouping

Parenthesis () can be used to override operator precedence.

For example: NOT (field1 LT 1234 AND field2 CONTAINS 'foo')

Literal Values

Literal Description Examples
Nil Represents the absence of a value nil, Nil, nIl, NIL
Boolean true/false boolean true, false, True, False, TRUE, FALSE
Number Signed integer and floating point numbers. Also supports scientific notation. 0, 1, -1, 1.2, 0.35, 1.2e-2, -1.2e+2
String Single or double quoted "foo", "bar", "foo bar", 'foo', 'bar', 'foo bar'
Datetime Formatted according to RFC3339 2018-04-27T18:39:26.397237+00:00
List Comma-separated literals wrapped in square brackets [0], [0, 1], ['foo', "bar"]

Limitations

  • A maximum of 8 unique identifiers may be used inside a filter expression.
filter_expression
string [ 5 .. 2000 ] characters
Responses
200

OK

post/management/engines/search
Request samples
application/json

An example of a nested Object comparison testing that at least one repository has a version which is equal to 19.0.0.

{
  • "filter_expression": "repositories CONTAINS {version eq '19.0.0'}"
}
Response samples
application/json
{
  • "items": [
    ],
  • "response_metadata": {
    }
}

Get tags for a Engine.

SecurityApiKeyAuth
Request
path Parameters
engineId
required
string

The ID of the registered engine.

Responses
200

Ok

get/management/engines/{engineId}/tags
Response samples
application/json
{
  • "tags": [
    ]
}

Create tags for an Engine.

SecurityApiKeyAuth
Request
path Parameters
engineId
required
string

The ID of the registered engine.

Request Body schema: application/json
required

Tags information for Engine.

required
Array of objects (Tag) [ 1 .. 1000 ] items unique

Array of tags with key value pairs

Responses
201

Created

post/management/engines/{engineId}/tags
Request samples
application/json
{
  • "tags": [
    ]
}
Response samples
application/json
{
  • "tags": [
    ]
}

Delete tags for an Engine.

SecurityApiKeyAuth
Request
path Parameters
engineId
required
string

The ID of the registered engine.

Request Body schema: application/json

The parameters to delete tags

key
string [ 1 .. 4000 ] characters

Key of the tag

value
string [ 1 .. 4000 ] characters

Value of the tag

Array of objects (Tag) [ 1 .. 1000 ] items unique

List of tags to be deleted

Responses
204

No Content

post/management/engines/{engineId}/tags/delete
Request samples
application/json

Delete all tags for given object - No request body required

{ }

Returns a list of configured Hashicorp vaults.

SecurityApiKeyAuth
Request
query Parameters
limit
integer [ 1 .. 1000 ]
Default: 100

Maximum number of objects to return per query. The value must be between 1 and 1000. Default is 100.

Example: limit=50
cursor
string [ 1 .. 4096 ] characters

Cursor to fetch the next or previous page of results. The value of this property must be extracted from the 'prev_cursor' or 'next_cursor' property of a PaginatedResponseMetadata which is contained in the response of list and search API endpoints.

sort
string or null

The field to sort results by. A property name with a prepended '-' signifies descending order.

Enum: "id" "-id"
Example: sort=id
Responses
200

OK

get/management/vaults/hashicorp
Response samples
application/json
{
  • "items": [
    ],
  • "response_metadata": {
    }
}

Configure a new Hashicorp Vault

SecurityApiKeyAuth
Request
Request Body schema: application/json
required
object

Environment variables to set when invoking the Vault CLI tool. The environment variables will be used both to login to the vault (if this step is required) and to retrieve engine username and passwords.

login_command_args
Array of strings [ 1 .. 100 ] items

Arguments to the "vault" CLI tool to be used to fetch a client token (or "login"). If supporting files, such as TLS certificates, must be used to authenticate, they can be mounted to the /etc/config directory. This property must not be set when using the TOKEN authentication method as login is not required.

Array of objects (Tag)
Responses
201

Created

post/management/vaults/hashicorp
Request samples
application/json
{
  • "env_variables": {},
  • "login_command_args": [
    ],
  • "tags": [
    ]
}
Response samples
application/json
{
  • "id": 0,
  • "env_variables": {},
  • "login_command_args": [
    ],
  • "tags": [
    ]
}

Search for configured Hashicorp vaults.

SecurityApiKeyAuth
Request
query Parameters
limit
integer [ 1 .. 1000 ]
Default: 100

Maximum number of objects to return per query. The value must be between 1 and 1000. Default is 100.

Example: limit=50
cursor
string [ 1 .. 4096 ] characters

Cursor to fetch the next or previous page of results. The value of this property must be extracted from the 'prev_cursor' or 'next_cursor' property of a PaginatedResponseMetadata which is contained in the response of list and search API endpoints.

sort
string or null

The field to sort results by. A property name with a prepended '-' signifies descending order.

Enum: "id" "-id"
Example: sort=id
Request Body schema: application/json

A request body containing a filter expression. This enables searching for items matching arbitrarily complex conditions. The list of attributes which can be used in filter expressions is available in the x-filterable vendor extension.

Filter Expression Overview

Note: All keywords are case-insensitive

Comparison Operators

Operator Description Example
CONTAINS Substring or membership testing for string and list attributes respectively. field3 CONTAINS 'foobar', field4 CONTAINS TRUE
IN Tests if field is a member of a list literal. List can contain a maximum of 100 values field2 IN ['Goku', 'Vegeta']
GE Tests if a field is greater than or equal to a literal value field1 GE 1.2e-2
GT Tests if a field is greater than a literal value field1 GT 1.2e-2
LE Tests if a field is less than or equal to a literal value field1 LE 9000
LT Tests if a field is less than a literal value field1 LT 9.02
NE Tests if a field is not equal to a literal value field1 NE 42
EQ Tests if a field is equal to a literal value field1 EQ 42

Search Operator

The SEARCH operator filters for items which have any filterable attribute that contains the input string as a substring, comparison is done case-insensitively. This is not restricted to attributes with string values. Specifically SEARCH '12' would match an item with an attribute with an integer value of 123.

Logical Operators

Ordered by precedence.

Operator Description Example
NOT Logical NOT (Right associative) NOT field1 LE 9000
AND Logical AND (Left Associative) field1 GT 9000 AND field2 EQ 'Goku'
OR Logical OR (Left Associative) field1 GT 9000 OR field2 EQ 'Goku'

Grouping

Parenthesis () can be used to override operator precedence.

For example: NOT (field1 LT 1234 AND field2 CONTAINS 'foo')

Literal Values

Literal Description Examples
Nil Represents the absence of a value nil, Nil, nIl, NIL
Boolean true/false boolean true, false, True, False, TRUE, FALSE
Number Signed integer and floating point numbers. Also supports scientific notation. 0, 1, -1, 1.2, 0.35, 1.2e-2, -1.2e+2
String Single or double quoted "foo", "bar", "foo bar", 'foo', 'bar', 'foo bar'
Datetime Formatted according to RFC3339 2018-04-27T18:39:26.397237+00:00
List Comma-separated literals wrapped in square brackets [0], [0, 1], ['foo', "bar"]

Limitations

  • A maximum of 8 unique identifiers may be used inside a filter expression.
filter_expression
string [ 5 .. 2000 ] characters
Responses
200

OK

post/management/vaults/hashicorp/search
Request samples
application/json

An example of a nested Object comparison testing that at least one repository has a version which is equal to 19.0.0.

{
  • "filter_expression": "repositories CONTAINS {version eq '19.0.0'}"
}
Response samples
application/json
{
  • "items": [
    ],
  • "response_metadata": {
    }
}

Get a Hashicorp vault by id

SecurityApiKeyAuth
Request
path Parameters
vaultId
required
integer <int64>

Numeric ID of the Hashicorp vault

Responses
200

OK

get/management/vaults/hashicorp/{vaultId}
Response samples
application/json
{
  • "id": 0,
  • "env_variables": {},
  • "login_command_args": [
    ],
  • "tags": [
    ]
}

Delete a Hashicorp vault by id

SecurityApiKeyAuth
Request
path Parameters
vaultId
required
integer <int64>

Numeric ID of the Hashicorp vault

Responses
204

No Content

delete/management/vaults/hashicorp/{vaultId}

Get tags for a Hashicorp vault.

SecurityApiKeyAuth
Request
path Parameters
vaultId
required
integer <int64>

Numeric ID of the Hashicorp vault

Responses
200

Ok

get/management/vaults/hashicorp/{vaultId}/tags
Response samples
application/json
{
  • "tags": [
    ]
}

Create tags for a Hashicorp vault.

SecurityApiKeyAuth
Request
path Parameters
vaultId
required
integer <int64>

Numeric ID of the Hashicorp vault

Request Body schema: application/json
required

Tags information for Hashicorp vault.

required
Array of objects (Tag) [ 1 .. 1000 ] items unique

Array of tags with key value pairs

Responses
201

Created

post/management/vaults/hashicorp/{vaultId}/tags
Request samples
application/json
{
  • "tags": [
    ]
}
Response samples
application/json
{
  • "tags": [
    ]
}

Delete tags for a Hashicorp vault.

SecurityApiKeyAuth
Request
path Parameters
vaultId
required
integer <int64>

Numeric ID of the Hashicorp vault

Request Body schema: application/json

The parameters to delete tags

key
string [ 1 .. 4000 ] characters

Key of the tag

value
string [ 1 .. 4000 ] characters

Value of the tag

Array of objects (Tag) [ 1 .. 1000 ] items unique

List of tags to be deleted

Responses
204

No Content

post/management/vaults/hashicorp/{vaultId}/tags/delete
Request samples
application/json

Delete all tags for given object - No request body required

{ }

Get global properties.

SecurityApiKeyAuth
Responses
200

OK

get/management/properties
Response samples
application/json
{
  • "disable_username_password": true,
  • "phonehome_upload_cadence": 1,
  • "phonehome_maximum_transfer_size": 1048576
}

Update value of predefined properties.

SecurityApiKeyAuth
Request
Request Body schema: application/json
required

The parameters to update property value.

disable_username_password
boolean

Property to define either username & password based authentication disabled or not.

phonehome_upload_cadence
integer [ 1 .. 30 ]

Property to define the phonehome bundle upload cadence, in days, if Delphix services are reachable.

phonehome_maximum_transfer_size
integer [ 1048576 .. 1073741824 ]

Property to define the maximum uncompressed bundle transfer size, in bytes, for phonehome.

Responses
200

OK

patch/management/properties
Request samples
application/json
{
  • "disable_username_password": true,
  • "phonehome_upload_cadence": 1,
  • "phonehome_maximum_transfer_size": 1048576
}
Response samples
application/json
{
  • "disable_username_password": true,
  • "phonehome_upload_cadence": 1,
  • "phonehome_maximum_transfer_size": 1048576
}

Get api classification.

SecurityApiKeyAuth
Responses
200

OK

get/management/api-classification
Response samples
application/json
{
  • "version": "1.0.0",
  • "api_classification": [
    ]
}

Update the api classification to new version.

SecurityApiKeyAuth
Request
Request Body schema: application/json
required

Request to update api classification config.

version
string

Api Classification Config Version.

Array of objects (ApiClassificationObject)

The classification of each APIs, either it is automation or not.

Responses
200

OK

put/management/api-classification
Request samples
application/json
{
  • "version": "1.0.0",
  • "api_classification": [
    ]
}
Response samples
application/json
{
  • "version": "1.0.0",
  • "api_classification": [
    ]
}

Returns the SMTP configuration

SecurityApiKeyAuth
Responses
200

OK

get/management/smtp
Response samples
application/json
{
  • "enabled": false,
  • "server": "smtp.host.com",
  • "port": 25,
  • "authentication_enabled": false,
  • "tls_enabled": false,
  • "username": "username",
  • "password": "password",
  • "from_address": "sender@example.com",
  • "send_timeout": 300
}

Update SMTP Config.

SecurityApiKeyAuth
Request
Request Body schema: application/json
required

The parameters to update the SMTP config.

enabled
boolean
Default: false

True if outbound email is enabled.

server
string or null [ 1 .. 1000 ] characters

IP address or hostname of SMTP relay server.

port
integer or null [ 1 .. 65535 ]

Port number to use. A value of -1 indicates the default (25 or 587 for TLS).

authentication_enabled
boolean
Default: false

True if username/password authentication should be used.

tls_enabled
boolean
Default: false

True if TLS (transport layer security) should be used.

username
string or null [ 1 .. 256 ] characters

If authentication is enabled, username to use when authenticating to the server.

password
string or null [ 1 .. 4096 ] characters

If authentication is enabled, password to use when authenticating to the server.

from_address
string or null <email> [ 1 .. 256 ] characters

From address to use when sending mail. If unspecified, 'noreply@delphix.com' is used.

send_timeout
integer or null [ 0 .. 300 ]

Maximum timeout to wait, in seconds, when sending mail.

Responses
200

OK

put/management/smtp
Request samples
application/json
{
  • "enabled": false,
  • "server": "smtp.host.com",
  • "port": 25,
  • "authentication_enabled": false,
  • "tls_enabled": false,
  • "username": "username",
  • "password": "password",
  • "from_address": "sender@example.com",
  • "send_timeout": 300
}
Response samples
application/json
{
  • "enabled": false,
  • "server": "smtp.host.com",
  • "port": 25,
  • "authentication_enabled": false,
  • "tls_enabled": false,
  • "username": "username",
  • "password": "password",
  • "from_address": "sender@example.com",
  • "send_timeout": 300
}

Validate SMTP Config.

SecurityApiKeyAuth
Request
Request Body schema: application/json
required

The parameters to validate the SMTP config.

to_address
required
string [ 1 .. 256 ] characters
Responses
200

OK

post/management/smtp/validate
Request samples
application/json
{
  • "to_address": "string"
}

Returns configuration information about the metadata database which stores the product data.

SecurityApiKeyAuth
Responses
200

OK

get/management/metadata-database
Response samples
application/json
{
  • "external": false,
  • "version": "TODO",
  • "database_product_name": "TODO",
  • "major_version": 0,
  • "minor_version": 0,
  • "min_supported_major_version": 0,
  • "min_supported_minor_version": 0,
  • "max_supported_major_version": 0,
  • "max_supported_minor_version": 0,
  • "compatible": true
}

Returns the LDAP configuration

SecurityApiKeyAuth
Responses
200

OK

get/management/ldap-config
Response samples
application/json
{
  • "enabled": true,
  • "auto_create_users": true,
  • "hostname": "ldap.server.com",
  • "port": 389,
  • "domains": [
    ],
  • "enable_ssl": false,
  • "truststore_filename": "string",
  • "truststore_password": "string",
  • "insecure_ssl": false,
  • "unsafe_ssl_hostname_check": false
}

Update LDAP Config.

SecurityApiKeyAuth
Request
Request Body schema: application/json
required

The parameters to update the LDAP config.

enabled
boolean
Default: true

When set, these settings are enabled. True by default.

auto_create_users
boolean
Default: true

When set, the system will automatically create new Accounts for those who have logged in using LDAP. This must be true if LDAP user is not already registered in system. True by default.

hostname
string

The hostname of the LDAP server.

port
integer [ 0 .. 65535 ]

The port of the LDAP server. Default port is 389 for non-SSL and 636 for SSL.

Array of objects (Domain) non-empty

DCT will try to authenticate using each Domain given in this list.

enable_ssl
boolean
Default: true

True if LDAP should be used over SSL.

truststore_filename
string [ 1 .. 1024 ] characters ^[a-zA-Z0-9_\.\-]+$

File name of a truststore which can be used to validate the TLS certificate of the LDAP server. The truststore must be available at /etc/config/certs/

truststore_password
string [ 1 .. 1024 ] characters

Password for reading trustStore file provided in 'truststore_filename' property

insecure_ssl
boolean
Default: false

Allow connections to the LDAP server over LDAPS without validating the TLS certificate. Even though the connection to the server might be performed over LDAPS, setting this property eliminates the protection against a man-in-the-middle attach for connections to this server. Instead, consider creating a truststore with a Certificate Authority to validate the server's certificate, and set the truststore_filename property.

unsafe_ssl_hostname_check
boolean
Default: false

Ignore validation of the name associated to the TLS certificate when connecting to the LDAP server over LDAPS. Setting this value must only be done if the TLS certificate of the server does not match the hostname, and the TLS configuration of the server cannot be fixed. Setting this property reduces the protection against a man-in-the-middle attack for connections to this server. This is ignored if insecure_ssl is set.

Responses
200

OK

put/management/ldap-config
Request samples
application/json
{
  • "enabled": true,
  • "auto_create_users": true,
  • "hostname": "ldap.server.com",
  • "port": 389,
  • "domains": [
    ],
  • "enable_ssl": false,
  • "truststore_filename": "string",
  • "truststore_password": "string",
  • "insecure_ssl": false,
  • "unsafe_ssl_hostname_check": false
}
Response samples
application/json
{
  • "enabled": true,
  • "auto_create_users": true,
  • "hostname": "ldap.server.com",
  • "port": 389,
  • "domains": [
    ],
  • "enable_ssl": false,
  • "truststore_filename": "string",
  • "truststore_password": "string",
  • "insecure_ssl": false,
  • "unsafe_ssl_hostname_check": false
}

Validate LDAP Config. Without username/password, DCT performs an anonymous bind against the LDAP server. If credentials are provided DCT validates that authentication and mapping of optional properties are actually working with provided credentials. LDAP search is only validated if search attributes are set.

SecurityApiKeyAuth
Request
Request Body schema: application/json
username
string [ 1 .. 1024 ] characters

Username of the account to validate the ldap optional attributes.

password
string [ 1 .. 1024 ] characters

Password of the account to validate the ldap optional attributes.

Responses
200

OK

post/management/ldap-config/validate
Request samples
application/json
{
  • "username": "string",
  • "password": "string"
}
Response samples
application/json
{
  • "message": "string"
}

Returns the SAML configuration

SecurityApiKeyAuth
Responses
200

OK

get/management/saml-config
Response samples
application/json
{
  • "enabled": true,
  • "auto_create_users": true,
  • "metadata": "string",
  • "entity_id": "https://dct.delphix.com",
  • "response_skew": 120,
  • "group_attr": "groups",
  • "first_name_attr": "firstName",
  • "last_name_attr": "lastName"
}

Update SAML Config.

SecurityApiKeyAuth
Request
Request Body schema: application/json
required

The parameters to update the SAML config.

enabled
boolean
Default: false

When set, SAML settings are enabled. False by default.

auto_create_users
boolean
Default: true

When set, the system will automatically create new Accounts for those who have logged in using SAML. This must be true if SAML user is not already registered in system. True by default.

metadata
string non-empty

IdP metadata for this service provider. This is a required property for successful SAML authentication.

entity_id
string [ 1 .. 4096 ] characters

Unique identifier of this instance as a SAML/SSO service provider.

response_skew
integer
Default: 120

Maximum time difference allowed between a SAML response and the DCT's current time, in seconds. If not set, it defaults to 120 seconds.

group_attr
string [ 1 .. 4096 ] characters
Default: "groups"

Group mapped attribute on SAML to create account tags in DCT.

first_name_attr
string [ 1 .. 4096 ] characters
Default: "firstName"

First name attribute mapped on SAML used for mapping on DCT account.

last_name_attr
string [ 1 .. 4096 ] characters
Default: "lastName"

Last name attribute mapped on SAML used for mapping on DCT account.

Responses
200

OK

put/management/saml-config
Request samples
application/json
{
  • "enabled": true,
  • "auto_create_users": true,
  • "metadata": "string",
  • "entity_id": "https://dct.delphix.com",
  • "response_skew": 120,
  • "group_attr": "groups",
  • "first_name_attr": "firstName",
  • "last_name_attr": "lastName"
}
Response samples
application/json
{
  • "enabled": true,
  • "auto_create_users": true,
  • "metadata": "string",
  • "entity_id": "https://dct.delphix.com",
  • "response_skew": 120,
  • "group_attr": "groups",
  • "first_name_attr": "firstName",
  • "last_name_attr": "lastName"
}

Returns previous bundle upload events

SecurityApiKeyAuth
Request
query Parameters
limit
integer >= 1

The maximum number of items to return.

Responses
200

OK

get/management/phonehome/events
Response samples
application/json
[
  • {
    }
]

Returns the current web proxy configuration to use to connect to Delphix services.

SecurityApiKeyAuth
Responses
200

OK

get/management/proxy
Response samples
application/json
{
  • "host": "proxy.server.com",
  • "port": 3128,
  • "username": "proxy-user",
  • "password": "proxy-password",
  • "enabled": true,
  • "truststore_filename": "string",
  • "truststore_password": "string"
}

Update the web proxy configuration to use to connect to Delphix services.

SecurityApiKeyAuth
Request
Request Body schema: application/json
required
host
required
string

The host name or IP address of the proxy server.

port
required
integer

The port number of the proxy server.

username
string

The username to use when authenticating with the proxy server.

password
string

The password to use when authenticating with the proxy server.

enabled
required
boolean

When set, these settings are enabled. True by default.

truststore_filename
string <= 1024 characters ^$|^[a-zA-Z0-9_\.\-]+$

File name of a truststore which can be used to validate the TLS certificate of the proxy server. The truststore must be available at /etc/config/certs/

truststore_password
string <= 1024 characters

Password for reading trustStore file provided in 'truststore_filename' property

Responses
200

Update the web proxy configuration to use to connect to Delphix services

put/management/proxy
Request samples
application/json
{
  • "host": "proxy.server.com",
  • "port": 3128,
  • "username": "proxy-user",
  • "password": "proxy-password",
  • "enabled": true,
  • "truststore_filename": "string",
  • "truststore_password": "string"
}
Response samples
application/json
{
  • "host": "proxy.server.com",
  • "port": 3128,
  • "username": "proxy-user",
  • "password": "proxy-password",
  • "enabled": true,
  • "truststore_filename": "string",
  • "truststore_password": "string"
}

Returns True if Delphix services are reachable for product registration.

SecurityApiKeyAuth
Responses
200

OK

get/management/product-registration-delphix-connectivity-check
Response samples
application/json
true

Returns the product registration status.

SecurityApiKeyAuth
Responses
200

OK

get/management/product-registration-status
Response samples
application/json
true

Generates and returns a public key that can be used to register the product.

SecurityApiKeyAuth
Responses
200

OK

get/management/product-registration-offline
Response samples
application/json
"string"

Registers the product using a manually generated payload.

SecurityApiKeyAuth
Request
Request Body schema: application/json
required
data_key
required
string
authentication_token
required
string
Responses
204

No Content

post/management/product-registration-offline
Request samples
application/json
{
  • "data_key": "string",
  • "authentication_token": "string"
}

Registers the product using the provided credentials.

SecurityApiKeyAuth
Request
Request Body schema: application/json
required
token
required
string
Responses
204

No Content

post/management/product-registration-online
Request samples
application/json
{
  • "token": "string"
}
➔ Next to StorageUsage