• For TKGI, NSX-T can been enabled at TKGI > Settings > Networking > Container Networking Interface. 
• For TAS, VMware NSX-T Container Plug-in must be installed and container network with NSX-T can be enabled at TAS > Settings > Networking > Container network interface plugin. 

This applies to TKGI and Tanzu Application Service deployments that use NSX-T.

NSX-T Manager API specification can be found here: NSX-T Data Center API Guide. If you want to obtain all IP blocks, the API is `GET /api/v1/pools/ip-blocks`. 

When using Client Certificate Authentication, please execute curl with the client certificate and key. 

For example:

curl -X <METHOD> --cert <CLIETN_CERT_PATH> --key <CLIENT_KEY_PATH> https://<NSX-T Manager URL>/<API_PATH>

If you don't know the key (as key is hidden on Ops Manager UI), you can `bosh ssh` into TAS for VMs or TKGI to find the cert and key file. 

• For TKGI, they are at /var/vcap/jobs/pks-nsx-t-osb-proxy/config/nsx_t_superuser_cert.pem and nsx_t_superuser_key.pem on the TKGI broker VM. 
• For TAS, they are at /var/vcap/jobs/ncp/config/certs/nsx/client.crt and client.key on the Diego database VM. 

If you are using username and password in TAS for VMs instead of client certificate, please base64 encode the credentials:

1. AUTH=$(echo -ne '<USERNAME>:<PASSOWRD>' | base64)
2. curl -X GET -H "Authorization: Basic $AUTH" https://<NSX-T Manager URL>/<API_PATH>

Note: For security reasons, consider using `curl -u 'username:password'` directly.