How to access/troubleshoot NSX-T objects with NSX-T APIs
search cancel

How to access/troubleshoot NSX-T objects with NSX-T APIs


Article ID: 298696


Updated On:


VMware Tanzu Kubernetes Grid Integrated Edition


Both Tanzu Kubernetes Grid Integrated Edition (TKGI) and Tanzu Application Service for VMs (TAS for VMs) can be integrated with NSX-T. 
  • For TKGI, NSX-T can been enabled at TKGI > Settings > Networking > Container Networking Interface
  • For TAS, VMware NSX-T Container Plug-in must be installed and container network with NSX-T can be enabled at TAS > Settings > Networking > Container network interface plugin
This article explains how to access or troubleshoot NSX-T objects with NSX-T APIs.


Product Version: 1.11


NSX-T Manager API specification can be found here: NSX-T Data Center API Guide. If you want to obtain all IP blocks, the API is `GET /api/v1/pools/ip-blocks`. 

When using Client Certificate Authentication, please execute curl with the client certificate and key. 

For example:

curl -X <METHOD> --cert <CLIETN_CERT_PATH> --key <CLIENT_KEY_PATH> https://<NSX-T Manager URL>/<API_PATH>

If you don't know the key (as key is hidden on Ops Manager UI), you can `bosh ssh` into TAS for VMs or TKGI to find the cert and key file. 

  • For TKGI, they are at /var/vcap/jobs/pks-nsx-t-osb-proxy/config/nsx_t_superuser_cert.pem and nsx_t_superuser_key.pem on the TKGI broker VM. 
  • For TAS, they are at /var/vcap/jobs/ncp/config/certs/nsx/client.crt and client.key on the Diego database VM. 
If you are using username and password in TAS for VMs instead of client certificate, please base64 encode the credentials:
  1. AUTH=$(echo -ne '<USERNAME>:<PASSOWRD>' | base64)
  2. curl -X GET -H "Authorization: Basic $AUTH" https://<NSX-T Manager URL>/<API_PATH>
Note: For security reasons, consider using `curl -u 'username:password'` directly.