Appliance Management API (0.1.0)

Download OpenAPI specification:Download

Anapaya Operations: [email protected]

Management API for the Anapaya EDGE, CORE and GATE appliances

init

Operations that are important for initialization of the appliance.

Put a new configuration

✨Added in v0.24

Put a new configuration to the appliance.

query Parameters
force
boolean

Push the configuration, even if configuration validation fails. This parameter MUST be used with care as it can leave the appliance in a misconfigured state.

allow_hostname_change
boolean

Once the hostname has been configured, the PUT config endpoint will reject any configuration that changes the hostname, unless this flag is set. This is to prevent accidental deployment of a configuration meant for a different appliance.

disable_strict_parsing
boolean

Disable strict parsing of the appliance configuration.

header Parameters
If-Match
string
Request Body schema: application/json

The config to be pushed to the appliance.

required
object (Config)

Anapaya appliance configuration

Responses

Request samples

Content type
application/json
{
  • "config": {
    }
}

Response samples

Content type
application/json
{
  • "config": {
    },
  • "metadata": {
    }
}

Validates a configuration

✨Added in v0.34

Validates a configuration.

query Parameters
disable_strict_parsing
boolean

Disable strict parsing of the appliance configuration.

Request Body schema: application/json

The config to be validated.

required
object (Config)

Anapaya appliance configuration

Responses

Request samples

Content type
application/json
{
  • "config": {
    }
}

Response samples

Content type
application/json
{
  • "config": {
    },
  • "metadata": {
    }
}

Add a TRC file

✨Added in v0.24

Add a SCION CPPKI Trust Root Configuration (TRC) file to the device. The TRC is first validated before it is added to the trust store. Only valid TRCs are added to the trust store. Use the 'force' query parameter to force the addition of the TRC regardless of validity.

query Parameters
force
boolean
Default: false

If force is true, the TRC is added regardless of validity.

Request Body schema: application/x-pem-files
string <binary>

The PEM encoded signed TRC.

Responses

Request samples

Content type
application/x-pem-files
-----BEGIN TRC-----
ZjAwOjA6MTEwI ...
-----END TRC-----

Response samples

Content type
application/json
{
  • "trc": {
    }
}

Add a bundle of TRC files

✨Added in v0.28

Add a bundle SCION CPPKI Trust Root Configuration (TRC) files to the device. The TRCs are first validated before they are added to the trust store. Only valid TRCs are added to the trust store. Use the 'force' query parameter to force the addition of the TRCs regardless of validity.

query Parameters
force
boolean
Default: false

If force is true, the TRC is added regardless of validity.

Request Body schema: application/x-pem-files
string <binary>

The PEM encoded signed TRC.

Responses

Request samples

Content type
application/x-pem-files
-----BEGIN TRC-----
ZjAwOjA6MTEwI ...
-----END TRC-----
-----BEGIN TRC-----
6QV3F2EsMZVWD ...
-----END TRC-----
-----BEGIN TRC-----
GO0Vg34C8eRAu ...
-----END TRC-----

Response samples

Content type
application/json
{
  • "trcs": [
    ]
}

Create an AS certificate signing request

✨Added in v0.24

Create a SCION CPPKI AS Certificate Signing Request (CSR). The CSR needs to be signed by a SCION CPPKI Certificate Authority in the local ISD. The fully signed certificate chain then needs to be installed via the /cppki/certificates endpoint.

Request Body schema: application/json

The parameters for the CSR.

required
object (Subject of a certificate signing request.)

Responses

Request samples

Content type
application/json
{
  • "subject": {
    }
}

Response samples

Content type
{
  • "certificate_signing_request": {
    }
}

Add an AS certificate chain

✨Added in v0.24

Add a SCION CPPKI AS certificate chain to the device by promoting an existing certificate signing request. The certificate chain is first verified against the active TRC of the local ISD before it is added. Only verifiable certificate chains are added. Use the 'force' query parameter to force the addition of the certificate chain regardless of validity or verifiability.

query Parameters
force
boolean
Default: false

If force is true the certificate chain is added regardless of validity.

Request Body schema:
string <binary>

Certificate chain containing the new AS certificate and the issuing CA certificate encoded in a degenerate PKCS#7 data structure.

Responses

Request samples

Content type
No sample

Response samples

Content type
application/json
{
  • "certificate_chain": {
    }
}

config

Operations related to managing the configuration of the appliance.

Get the current configuration

✨Added in v0.24

Get the currently active appliance configuration.

query Parameters
suppress_secrets
boolean

Do not expose secrets in the response.

header Parameters
If-None-Match
string

Responses

Response samples

Content type
application/json
{
  • "config": {
    },
  • "metadata": {
    }
}

Put a new configuration

✨Added in v0.24

Put a new configuration to the appliance.

query Parameters
force
boolean

Push the configuration, even if configuration validation fails. This parameter MUST be used with care as it can leave the appliance in a misconfigured state.

allow_hostname_change
boolean

Once the hostname has been configured, the PUT config endpoint will reject any configuration that changes the hostname, unless this flag is set. This is to prevent accidental deployment of a configuration meant for a different appliance.

disable_strict_parsing
boolean

Disable strict parsing of the appliance configuration.

header Parameters
If-Match
string
Request Body schema: application/json

The config to be pushed to the appliance.

required
object (Config)

Anapaya appliance configuration

Responses

Request samples

Content type
application/json
{
  • "config": {
    }
}

Response samples

Content type
application/json
{
  • "config": {
    },
  • "metadata": {
    }
}

Validates a configuration

✨Added in v0.34

Validates a configuration.

query Parameters
disable_strict_parsing
boolean

Disable strict parsing of the appliance configuration.

Request Body schema: application/json

The config to be validated.

required
object (Config)

Anapaya appliance configuration

Responses

Request samples

Content type
application/json
{
  • "config": {
    }
}

Response samples

Content type
application/json
{
  • "config": {
    },
  • "metadata": {
    }
}

cppki

Operations related to managing SCION CPPKI cryptographic material of the appliance.

List the TRC files

✨Added in v0.24

List the latest SCION CPPKI Trust Root Configuration (TRC) files for each ISD that are known to the appliance. The result can be filtered by ISD. Optionally, all TRCs can be requested instead of only the latest ones by setting the 'all' query parameter.

query Parameters
isd
Array of integers

Comma-separated list of ISDs to include.

all
boolean

Include all TRCs instead of just the latest one per ISD.

Responses

Response samples

Content type
application/json
{
  • "trcs": [
    ]
}

Add a TRC file

✨Added in v0.24

Add a SCION CPPKI Trust Root Configuration (TRC) file to the device. The TRC is first validated before it is added to the trust store. Only valid TRCs are added to the trust store. Use the 'force' query parameter to force the addition of the TRC regardless of validity.

query Parameters
force
boolean
Default: false

If force is true, the TRC is added regardless of validity.

Request Body schema: application/x-pem-files
string <binary>

The PEM encoded signed TRC.

Responses

Request samples

Content type
application/x-pem-files
-----BEGIN TRC-----
ZjAwOjA6MTEwI ...
-----END TRC-----

Response samples

Content type
application/json
{
  • "trc": {
    }
}

Add a bundle of TRC files

✨Added in v0.28

Add a bundle SCION CPPKI Trust Root Configuration (TRC) files to the device. The TRCs are first validated before they are added to the trust store. Only valid TRCs are added to the trust store. Use the 'force' query parameter to force the addition of the TRCs regardless of validity.

query Parameters
force
boolean
Default: false

If force is true, the TRC is added regardless of validity.

Request Body schema: application/x-pem-files
string <binary>

The PEM encoded signed TRC.

Responses

Request samples

Content type
application/x-pem-files
-----BEGIN TRC-----
ZjAwOjA6MTEwI ...
-----END TRC-----
-----BEGIN TRC-----
6QV3F2EsMZVWD ...
-----END TRC-----
-----BEGIN TRC-----
GO0Vg34C8eRAu ...
-----END TRC-----

Response samples

Content type
application/json
{
  • "trcs": [
    ]
}

Get the TRC

✨Added in v0.24

Get the SCION CPPKI Trust Root Configuration (TRC).

path Parameters
isd
required
integer
Example: 12
base
required
integer
Example: 1
serial
required
integer
Example: 3

Responses

Response samples

Content type
application/json
{
  • "trc": {
    }
}

Get the TRC blob

✨Added in v0.24

Get the SCION CPPKI Trust Root Configuration (TRC) as PEM encoded byte blob.

path Parameters
isd
required
integer
Example: 12
base
required
integer
Example: 1
serial
required
integer
Example: 3

Responses

Response samples

Content type
{
  • "trc": "-----BEGIN TRC-----\\nZjAwOjA6MTEwI ...\\n-----END TRC-----"
}

List the certificate signing requests

✨Added in v0.26

List the certificate signing requests that are available on the device.

query Parameters
isd_as
string (ISD-AS Identifier) ^\d+-([a-f0-9]{1,4}:){2}([a-f0-9]{1,4})|\d+$
Example: isd_as=1-ff00:0:110

Responses

Response samples

Content type
application/json
{
  • "certificate_signing_requests": [
    ]
}

Create an AS certificate signing request

✨Added in v0.24

Create a SCION CPPKI AS Certificate Signing Request (CSR). The CSR needs to be signed by a SCION CPPKI Certificate Authority in the local ISD. The fully signed certificate chain then needs to be installed via the /cppki/certificates endpoint.

Request Body schema: application/json

The parameters for the CSR.

required
object (Subject of a certificate signing request.)

Responses

Request samples

Content type
application/json
{
  • "subject": {
    }
}

Response samples

Content type
{
  • "certificate_signing_request": {
    }
}

Get the certificate signing request

✨Added in v0.26

Get the SCION Certificate Signing Request for a given CSR ID

path Parameters
csr_id
required
string <hex-string> (Certificate signing request identifier)
Example: fa53a04a

Certificate signing request identifier.

Responses

Response samples

Content type
application/json
{
  • "certificate_signing_request": {
    }
}

Get the certificate signing request blob

✨Added in v0.26

Get the SCION CPPKI Certificate Signing Request encoded as PEM bytes blob for a given CSR ID.

path Parameters
csr_id
required
string <hex-string> (Certificate signing request identifier)
Example: fa53a04a

Certificate signing request identifier.

Responses

Response samples

Content type
{
  • "csr": "-----BEGIN CERTIFICATE REQUEST-----\\nCertificateSigningRequest ...\\n-----END CERTIFICATE REQUEST-----"
}

List the certificate chains

✨Added in v0.24

List the certificate chains that are available on the device.

query Parameters
isd_as
string (ISD-AS Identifier) ^\d+-([a-f0-9]{1,4}:){2}([a-f0-9]{1,4})|\d+$
Example: isd_as=1-ff00:0:110
all
boolean

Include all certificate chains instead of just the valid ones.

Responses

Response samples

Content type
application/json
{
  • "certificate_chains": [
    ]
}

Add an AS certificate chain

✨Added in v0.24

Add a SCION CPPKI AS certificate chain to the device by promoting an existing certificate signing request. The certificate chain is first verified against the active TRC of the local ISD before it is added. Only verifiable certificate chains are added. Use the 'force' query parameter to force the addition of the certificate chain regardless of validity or verifiability.

query Parameters
force
boolean
Default: false

If force is true the certificate chain is added regardless of validity.

Request Body schema:
string <binary>

Certificate chain containing the new AS certificate and the issuing CA certificate encoded in a degenerate PKCS#7 data structure.

Responses

Request samples

Content type
No sample

Response samples

Content type
application/json
{
  • "certificate_chain": {
    }
}

Manually renew an AS certificate chain

✨Added in v0.24

Manually renew a SCION CPPKI AS certificate chain with the regular renewal mechanism. By default, the distinguished name of the subject in the predecessor certificate chain is used. A different distinguished name can be requested by setting the subject in the request body. By default the issuers are taken from the appliance configuration, specific issuers can be configured in the request body. If they are set, certificate renewal is attempted with each issuer in order until success.

Note that certificate renewal requires at least one valid certificate chain to be present on the appliance.

query Parameters
isd_as
string (ISD-AS Identifier) ^\d+-([a-f0-9]{1,4}:){2}([a-f0-9]{1,4})|\d+$
Example: isd_as=1-ff00:0:110

The ISD-AS for which the certificate is renewed. This parameter is required only if the request body is not set, and there are multiple ISD-ASes configured on the appliance.

Request Body schema: application/json
object (Subject of a certificate signing request.)
issuers
Array of strings (ISD-AS Identifier)

Responses

Request samples

Content type
application/json
{
  • "subject": {
    },
  • "issuers": [
    ]
}

Response samples

Content type
application/x-pem-file
-----BEGIN CERTIFICATE-----
ASCertificate ...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CACertificate ...
-----END CERTIFICATE-----

Get the certificate chain

✨Added in v0.24

Get the SCION CPPKI AS certificate chain for a given ChainID.

path Parameters
chain_id
required
string <hex-string> (Certificate chain identifier)
Example: fa53a04a

Certificate chain identifier.

Responses

Response samples

Content type
application/json
{
  • "certificate_chain": {
    }
}

Get the certificate chain blob

✨Added in v0.24

Get the SCION CPPKI AS certificate chain encoded as PEM bytes blob for a given ChainID.

path Parameters
chain_id
required
string <hex-string> (Certificate chain identifier)
Example: fa53a04a

Certificate chain identifier.

Responses

Response samples

Content type
{
  • "certificate_chain": "-----BEGIN CERTIFICATE-----\\nASCertificate ...\\n-----END CERTIFICATE-----"
}

Manually request an AS certificate chain for a given CSR

✨Added in v0.34

Manually request a SCION CPPKI AS certificate chain for a given CSR using the regular certificate renewal mechanism. The endpoint expects a CSR and uses that to request a certificate renewal. The certificate renewal request is signed by an active key/certificate of the appliance such that the CA will be able to authenticate the renewal request and issue the certificate. This is useful if one appliance has been disconnected from the SCION network for several days and thus has no valid AS certificate anymore that could be used for certificate renewal. In such a case, one can generate a new CSR on the appliance that was offline and use this endpoint on an appliance that still has a valid AS certificate to request a new certificate on behalf of the sibling.The returned certificate can then be deployed to the offline appliance using the regular POST /cppki/certificates endpoint.

Request Body schema: application/json
csr
required
string

PEM encoded CSR

Responses

Request samples

Content type
application/json
{
  • "csr": "-----BEGIN CERTIFICATE REQUEST-----\\nCertificateSigningRequest ...\\n-----END CERTIFICATE REQUEST-----"
}

Response samples

Content type
application/x-pem-file
-----BEGIN CERTIFICATE-----
ASCertificate ...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CACertificate ...
-----END CERTIFICATE-----

network

Operations related to inspecting the network configuration of the appliance.

List the available physical interfaces

✨Added in v0.32

List the available physical interfaces of the appliance. The result includes the interface name and the PCI-E Bus/Device/Function (BDF) address for each interface. Only physical interfaces are listed here. To configure them use the config endpoint of the API.

Responses

Response samples

Content type
application/json
{
  • "interfaces": [
    ]
}

Get list of Wireguard interfaces.

✨Added in v0.32

List the configured wireguard interfaces. The result includes the interface name and the public key.

Responses

Response samples

Content type
application/json
{
  • "interfaces": [
    ]
}

Get a Wireguard interface.

✨Added in v0.32

Returns the configured wireguard interface and the public key.

path Parameters
interface_name
required
string

Name of the interface to list.

Responses

Response samples

Content type
application/json
{
  • "name": "wg0",
  • "public_key": "SqLwwTSYHBwQljJDqx7aUVWVDFN6ir6FQL/m3VfmhhQ="
}

firewall

Operations related to inspecting the firewall configuration of the appliance.

Get the firewall configuration of the appliance.

✨Added in v0.34

Get the installed firewall configuration of the appliance, including the tables, named counters, chains and rules.

Responses

Response samples

Content type
application/json
{
  • "tables": [
    ]
}

Get a specific firewall table.

✨Added in v0.34

Get a specific firewall table of the appliance by name, including the named counters, chains, and their rules.

path Parameters
table_name
required
string

Responses

Response samples

Content type
application/json
{
  • "table": {
    }
}

Get the rules of a chain of a firewall table.

✨Added in v0.34

Get a specific set of rules specified by their chain and table name of the appliance firewall.

path Parameters
table_name
required
string
chain_name
required
string

Responses

Response samples

Content type
application/json
{
  • "chain": {
    }
}

Generate the default firewall configuration for the given appliance configuration.

✨Added in v0.34

Validates a configuration and returns the firewall configuration which would be applied for the given appliance configuration.

query Parameters
disable_strict_parsing
boolean

Disable strict parsing of the appliance configuration.

Request Body schema: application/json

The config to be validated.

required
object (Config)

Anapaya appliance configuration

Responses

Request samples

Content type
application/json
{
  • "config": {
    }
}

Response samples

Content type
application/json
{
  • "tables": [
    ]
}

tools

Operations used to trigger SCION utilities, such as ping and traceroute.

Trigger a scion ping run

✨Added in v0.26

Trigger and wait for a ping run to test connectivity to a remote SCION host using SCMP echo packets.

Request Body schema: application/json
required
object (PingRun)

Responses

Request samples

Content type
application/json
{
  • "run": {
    }
}

Response samples

Content type
application/json
{
  • "summary": {
    }
}

Trigger a SCION showpaths request

✨Added in v0.26

Trigger a SCION showpaths request to a remote SCION AS.

Request Body schema: application/json
required
object (ShowpathsRun)

Responses

Request samples

Content type
application/json
{
  • "run": {
    }
}

Response samples

Content type
application/json
{
  • "paths": [
    ]
}

Trigger a scion traceroute run

✨Added in v0.26

Trigger a SCION traceroute run and trace the SCION path to a remote AS using SCMP traceroute packets.

Request Body schema: application/json
required
object (TracerouteRun)

Responses

Request samples

Content type
application/json
{
  • "run": {
    }
}

Response samples

Content type
application/json
{
  • "summary": {
    }
}

software

Operations related to managing and installing software packages.

List the package information for scion packages available locally.

✨Added in v0.26

List the package information (e.g., version) for all the scion packages which are available locally on the appliance.

Responses

Response samples

Content type
application/json
{}

Upload the scion package.

✨Added in v0.26

Upload the scion package to the local repository of the appliance.

query Parameters
force
boolean
Default: false

If force is true, the package is stored regardless of whether it already exists.

Request Body schema: application/octet-stream
string <binary>

Responses

Response samples

Content type
application/json
{}

Get the scion package information.

✨Added in v0.26

Get the package information of the scion package for the given version.

path Parameters
version
required
string (Package version)
Example: v0.25.12

Version of the scion package.

Responses

Response samples

Content type
application/json
{}

Delete the given scion package.

✨Added in v0.26

Delete the scion package for the given version if it is available locally on the appliance.

path Parameters
version
required
string (Package version)
Example: v0.25.12

Version of the scion package.

Responses

Response samples

Content type
application/json
{}

List the package information for system packages available locally.

✨Added in v0.26

List the package information (e.g., version) for all the system packages which are available locally on the appliance.

Responses

Response samples

Content type
application/json
{}

Upload the system package.

✨Added in v0.26

Upload the system package to the local repository of the appliance.

query Parameters
force
boolean
Default: false

If force is true, the package is stored regardless of whether it already exists.

Request Body schema: application/octet-stream
string <binary>

Responses

Response samples

Content type
application/json
{}

Get the system package information.

✨Added in v0.26

Get the package information of the system package for the given version.

path Parameters
version
required
string (Package version)
Example: v0.25.12

Version of the system package.

Responses

Response samples

Content type
application/json
{}

Delete the given system package.

✨Added in v0.26

Delete the system package for the given version if it is available locally on the appliance.

path Parameters
version
required
string (Package version)
Example: v0.25.12

Version of the system package.

Responses

Response samples

Content type
application/json
{}

Trigger installation of the specified scion package.

✨Added in v0.26

Trigger the installation of the scion package with the version specified in the request body.

Request Body schema: application/json
version
required
string (Package version)
force
boolean
Default: false
skip_signature_verification
boolean
Default: false

Responses

Request samples

Content type
application/json
{
  • "version": "v0.25.12",
  • "force": false,
  • "skip_signature_verification": false
}

Response samples

Content type
application/json
{
  • "install_info": {
    }
}

Trigger installation of the specified system package.

✨Added in v0.26

Trigger the installation of the system package with the version specified in the request body.

Request Body schema: application/json
version
required
string (Package version)
force
boolean
Default: false
skip_signature_verification
boolean
Default: false

Responses

Request samples

Content type
application/json
{
  • "version": "v0.25.12",
  • "force": false,
  • "skip_signature_verification": false
}

Response samples

Content type
application/json
{
  • "install_info": {
    }
}

Get the status of the scion package installation process for the given id.

✨Added in v0.26

Get the status of the installation process of the scion package for the given id.

path Parameters
id
required
string (Identifier of the software package installation process.)

Identifier of the installation process for the specific scion package version.

Responses

Response samples

Content type
application/json
{
  • "install_info": {
    }
}

Get the status of the system package installation process for the given id.

✨Added in v0.26

Get the status of the installation process of the system package for the given id.

path Parameters
id
required
string (Identifier of the software package installation process.)

Identifier of the installation process for the specific system package version.

Responses

Response samples

Content type
application/json
{
  • "install_info": {
    }
}

Get the installed scion version.

✨Added in v0.26

Get the version of scion package currently installed.

Responses

Response samples

Content type
application/json
{
  • "version": "v0.25.12",
  • "checksum": "string"
}

Get the installed system version.

✨Added in v0.26

Get the version of system package currently installed.

Responses

Response samples

Content type
application/json
{
  • "version": "v0.25.12",
  • "checksum": "string"
}

software-signatures

Operations related to managing software package signatures.

Get the specified signatures

✨Added in v0.31

Get the specified signatures.

path Parameters
type
required
string
version
required
string

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "sha256sum": "string",
  • "signatures": [
    ]
}

Install signatures.

✨Added in v0.31

Install signatures.

path Parameters
type
required
string
version
required
string
Request Body schema: application/json
name
required
string

Name of the signed file

sha256sum
required
string

SHA256 hash of the signed file

required
Array of objects (Signature)

A list of signatures

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "sha256sum": "string",
  • "signatures": [
    ]
}

Response samples

Content type
application/json+problem
{}

Get the public signing keys.

✨Added in v0.31

Get the currently installed public signing keys.

Responses

Response samples

Content type
application/json
{
  • "public_keys": [
    ]
}

Install new public signing keys.

✨Added in v0.31

Install new public signing keys.

Request Body schema: application/json
required
Array of objects (PublicKey)

a list of public signing keys

Responses

Request samples

Content type
application/json
{
  • "public_keys": [
    ]
}

Response samples

Content type
application/json+problem
{}

migrations

Operations related to migrations towards a new version of the appliance.

Put the configuration for migration to {version}.

✨Added in v0.32

This endpoint allows the preparation of the installation of a new appliance release. It accepts any json and stores this so that the new appliance version will find it. The new appliance version will validate the configuration and if validation succeeds use that as configuration. This helps to do upgrades where new configuration features can't be automatically migrated or are newly added. For example to migrate to v0.33.1 put the new configuration to /migrations/v0.33/config. Note that if there was a previous configuration it is overwritten.

path Parameters
version
required
string (Version without patch)
Example: v0.32

Version of the appliance for which the configuration is.

Responses

Response samples

Content type
application/json+problem
{}

Get the configuration for migration to {version}.

✨Added in v0.32

Get the configuration that is applied on the migration to version {version}.

path Parameters
version
required
string (Version without patch)
Example: v0.32

Version of the appliance for which the configuration is.

Responses

Response samples

Content type
application/json+problem
{}

health

Operations related to checking the health of the appliance.

Appliance Health

✨Added in v0.36

Report the appliance health along with the executed health checks. The health status is based on a set of health checks that are executed. Check the documentation of the individual health checks for more information.

Note that the status is only based on the health checks that are part of the response. If you filter out non-passing health checks, the top level status will be reported as passing.

query Parameters
check_id
Array of strings

List of check_id (or check_id prefixes) that should be included in the response. If unset, health checks are not filtered by check_id. To exclude a check_id, you can use the "-" prefix. E.g., the value "-1001" will exclude the health checks that have the prefix 1001 from the response.

service_name
Array of strings

List of service_name (or service_name prefixes) that should be included in the response. If unset, health checks are not filtered by service_name. To exclude a service_name, you can use the "-" prefix. E.g., the value "-control" will exclude the health checks that have the prefix control from the response.

status
Array of strings

List of status that should be included in the response. If unset, health checks are not filtered by status. To exclude a status, you can use the "-" prefix. E.g., the value "-passing" will exclude the health checks that have the status passing from the response.

Responses

Response samples

Content type
application/json
{
  • "health": {
    }
}

debug

Operations related to debug information.

Get LAN statistics.

✨Added in v0.36

Get LAN statistics.

Responses

Response samples

Content type
application/json
{
  • "gateways": {
    }
}

The graph of planner nodes.

✨Added in v0.35

The graph of planner nodes. The graph is in dot format and can be rendered by graphviz, or one of the online dot-rendering tools.

Responses

Response samples

Content type
application/json+problem
{}

Network interfaces summary.

✨Added in v0.32

Network interfaces summary.

query Parameters
interface-name
string

Responses

Response samples

Content type
application/json
{
  • "interfaces": [
    ]
}

Network routes summary.

✨Added in v0.33

Network routes summary.

query Parameters
ip
string

Responses

Response samples

Content type
application/json
{
  • "routes": [
    ]
}

Get if the periodic appliance-controller notifications are enabled.

✨Added in v0.27

Check if the controller notifications are enabled or not. For context: If notifications are enabled, the appliance-controller periodically sends notifications with the latest configuration, which eventually overwrites any manual changes. By default, the controller notifications should be enabled. However, in the case of manual troubleshooting, it may be convenient to temporarily disable the controller notifications.

Responses

Response samples

Content type
application/json
{
  • "disabled": true,
  • "indefinite": false,
  • "deadline": "2022-02-21T10:31:45Z",
  • "timeout": "10m"
}

Enable or disable periodic notifications from the appliance-controller.

✨Added in v0.27

Enable or disable the appliance-controller notifications. Optionally, a deadline can be provided, either as absolute time or as a relative duration. The deadline indicates until when the appliance-controller notifications should be disabled. If both absolute and relative times are given, the minimum is taken. For context: If notifications are enabled (default), the appliance-controller periodically sends notifications with the latest configuration, which overwrites any manual changes. Note that disabling notifications should only happen when debugging the configuration of the host. It should not be treated as a permanent solution to configuration changes, meaning that eventually the appliance-controller notifications should be re-enabled.

Request Body schema: application/json
disabled
required
boolean

Whether the appliance-controller notifications are disabled.

indefinite
boolean
Default: false

Whether the appliance-controller notifications are disabled indefinitely. Only one of indefinite, deadline and timeout must be set.

deadline
string <date-time>

Until when appliance-controller notifications are disabled specified as a RFC3339 formatted date-time string. Only one of indefinite, deadline and timeout must be set.

timeout
string

Duration during which the appliance-controller notifications are disabled specified as a duration string. A duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms", "-1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Only one of indefinite, deadline and timeout must be set.

Responses

Request samples

Content type
application/json
{
  • "disabled": true,
  • "indefinite": false,
  • "deadline": "2022-02-21T10:31:45Z",
  • "timeout": "10m"
}

Response samples

Content type
application/json
{
  • "disabled": true,
  • "indefinite": false,
  • "deadline": "2022-02-21T10:31:45Z",
  • "timeout": "10m"
}

Trigger a notification from the appliance-controller.

✨Added in v0.34

Triggering a notification will reapply the lastest stored configuration.

Responses

Response samples

Content type
application/json+problem
{}

Get the SCION interfaces.

✨Added in v0.32

Get a list of all the SCION interfaces configured on the host.

query Parameters
local_isd_as
string (ISD-AS Identifier) ^\d+-([a-f0-9]{1,4}:){2}([a-f0-9]{1,4})|\d+$
Example: local_isd_as=1-ff00:0:110
remote_isd_as
string (ISD-AS Identifier) ^\d+-([a-f0-9]{1,4}:){2}([a-f0-9]{1,4})|\d+$
Example: remote_isd_as=1-ff00:0:110
interface_id
integer >= 0

Responses

Response samples

Content type
application/json
{
  • "interfaces": [
    ],
  • "sibling_interfaces": [
    ]
}

The user-provided domain configuration.

✨Added in v0.35

The user-provided domain configuration.

Responses

Response samples

Content type
application/json
{ }

The full current state of the gateway.

✨Added in v0.35

The full current state of the gateway.

Responses

Response samples

Content type
application/json
{ }

The current state of the fastpath.

✨Added in v0.37

The current state of the fastpath.

Responses

Response samples

Content type
application/json
{ }

The state monitored by the gateway.

✨Added in v0.35

The state monitored by the gateway.

Responses

Response samples

Content type
application/json
{ }

The full dump of observability data.

✨Added in v0.37

The full dump of observability data.

query Parameters
filter
Array of strings

A list of subsections to return, separated by commas. If empty, all subsections are returned.

Responses

Response samples

Content type
application/json
{ }

The graph of the planner nodes and dependencies.

✨Added in v0.36

The graph of the planner nodes and dependencies. The graph is in the dot format and can be rendered by graphviz, or one of the online dot-rendering tools.

Responses

Response samples

Content type
application/json+problem
{}

Get summary of the SCION tunneling infrastructure.

✨Added in v0.33

Get summary of the SCION tunneling infrastructure.

Responses

Response samples

Content type
application/json
{
  • "sessions": [
    ],
  • "routing_chains": [
    ],
  • "paths": {
    }
}

Get the SCION tunneling domains configuration.

✨Added in v0.32

Get the SCION tunneling domains configuration.

query Parameters
domain
string

Responses

Response samples

Content type
application/json
{
  • "domains": [
    ]
}

Discovery of tunneling peers.

✨Added in v0.32

Discovery of tunneling peers.

Responses

Response samples

Content type
application/json
{
  • "sessions": [
    ]
}

List of all SCION paths with their stats.

✨Added in v0.33

Returns a list of all SCION paths and their stats.

Responses

Response samples

Content type
application/json
{
  • "paths": [
    ]
}

List of SCION paths with their stats.

✨Added in v0.32

Returns a list of all SCION paths and their stats filtered by the fingerprints provided in the request body.

Request Body schema: application/json
fingerprints
required
Array of strings

List of path fingerprints to search for.

Responses

Request samples

Content type
application/json
{
  • "fingerprints": [
    ]
}

Response samples

Content type
application/json
{
  • "paths": [
    ]
}

SGRP domains.

✨Added in v0.32

SGRP domains with the associated network prefixes.

query Parameters
domain
string

Responses

Response samples

Content type
application/json
{
  • "domains": {
    }
}

Known local network prefixes.

✨Added in v0.32

Known local network prefixes, including their source. These are afterwards filtered according to domain definitions and eventually sent to SGRP peers.

Responses

Response samples

Content type
application/json
{
  • "local-prefixes": {
    }
}

SGRP peers.

✨Added in v0.32

SGRP peers. Peer is a remote SGRP-capable application accessed from a specific local ISD-AS.

query Parameters
local-isd-as
string (ISD-AS Identifier) ^\d+-([a-f0-9]{1,4}:){2}([a-f0-9]{1,4})|\d+$
Example: local-isd-as=1-ff00:0:110
remote-isd-as
string (ISD-AS Identifier) ^\d+-([a-f0-9]{1,4}:){2}([a-f0-9]{1,4})|\d+$
Example: remote-isd-as=1-ff00:0:110

Responses

Response samples

Content type
application/json
{
  • "peers": [
    ]
}

Reset the SAs of the SCION tunnels.

✨Added in v0.37

Reset the SAs of the SCION tunnels.

Responses

Response samples

Content type
application/json+problem
{}

Get the list of appliance services and service groups.

✨Added in v0.32

Get the list of services and service groups that must be running on the appliance.

Responses

Response samples

Content type
application/json
{
  • "services": [
    ],
  • "groups": [
    ]
}

Restarts the given service.

✨Added in v0.32

Restarts the given service.

path Parameters
service_name
required
string

Name of the service to restart.

Responses

Response samples

Content type
application/json
{ }

Indicate the service health.

✨Added in v0.33

Present the health of the service along with the executed health checks.

path Parameters
service_name
required
string

Name of the service to get health of.

Responses

Response samples

Content type
application/json
{
  • "health": {
    }
}

Restart group of services.

✨Added in v0.32

Trigger restart of all the services in a group.

path Parameters
group_name
required
string

Name of the service groups to restart.

Responses

Response samples

Content type
application/json
{
  • "services": [
    ]
}

Summary of all service health checks.

✨Added in v0.33

Present the health of all the services along with the executed health checks.

Responses

Response samples

Content type
application/json
{
  • "health": {
    }
}

Get the BGP configuration.

✨Added in v0.32

Get the BGP configuration of the host.

Responses

Response samples

Content type
application/json
{
  • "configuration": {
    }
}

Get the state of the BGP neighbors.

✨Added in v0.32

Get the state of the BGP neighbors.

Responses

Response samples

Content type
application/json
{
  • "neighbors": [
    ]
}

Get the cluster status.

✨Added in v0.35

Get the status of the cluster. The status includes for each peer the name, the address, the time of the last synchronization, the status of said synchronization, and if the attempt failed the reason for the failure.

Responses

Response samples

Content type
application/json
{
  • "mode": "static",
  • "peers": [
    ]
}

Retrieve logs via systemd-journal-gatewayd compatible interface.

✨Added in v0.36

Endpoint that implemenets the interface exposed via the /entries endpoint of the systemd-journal-gatewayd service. By default, all systemd-journal logs are exposed.

See also: https://www.freedesktop.org/software/systemd/man/latest/systemd-journal-gatewayd.service.html

header Parameters
Range
string

The range of requested log entries. See systemd-journal-gatewayd documentation.

Accept
string

The format of the log entries (default is text).

Responses

vpp

Operations related to VPP specific debugging information.

Get the list of avaiable VPP coredumps.

✨Added in v0.35

undefined

Responses

Response samples

Content type
application/json
[
  • "string"
]

Download the coredump.

✨Added in v0.35

undefined

path Parameters
filename
required
string

Filename of the coredump.

Responses

Response samples

Content type
application/json
[
  • "string"
]

Dump of the VPP state set up by dataplane-control service.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json
{ }

Dump of the VPP state set up by the gateway service.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json
{ }

Status page listing of loaded VPP plugins.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP errors.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP logs.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP events.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page listing internal VPP interfaces.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page listing interfaces mirrored from VPP to Linux.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page listing addresses on VPP interfaces.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page listing hardware interfaces managed by VPP.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP IPv4 neighbors.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP IPv6 neighbors.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP IPv4 FIB.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP IPv6 FIB.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP IPv6 link-local FIB.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP VRRP.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP memory.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP buffers.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to clear the VPP runtime.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to clear the metrics on VPP interfaces.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to clear VPP errors.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP runtime.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting TUN/TAP devices created by VPP.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting bonds created by VPP.

✨Added in v0.35

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting VPP LACP info.

✨Added in v0.35

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to execute free form packet trace.

✨Added in v0.33

undefined

query Parameters
n
string
Default: ""

VPP node to trace.

i
string
Default: ""

Include only packets passing through the specified VPP node. Include and exclude parameters are mutually exclusive.

e
string
Default: ""

Exclude packets passing through the specified VPP node. Include and exclude parameters are mutually exclusive.

t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path that starts a trace without timeout. The trace can be stopped with the `/vpp/trace/stop` endpoint.

✨Added in v0.33

undefined

query Parameters
n
string
Default: ""

VPP node to trace.

i
string
Default: ""

Include only packets passing through the specified VPP node. Include and exclude parameters are mutually exclusive.

e
string
Default: ""

Exclude packets passing through the specified VPP node. Include and exclude parameters are mutually exclusive.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path that stops tracing.

✨Added in v0.33

undefined

query Parameters
p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to execute a trace for packets entering via memif.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to execute a trace for packets entering via DPDK.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to execute a trace for IPv4 packets entering via VPP UDP socket.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to execute a trace for IPv6 packets entering via VPP UDP socket.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to execute a trace for packets entering via TUN/TAP.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting the bfd session states.

✨Added in v0.32

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting the SCION interfaces.

✨Added in v0.32

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting the SCION router ASes.

✨Added in v0.32

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting the SCION services.

✨Added in v0.32

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting the SCION router IPFIX table.

✨Added in v0.32

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting the SCION router IPFIX statistics.

✨Added in v0.32

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Status page reporting the SCION router IPFIX parameters.

✨Added in v0.32

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: global settings.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: routing hierarchy.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: TUN device.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: remote ASes.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: routing chains.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: traffic classes.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: sessions.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: known paths.

✨Added in v0.33

undefined

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: trace all egress IPv4 packets entering via memif.

✨Added in v0.34

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: trace all egress IPv6 packets entering via memif.

✨Added in v0.34

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: trace all egress IPv4 packets entering via dpdk.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: trace all egress IPv6 packets entering via dpdk.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: trace all egress frames on top of IPv4 underlay.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: trace all egress frames on top of IPv6 underlay.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: trace all ingress frames entering via memif.

✨Added in v0.34

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: trace all ingress frames entering via dpdk.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

SCION gateway: trace all ingress IP packets.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

vpp-trace

Operations related to VPP tracing.

Action path to execute free form packet trace.

✨Added in v0.33

undefined

query Parameters
n
string
Default: ""

VPP node to trace.

i
string
Default: ""

Include only packets passing through the specified VPP node. Include and exclude parameters are mutually exclusive.

e
string
Default: ""

Exclude packets passing through the specified VPP node. Include and exclude parameters are mutually exclusive.

t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path that starts a trace without timeout. The trace can be stopped with the `/vpp/trace/stop` endpoint.

✨Added in v0.33

undefined

query Parameters
n
string
Default: ""

VPP node to trace.

i
string
Default: ""

Include only packets passing through the specified VPP node. Include and exclude parameters are mutually exclusive.

e
string
Default: ""

Exclude packets passing through the specified VPP node. Include and exclude parameters are mutually exclusive.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path that stops tracing.

✨Added in v0.33

undefined

query Parameters
p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to execute a trace for packets entering via memif.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to execute a trace for packets entering via DPDK.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to execute a trace for IPv4 packets entering via VPP UDP socket.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to execute a trace for IPv6 packets entering via VPP UDP socket.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

Action path to execute a trace for packets entering via TUN/TAP.

✨Added in v0.33

undefined

query Parameters
t
integer
Default: 500

Timeout (in ms) for the trace to be stopped.

p
integer
Default: 50

maximum number of packets to return.

Responses

Response samples

Content type
application/json+problem
{
  • "type": "/problem/connection-error",
  • "title": "Service Unavailable",
  • "status": 503,
  • "detail": "Connection to database timed out",
  • "instance": "/problem/connection-error#token-info-read-timed-out"
}

software-license

Get the list of licenses present on the appliance.

✨Added in v0.37

Get the list of licenses present on the appliance.

Responses

Response samples

Content type
application/json
{
  • "licenses": [
    ]
}

Add a new license.

✨Added in v0.37

Add a new license to the appliance.

Request Body schema: application/json

The license to be pushed to the appliance.

license
required
string

The license as a JSON Web signature.

Responses

Request samples

Content type
application/json
{
  • "license": "eyJ0eXAzI1NiJ9.yJpc3MiOiJqb2U.B92K27uhbUJU1p"
}

Response samples

Content type
application/json
{
  • "license_id": "string",
  • "appliance_id": "39a656c5-b388-4eec-afd3-b3cbf4914ca5",
  • "type": {
    },
  • "issued": "2019-08-24T14:15:22Z",
  • "validity": {
    }
}

Get the feature set mapping.

✨Added in v0.37

Gets the feature set mapping. That defines for the different product tiers what features are available.

Responses

Response samples

Content type
application/json
{
  • "version": "string",
  • "feature_mapping": {
    }
}

Update the feature set mapping.

✨Added in v0.37

Updates the feature set mapping. That defines for the different product tiers what features are available.

Request Body schema: application/json

The feature set mapping.

features
required
string

The feature set as a JSON Web signature.

Responses

Request samples

Content type
application/json
{
  • "features": "eyJ0eXAzI1NiJ9.yJpc3MiOiJqb2U.B92K27uhbUJU1p"
}

Response samples

Content type
application/json
{
  • "version": "string",
  • "feature_mapping": {
    }
}

Get the license request data.

✨Added in v0.37

Get the data for a license request for this specific appliance. The license request can be used to request a valid license from Anapaya for the given appliance.

Responses

Response samples

Content type
application/json
{
  • "version": "string",
  • "data": {
    }
}

Get the status of the software license.

✨Added in v0.37

The status of the software license indicates whether a valid license is present, or whether the device runs in grace period or in restricted mode.

Responses

Response samples

Content type
application/json
{
  • "status": "trial-period",
  • "expiry": "2019-08-24T14:15:22Z",
  • "license": {
    },
  • "enforcer_disabled": true
}

Get a specific license.

✨Added in v0.37

Get the license with the given ID.

path Parameters
id
required
string

The license ID.

Responses

Response samples

Content type
application/json
{
  • "license_id": "string",
  • "appliance_id": "39a656c5-b388-4eec-afd3-b3cbf4914ca5",
  • "type": {
    },
  • "issued": "2019-08-24T14:15:22Z",
  • "validity": {
    }
}

Delete a specific license.

✨Added in v0.37

Delete the license with the given ID.

path Parameters
id
required
string

The license ID.

Responses

Response samples

Content type
application/json+problem
{}