ACL Template
Get ACL Templates
| GET /ne/v1/aclTemplates | |
|---|---|
| Method | GET |
| URL or End Point | /ne/v1/aclTemplates |
| Headers | Authorization, Content-Type |
| Query Parameters | offset, limit, accountUcmId |
| Body | Not applicable |
Returns the details of device ACL templates.
*Please note that srcType, metroCode, and metroName fields are deprecated. Subnets is deprecated and replaced by subnet. These changes were necessary to accommodate adding a single ACL template to multiple devices.
To obtain an authorization token, refer to Requesting Access and Refresh tokens under the Getting Access Token section.
Sample curl request:
curl -X
GET "https://api.equinix.com/ne/v1/aclTemplates"
-H "content-type: application/json"
-H "authorization: Bearer qwErtY8zyW1abcdefGHI"
Query parameters:
| Query Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| offset | No | integer | 0 | Specifies where to start a page. It is the starting point of the collection returned from the server. | |
| limit | No | integer | 100 | Specifies the page size. | |
| accountUcmId | No | string | 678907 | The unique Id of the account. A reseller querying for a customer's device ACLs can input the accountUcmId of the customer's account. To find out the accountUcmId of your customer's account, please check the Equinix account creation portal (ECP) or call Get account API. |
Sample response:
{
"pagination": {
"offset": 0,
"limit": 20,
"total": 9
},
"data": [
{
"name": "new-tempalate-with-fqdn2",
"uuid": "be7ef79e-31e7-4769-be5b-e192496f48aa",
"description": "new template description for DC metro update",
"inboundRules": [
{
"seqNo": 1,
"subnet": "216.221.225.13/32",
"protocol": "TCP",
"srcPort": "22",
"dstPort": "any",
"description": "my Rule 1"
}
],
"createdBy": "nfv-sit1",
"createdDate": "2020-09-14T05:36:13.981Z"
}
]
}
The description of the response:
| Field Name | Type | Example Values | Description |
|---|---|---|---|
| pagination | object | An object that has pagination information. | |
| offset | integer | 0 | It is the starting point of the collection returned from the server. |
| limit | integer | 20 | The page size. |
| total | integer | 100 | The total number of results. |
| next | string | The next set of records. | |
| previous | string | The previous set of records. | |
| data | array | An array of device ACLs. | |
| name | string | new-template-with-fqdn | The ACL template name. |
| uuid | string | ec68e425-f973-452e-a866-76be5844d0ba | The unique ID of the ACL template. |
| description | string | New template description. | The ACL template description. |
| inboundRules | array | An array that has the inboundRules. | |
| seqNo | integer | 1 | The sequence number of the inboundRules. |
| subnet | string | 216.221.225.13/32 | Subnet. |
| protocol | string | TCP | Protocol type. |
| srcPort | string | 22 | Source port. |
| dstPort | string | any | Destination port. |
| description | string | my Rule 1 | Description of the inboundRule. |
| createdBy | string | nfv-sit1 | Created by. |
| createdDate | string | 2020-09-14T05:36:13:9812 | Created date. |
Please note the following changes to the previous version of this API:
1) SrcType, fqdn, metroCode, and metroName fields are deprecated.
2) Subnets is deprecated and replaced by subnet.
These changes were necessary to accommodate adding a single ACL template to multiple devices.
If you get “Access Denied” error, contact your local Equinix Service Desk.
Get ACL Template {uuid}
| GET /ne/v1/aclTemplates/{uuid} | |
|---|---|
| Method | GET |
| URL or End Point | /ne/v1/aclTemplates/{uuid} |
| Headers | Authorization, Content-Type |
| Path Parameter | uuid |
| Query Parameter | accountUcmId |
| Body | Not applicable |
Returns the details of an ACL template.
To obtain an authorization token, refer to Requesting Access and Refresh tokens under the Getting Access Token section.
Sample curl request:
curl -X
GET "https://api.equinix.com/ne/v1/aclTemplates/6953b3d7-713d-4412-b6d7-0c5fc5e2a800"
-H "content-type: application/json"
-H "authorization: Bearer qwErtY8zyW1abcdefGHI"
Path parameter:
| Path Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| uuid | Yes | string | 6953b3d7-713d-4412-b6d7-0c5fc5e2a800 | The unique Id of an ACL Template. |
Query parameter:
| Query Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| accountUcmId | No | string | 678907 | The unique Id of the account. A reseller querying for a customer's device ACLs can input the accountUcmId of the customer's account. To find out the accountUcmId of your customer's account, please check the Equinix account creation portal (ECP) or call Get Account {metro}. |
Sample response:
{
"name": "ACL_Template_1",
"uuid": "6953b3d7-713d-4412-b6d7-0c5fc5e2a800",
"description": "ACL_Template_1",
"inboundRules": [
{
"seqNo": 1,
"subnet": "216.221.225.13/32",
"protocol": "TCP",
"srcPort": "any",
"dstPort": "any",
"description": "my inboundRule 1"
}
],
"virtualDeviceDetails": [
{
"name": "E2E-NE-Device-Aut-270621005124621",
"uuid": "2909ed03-57d9-44ee-848b-c205f8a358f6",
"aclStatus": "PROVISIONED",
"interfaceType": "WAN"
},
{
"name": "E2E-NE-Device-Aut-270621005124621-secondary",
"uuid": "6c5a0636-5a4f-4392-9e85-1771ba8747ab",
"aclStatus": "PROVISIONED",
"interfaceType": "WAN"
}
"createdBy": "nfvsit01",
"createdDate": "2020-10-03T19:41:17.976Z"
}
The description of the response:
| Field Name | Type | Example Values | Description |
|---|---|---|---|
| name | string | new-template-with-fqdn | The ACL template name. |
| uuid | string | ec68e425-f973-452e-a866-76be5844d0ba | The unique ID of the ACL template. |
| description | string | New template description. | The ACL template description. |
| inboundRules | array | An array that has the inboundRules. | |
| seqNo | integer | 1 | The sequence number of the inboundRules. |
| subnet | string | 216.221.225.13/32 | Subnet. |
| protocol | string | TCP | Protocol type. |
| srcPort | string | 22 | Source port. |
| dstPort | string | any | Destination port. |
| description | string | my Rule 1 | Description of the inboundRule. |
| virtualDeviceDetails | array | The array of devices associated with this ACL template | |
| name | string | Test Device | The name of a virtual device. |
| uuid | string | 55c1345f-fa59-4e39-813c-1a439a426ac3 | The unique Id of the device associated with this ACL template. |
| aclStatus | string | PROVISIONING | The ACL status. Possible values:
|
| interfaceType | string | WAN | Interface type, WAN or MGMT. |
| createdBy | string | nfv-sit1 | Created by. |
| createdDate | string | 2020-09-14T05:36:13:9812 | Created date. |
Please note the following changes to the previous version of this API:
1) SrcType, fqdn, metroCode, and metroName fields are deprecated.
2) Subnets is deprecated and replaced by subnet.
3) virtualDeviceUuid, virtualDeviceName, and deviceAclStatus are deprecated and replaced by name, uuid, and aclStatus. The new fields appear as part of the array "virtualDeviceDetails."
These changes were necessary to accommodate the addition of a single ACL template to multiple devices.
If you get “Access Denied” error, contact your local Equinix Service Desk.
Create ACL Template
| POST /ne/v1/aclTemplates | |
|---|---|
| Method | POST |
| URL or End Point | /ne/v1/aclTemplates |
| Headers | Authorization, Content-Type |
| Query Parameters | Not applicable |
| Body | name, description, inboundRules, protocol, srcPort, dstPort, subnet, description |
Creates an ACL template. To get the list of subnets for any FQDN, you can call the POST DNSLookup API with the FQDN. Afterward, to create the ACL template, pass the subnet in the inboundRules array.
To create a WAN Interface ACL, you can have up to fifty rules. However, if you want to create an MGMT Interface ACL, you must not have more than thirty rules. Only some device types support MGMT interface ACLs.
To obtain an authorization token, refer to Requesting Access and Refresh tokens under the Getting Access Token section.
Sample curl request:
curl -X
POST "https://api.equinix.com/ne/v1/aclTemplates"
-H "content-type: application/json"
-H "authorization: Bearer qwErtY8zyW1abcdefGHI"
-d "{
"name": "testtemplate4",
"description": "testtemplate4",
"inboundRules": [
{
"protocol": "TCP",
"srcPort": "any",
"dstPort": "any",
"subnet": "216.221.225.13/32",
"seqNo": 1,
"description": "My Rule 1"
},
{
"protocol": "TCP",
"srcPort": "53",
"dstPort": "any",
"subnet": "1.1.1.1/32",
"seqNo": 2,
"description": "My Rule 2"
}
]
}"
Query parameter:
| Query Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| accountUcmId | No | string | 2252619 | A reseller creating an ACL template for a customer can pass the accountUcmId of the customer. |
| Body Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| name | Yes | string | My template name | ACL template name. | |
| description | Yes | string | My template description | ACL template description, less than two-hundred characters long. | |
| inboundRules | Yes | array | An array of inboundRules. | ||
| protocol | Yes | string | TCP | IP, TCP, UDP | Protocol. |
| srcPort | Yes | string | 53 | Source port. | |
| dstPort | Yes | string | any | Destination port. | |
| subnet | Yes | string | 1.1.1.1/32 | Subnet. | |
| seqNo | No | integer | 1 | The sequence number of the inbound rule. | |
| description | No | string | My Rule 1 | Description of the inboundRule, less than two-hundred characters long. |
Sample response:
201 Created
The description of the response payload:
| Status | Description |
|---|---|
| 201 | The ACL Template is created. You can find the unique Id of the ACL template in the location header. |
Please note the following changes to the previous version of this API:
1) SrcType, metroCode, and fqdn fields are deprecated.
2) Subnets is deprecated and replaced by subnet.
These changes were necessary to accommodate adding a single ACL template to multiple devices.
If you get “Access Denied” error, contact your local Equinix Service Desk.
Update ACL Template
| PUT /ne/v1/aclTempates/{uuid} | |
|---|---|
| Method | PUT |
| URL or End Point | /ne/v1/aclTemplates/{uuid} |
| Headers | Authorization, Content-Type |
| Query Parameter | accountUcmId |
| Path Parameter | uuid |
| Body | name, description, inboundRules, protocol, srcPort, dstPort, subnet, seqNo, description |
Updates an ACL template.
To obtain an authorization token, refer to Requesting Access and Refresh tokens under the Getting Access Token section.
Sample curl request:
curl -X
PUT "https://api.equinix.com/ne/v1/aclTemplates/f1475-3c7f-447f-b0db-e3bb3af3de16"
-H "content-type: application/json"
-H "authorization: Bearer qwErtY8zyW1abcdefGHI"
-d "{
"name": "testtemplate4",
"description": "testtemplate4",
"inboundRules": [
{
"protocol": "TCP",
"srcPort": "any",
"dstPort": "any",
"subnet": "216.221.225.13/32",
"seqNo": 1,
"description": "My Rule 1"
},
{
"protocol": "TCP",
"srcPort": "53",
"dstPort": "any",
"subnet": "1.1.1.1/32",
"seqNo": 2,
"description": "My Rule 1"
}
]
}"
Query parameter:
| Query Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| accountUcmId | No | string | 2252619 | A reseller creating a device ACL template for a customer can pass the accountUcmId of the customer. |
| Body Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| name | Yes | string | My template name | The device ACL template name. | |
| description | Yes | string | My template description | The device ACL template description | |
| inboundRules | Yes | array | An array of inboundRules. | ||
| protocol | Yes | string | IP | IP, TCP, UDP | Protocol. |
| srcPort | Yes | string | 53 | Source port. | |
| dstPort | Yes | string | any | Destination port. | |
| subnet | Yes | string | 1.1.1.1/32 | Subnet | |
| seqNo | No | integer | 1 | The sequence number of the inbound rule. | |
| description | No | string | My Rule 1 | The description of the inboundRule. |
Sample response:
204 No Content
The description of the response payload:
| Status | Description |
|---|---|
| 204 | No Content. The ACL template has been updated. |
Please note the following changes to the previous version of this API:
1) SrcType, metroCode, and fqdn fields are deprecated.
2) Subnets is deprecated and replaced by subnet.
These changes were necessary to accommodate adding a single ACL template to multiple devices.
If you get “Access Denied” error, contact your local Equinix Service Desk.
Delete ACL Template {uuid}
| DELETE /ne/v1/aclTemplates/{uuid} | |
|---|---|
| Method | DELETE |
| URL or End Point | /ne/v1/aclTemplates/{uuid} |
| Headers | Authorization, Content-Type |
| Query Parameter | accountUcmId |
| Path Parameter | uuid |
Deletes an ACL template.
To obtain an authorization token, refer to Requesting Access and Refresh tokens under the Getting Access Token section.
Sample curl request.
curl -X
DELETE "https://api.equinix.com/ne/v1/aclTemplates/5f888d91-d2c5-45bb-9b51-fed99f57f0ac"
-H "content-type: application/json"
-H "authorization: Bearer qwErtY8zyW1abcdefGHI"
Path parameter:
| Path Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| Uuid | Yes | string | 5f888d91-d2c5-45bb-9b51-fed99f57f0ac | The unique Id of an ACL template. |
Query parameter:
| Query Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| accountUcmId | No | True | The unique Id of the account. A reseller deleting a customer's template can pass the accountUcmId of the customer's account. |
Sample response:
204 No Content: Deletion request accepted.
The description of the response is as follows:
| HTTP Status | Description |
|---|---|
| 204 No Content | The deletion request was successfully accepted. |
If you get “Access Denied” error, contact your local Equinix Service Desk.
Get ACL of Virtual Device
| GET /ne/v1/devices/{virtualDeviceUuid)/acl | |
|---|---|
| Method | GET |
| URL or End Point | /ne/v1/devices/{virtualDeviceUuid}/acl |
| Headers | Authorization, Content-Type |
| Path Parameter | virtualDeviceUuid |
| Query Parameter | Not applicable |
| Body | Not applicable |
Returns the details of ACL templates associated with a device.
To obtain an authorization token, refer to Requesting Access and Refresh tokens under the Getting Access Token section.
Sample curl request:
curl -X
GET "https://api.equinix.com/ne/v1/devices/6953b3d7-713d-4412-b6d7-0c5fc5e2a800/acl"
-H "content-type: application/json"
-H "authorization: Bearer qwErtY8zyW1abcdefGHI"
Path parameter:
| Path Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| uuid | Yes | string | 6953b3d7-713d-4412-b6d7-0c5fc5e2a800 | The unique Id a virtual device. |
Sample response:
{
"aclTemplate": {
"name": "NE_Aut_AclTemplate_DFFaa",
"uuid": "df694084-5383-4570-ac0b-c7ee4a20d52f",
"description": "Testing New Template",
"inboundRules": [
{
"seqNo": 1,
"subnet": "216.221.228.0/24",
"protocol": "IP",
"srcPort": "any",
"dstPort": "any",
"description": "My Rule 1"
}
],
"createdBy": "eqxnfvuser",
"createdDate": "2021-12-23T08:07:31.698Z",
"status": "DEVICE_NOT_READY"
},
"mgmtAclTemplate": {
"name": "NE_Aut_AclTemplate_3OXja",
"uuid": "b3859e73-0282-4073-8150-6922a6e61c3a",
"description": "Testing New Template",
"inboundRules": [
{
"seqNo": 1,
"subnet": "216.221.228.0/24",
"protocol": "IP",
"srcPort": "any",
"dstPort": "any",
"description": "My Rule 2"
},
{
"seqNo": 2,
"subnet": "216.221.228.0/24",
"protocol": "TCP",
"srcPort": "any",
"dstPort": "any",
"description": "My Rule 3"
}
],
"createdBy": "eqxnfvuser",
"createdDate": "2021-12-23T08:07:32.638Z",
"status": "DEVICE_NOT_READY"
}
}
The description of the response:
| Field Name | Type | Example Values | Description |
|---|---|---|---|
| typeOfTemplate | object | aclTemplate | There are two possible template types: aclTemplates and mgmtAclTemplate. This object contains the details of ACL templates. |
| name | string | new-template-with-fqdn | ACL template name. |
| uuid | string | ec68e425-f973-452e-a866-76be5844d0ba | The unique ID of the ACL template. |
| description | string | New template description. | ACL template description. |
| inboundRules | array | An array that has inboundRules. | |
| seqNo | integer | 1 | The sequence number of the inboundRules. |
| subnet | string | 216.221.225.13/32 | Subnet. |
| protocol | string | TCP | Protocol type. |
| srcPort | string | 22 | Source port. |
| dstPort | string | any | Destination port. |
| description | string | My Rule 1 | Description of the inboundRule. |
| createdBy | string | nfv-sit1 | Created by. |
| createdDate | string | 2020-09-14T05:36:13:9812 | Created date. |
| status | string | DEVICE_NOT_READY | The ACL status on the device. Possible statuses: FAILED, DEPROVISIONED, PROVISIONED, NOT_APPLIED, DEVICE_NOT_READY. |
Please note the following changes to the previous version of this API:
1) SrcType, fqdn, metroCode, and metroName fields are deprecated.
2) Subnets is deprecated and replaced by subnet.
These changes were necessary to accommodate adding a single ACL template to multiple devices.
If you get “Access Denied” error, contact your local Equinix Service Desk.
Add ACL to Virtual Device
| POST /ne/v1/devices/{virtualDeviceUuid}/acl | |
|---|---|
| Method | POST |
| URL or End Point | /ne/v1/devices/{virtualDeviceUUID}/acl |
| Headers | Authorization, Content-Type |
| Query Parameters | Not applicable |
| Path Parameters | virtualDeviceUuid |
| Body | aclDetails, interfaceType, uuid |
You can use this API to add ACLs to a newly provisioned device with no ACL.
Note: A MGMT interface ACL must not have more than thirty rules. However, a WAN interface ACL can have up to fifty rules. Only some device types support MGMT interface ACLs.
To obtain an authorization token, refer to Requesting Access and Refresh tokens under the Getting Access Token section.
Sample curl request:
curl -X
POST "https://api.equinix.com/ne/v1/devices/6953b3d7-713d-4412-b6d7-0c5fc5e2a800/acl"
-H "content-type: application/json"
-H "authorization: Bearer qwErtY8zyW1abcdefGHI"
-d "
{
"aclDetails": [
{
"interfaceType": "MGMT",
"uuid": "4eae6ca1-f640-4624-ad7e-64b469210e9c"
},
{
"interfaceType": "WAN",
"uuid": "5eae6ca1-f640-4624-ad7e-64b469210e9d"
}
]
}
"
| Body Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| aclDetails | Yes | array | The details of ACL templates you want to add to the device. | ||
| interfaceType | Yes | string | MGMT | The type of interface, whether MGMT or WAN. | |
| uuid | Yes | string | 4eae6ca1-f640-4624-ad7e-64b469210e9c | The unique ID of an ACL template. WAN interface templates can have up to fifty rules; however, MGMT interface templates can have only thirty rules. |
Sample response:
204 No Content
The description of the response payload:
| Status | Description |
|---|---|
| 204 | The request was successful. |
If you get “Access Denied” error, contact your local Equinix Service Desk.
Update ACL of Virtual Device
| PATCH /ne/v1/devices/{virtualDeviceUuid}/acl | |
|---|---|
| Method | PATCH |
| URL or End Point | /ne/v1/devices/{virtualDeviceUuid}/acl |
| Headers | Authorization, Content-Type |
| Query Parameters | Not applicable |
| Path Parameters | virtualDeviceUuid |
| Body | aclDetails, interfaceType, uuid |
You can use this API to change the existing ACL templates of a device. You can also use this API to remove an existing ACL template. If you delete all ACL templates of a device, you will not be able to access the device.
Note: A MGMT interface ACL must not have more than thirty rules. However, a WAN interface ACL can have up to fifty rules. Only some device types support MGMT interface ACLs.
To obtain an authorization token, refer to Requesting Access and Refresh tokens under the Getting Access Token section.
Sample curl request to change ACL templates:
curl -X
POST "https://api.equinix.com/ne/v1/devices/6953b3d7-713d-4412-b6d7-0c5fc5e2a800/acl"
-H "content-type: application/json"
-H "authorization: Bearer qwErtY8zyW1abcdefGHI"
-d "
{
"aclDetails": [
{
"interfaceType": "MGMT",
"uuid": "4eae6ca1-f640-4624-ad7e-64b469210e9c"
},
{
"interfaceType": "WAN",
"uuid": "5eae6ca1-f640-4624-ad7e-64b469210e9d"
}
]
}
"
Sample curl request to delete ACL templates:
curl -X
POST "https://api.equinix.com/ne/v1/devices/6953b3d7-713d-4412-b6d7-0c5fc5e2a800/acl"
-H "content-type: application/json"
-H "authorization: Bearer qwErtY8zyW1abcdefGHI"
-d "
{
"aclDetails": [
{
"interfaceType": "MGMT",
"uuid": ""
},
{
"interfaceType": "WAN",
"uuid": ""
}
]
}
"
| Body Parameter Name | Description |
|---|---|
aclDetails array[object] REQUIRED | The details of ACL templates you want to change or remove. |
interfaceType string REQUIRED | The type of interface. Applicable values:
|
uuid string OPTIONAL | The unique ID of an ACL template. WAN interface templates can have up to fifty rules; however, MGMT interface templates can have only thirty rules. Providing an empty string as the unique Id will remove the existing ACL template. Example: 4eae6ca1-f640-4624-ad7e-64b469210e9c |
Sample response:
204 No Content
The description of the response payload:
| Status | Description |
|---|---|
| 204 | The request was successful. |
If you get “Access Denied” error, contact your local Equinix Service Desk.