Juniper Networks

Juniper vSRX REST API

RESTful API for managing virtual firewall instances.

GitHub OpenAPI

Documentation

📖
Documentation
https://www.juniper.net/documentation/product/us/en/vsrx/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/openapi/juniper-networks-vsrx-openapi.yml

Other Resources

🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/vsrx-configuration.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/vsrx-monitoring.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/vsrx-nat.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/vsrx-security-policies.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/vsrx-system.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/capabilities/vsrx-vpn.yaml

OpenAPI Specification

juniper-networks-vsrx-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Juniper Networks Juniper vSRX REST API
  description: >-
    RESTful API for managing Juniper vSRX virtual firewall instances. The vSRX
    provides full next-generation firewall capabilities including stateful
    inspection, application identification, IPS, content security, and VPN
    in a virtualized form factor. The REST API runs on the vSRX management
    plane and provides access to configuration, monitoring, and operational
    commands. It supports Junos configuration in JSON format and returns
    structured responses for security policies, zones, NAT rules, and
    VPN tunnels. Authentication uses HTTP Basic with Junos credentials.
  version: '23.4'
  contact:
    name: Juniper Networks Support
    url: https://www.juniper.net/documentation/product/us/en/vsrx/
  license:
    name: Proprietary
    url: https://www.juniper.net/us/en/legal-notices.html
servers:
  - url: https://{vsrx_host}/api
    description: vSRX REST API endpoint.
    variables:
      vsrx_host:
        description: Hostname or IP address of the vSRX instance.
        default: vsrx.example.com
security:
  - basicAuth: []
tags:
  - name: Configuration
    description: Device configuration retrieval and modification.
  - name: Monitoring
    description: Device and session monitoring operations.
  - name: NAT
    description: Network address translation rule management.
  - name: Security Policies
    description: Security policy and zone management.
  - name: System
    description: System information and operational commands.
  - name: VPN
    description: IPsec VPN tunnel configuration.
paths:
  /v1/configuration:
    get:
      operationId: getConfiguration
      summary: Juniper Networks Get device configuration
      description: >-
        Returns the current candidate or committed Junos configuration in
        JSON or XML format. Supports filtering by configuration hierarchy
        path.
      tags:
        - Configuration
      parameters:
        - name: type
          in: query
          description: Configuration database to read.
          schema:
            type: string
            enum:
              - candidate
              - committed
            default: committed
        - name: path
          in: query
          description: >-
            Configuration hierarchy path to filter. Example:
            security/policies to return only security policy configuration.
          schema:
            type: string
      responses:
        '200':
          description: Configuration returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  configuration:
                    type: object
                    description: Junos configuration hierarchy in JSON format.
        '401':
          $ref: '#/components/responses/Unauthorized'
    put:
      operationId: updateConfiguration
      summary: Juniper Networks Update configuration
      description: >-
        Applies configuration changes to the candidate configuration.
        Changes must be committed separately to take effect.
      tags:
        - Configuration
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                configuration:
                  type: object
                  description: Junos configuration hierarchy to apply.
      responses:
        '200':
          description: Configuration updated in candidate.
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /v1/configuration/commit:
    post:
      operationId: commitConfiguration
      summary: Juniper Networks Commit configuration
      description: >-
        Commits the candidate configuration to the active running
        configuration. Supports commit check, commit confirm with
        rollback timer, and commit comments.
      tags:
        - Configuration
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                commit:
                  type: object
                  properties:
                    check:
                      type: boolean
                      description: Only validate without committing.
                    confirm:
                      type: integer
                      description: Auto-rollback timeout in minutes if not confirmed.
                    comment:
                      type: string
                      description: Commit log comment.
      responses:
        '200':
          description: Configuration committed successfully.
          content:
            application/json:
              schema:
                type: object
                properties:
                  status:
                    type: string
                  message:
                    type: string
        '400':
          description: Commit failed due to configuration errors.
  /v1/security/policies:
    get:
      operationId: listSecurityPolicies
      summary: Juniper Networks List security policies
      description: >-
        Returns all security policies configured on the vSRX. Policies
        are organized by from-zone to-zone pairs and evaluated top-down.
      tags:
        - Security Policies
      responses:
        '200':
          description: Security policies returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  security-policies:
                    type: array
                    items:
                      $ref: '#/components/schemas/SecurityPolicy'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /v1/security/zones:
    get:
      operationId: listSecurityZones
      summary: Juniper Networks List security zones
      description: >-
        Returns all security zones configured on the vSRX. Zones are
        logical groupings of interfaces that define trust boundaries
        for policy enforcement.
      tags:
        - Security Policies
      responses:
        '200':
          description: Security zones returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  security-zones:
                    type: array
                    items:
                      $ref: '#/components/schemas/SecurityZone'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /v1/security/nat/source:
    get:
      operationId: listSourceNatRules
      summary: Juniper Networks List source NAT rules
      description: >-
        Returns all source NAT rule sets and rules. Source NAT translates
        the source IP address of outbound traffic for internet access or
        address hiding.
      tags:
        - NAT
      responses:
        '200':
          description: Source NAT rules returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  source-nat-rules:
                    type: array
                    items:
                      $ref: '#/components/schemas/NatRuleSet'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /v1/security/nat/destination:
    get:
      operationId: listDestinationNatRules
      summary: Juniper Networks List destination NAT rules
      description: >-
        Returns all destination NAT rule sets and rules. Destination NAT
        translates destination addresses for inbound traffic to internal
        server addresses.
      tags:
        - NAT
      responses:
        '200':
          description: Destination NAT rules returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  destination-nat-rules:
                    type: array
                    items:
                      $ref: '#/components/schemas/NatRuleSet'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /v1/security/ipsec/vpn:
    get:
      operationId: listIpsecVpns
      summary: Juniper Networks List IPsec VPN tunnels
      description: >-
        Returns all IPsec VPN tunnel configurations, including IKE gateway
        associations, encryption settings, and tunnel status.
      tags:
        - VPN
      responses:
        '200':
          description: IPsec VPN tunnels returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  ipsec-vpns:
                    type: array
                    items:
                      $ref: '#/components/schemas/IpsecVpn'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /v1/monitoring/security/flow/session:
    get:
      operationId: listFlowSessions
      summary: Juniper Networks List active flow sessions
      description: >-
        Returns currently active security flow sessions on the vSRX.
        Equivalent to the show security flow session CLI command.
      tags:
        - Monitoring
      parameters:
        - name: source_prefix
          in: query
          description: Filter by source IP prefix.
          schema:
            type: string
        - name: destination_prefix
          in: query
          description: Filter by destination IP prefix.
          schema:
            type: string
        - name: application
          in: query
          description: Filter by application name.
          schema:
            type: string
      responses:
        '200':
          description: Flow sessions returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  total_sessions:
                    type: integer
                  sessions:
                    type: array
                    items:
                      $ref: '#/components/schemas/FlowSession'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /v1/system/information:
    get:
      operationId: getSystemInformation
      summary: Juniper Networks Get system information
      description: >-
        Returns system information including hostname, model, Junos version,
        serial number, and uptime.
      tags:
        - System
      responses:
        '200':
          description: System information returned.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SystemInfo'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /v1/system/alarms:
    get:
      operationId: listSystemAlarms
      summary: Juniper Networks List system alarms
      description: Returns active system alarms on the vSRX.
      tags:
        - System
      responses:
        '200':
          description: System alarms returned.
          content:
            application/json:
              schema:
                type: object
                properties:
                  alarms:
                    type: array
                    items:
                      $ref: '#/components/schemas/SystemAlarm'
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic
      description: >-
        HTTP Basic authentication using Junos device credentials. The user
        must have appropriate class permissions for the requested operations.
  responses:
    BadRequest:
      description: Invalid request or configuration error.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Authentication required.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    Error:
      type: object
      properties:
        error:
          type: string
          description: Error message.
    SecurityPolicy:
      type: object
      properties:
        from_zone:
          type: string
          description: Source security zone.
        to_zone:
          type: string
          description: Destination security zone.
        policies:
          type: array
          items:
            type: object
            properties:
              name:
                type: string
                description: Policy name.
              match:
                type: object
                properties:
                  source_address:
                    type: array
                    items:
                      type: string
                  destination_address:
                    type: array
                    items:
                      type: string
                  application:
                    type: array
                    items:
                      type: string
              then:
                type: object
                properties:
                  action:
                    type: string
                    enum:
                      - permit
                      - deny
                      - reject
                  log:
                    type: boolean
                  count:
                    type: boolean
    SecurityZone:
      type: object
      properties:
        name:
          type: string
          description: Zone name.
        interfaces:
          type: array
          items:
            type: string
          description: Interfaces bound to the zone.
        host_inbound_traffic:
          type: object
          properties:
            system_services:
              type: array
              items:
                type: string
              description: Allowed host-inbound system services (ssh, https, ping, etc.).
            protocols:
              type: array
              items:
                type: string
              description: Allowed host-inbound routing protocols (bgp, ospf, etc.).
        screen:
          type: string
          description: IDS screen profile name applied to the zone.
    NatRuleSet:
      type: object
      properties:
        name:
          type: string
          description: NAT rule set name.
        from:
          type: object
          properties:
            zone:
              type: string
            interface:
              type: string
        to:
          type: object
          properties:
            zone:
              type: string
            interface:
              type: string
        rules:
          type: array
          items:
            type: object
            properties:
              name:
                type: string
              match:
                type: object
                properties:
                  source_address:
                    type: array
                    items:
                      type: string
                  destination_address:
                    type: array
                    items:
                      type: string
                  destination_port:
                    type: integer
              then:
                type: object
                properties:
                  type:
                    type: string
                    enum:
                      - pool
                      - interface
                      - off
                  pool_name:
                    type: string
    IpsecVpn:
      type: object
      properties:
        name:
          type: string
          description: VPN tunnel name.
        ike_gateway:
          type: string
          description: IKE gateway name.
        ike_policy:
          type: string
          description: IKE policy name.
        ipsec_policy:
          type: string
          description: IPsec policy name.
        bind_interface:
          type: string
          description: Tunnel interface (e.g., st0.0).
        establish_tunnels:
          type: string
          enum:
            - immediately
            - on-traffic
          description: Tunnel establishment trigger.
        status:
          type: string
          enum:
            - up
            - down
          description: Current tunnel status.
    FlowSession:
      type: object
      properties:
        session_id:
          type: integer
          description: Session identifier.
        policy:
          type: string
          description: Matching security policy name.
        source_address:
          type: string
          description: Source IP address.
        source_port:
          type: integer
        destination_address:
          type: string
          description: Destination IP address.
        destination_port:
          type: integer
        protocol:
          type: string
          description: IP protocol name.
        application:
          type: string
          description: Identified application.
        in_interface:
          type: string
          description: Ingress interface.
        out_interface:
          type: string
          description: Egress interface.
        bytes_in:
          type: integer
          description: Bytes received.
        bytes_out:
          type: integer
          description: Bytes transmitted.
        duration:
          type: integer
          description: Session duration in seconds.
    SystemInfo:
      type: object
      properties:
        hostname:
          type: string
          description: Device hostname.
        model:
          type: string
          description: Device model (e.g., vSRX, vSRX3.0).
        junos_version:
          type: string
          description: Junos OS version.
        serial_number:
          type: string
          description: Virtual serial number.
        uptime:
          type: string
          description: System uptime string.
        last_reboot_reason:
          type: string
          description: Reason for the last reboot.
    SystemAlarm:
      type: object
      properties:
        id:
          type: integer
          description: Alarm identifier.
        severity:
          type: string
          enum:
            - major
            - minor
          description: Alarm severity.
        description:
          type: string
          description: Alarm description.
        type:
          type: string
          description: Alarm type.
        timestamp:
          type: string
          format: date-time
          description: Alarm trigger time.