openapi: 3.0.1
info:
title: FlashArray REST API
version: "2.52"
servers:
- url: /
tags:
- name: Authorization
description: |
Pure Storage uses the OAuth 2.0 Token Exchange authorization grant and JSON Web Tokens (JWTs)
to authenticate to the Pure Storage REST API.
Before you can exchange the ID token for an access token, create and enable the API client
to generate the `key_id`, `id`, and `issuer` values.
These values will be used as JWT claims for the `subject_token` parameter.
- name: Active Directory
description: |
Active Directory configuration authenticates users for NFS using Kerberos or SMB using Kerberos
or New Technology LAN Manager (NTLM). Active Directory is also used to authorize users by
mapping identities across the NFS and SMB protocols by using LDAP queries.
- name: Administrators
description: |
The FlashArray has a single default administrative account named pureuser. The administrator can
add, delete, and modify administrators on the array. Administrators are assigned management
access policies to give different levels of permissions.
- name: Alerts
description: |
Alerts indicate significant events that occur on an array, including whenever a component
degrades or the capacity threshold of the component is reached.
- name: Alert Watchers
description: |
Alert watchers receive email notifications when alerts occur on an array.
- name: API Clients
description: |
An API client represents an identity type. API clients are created on the array.
To create an API client, register and then enable it on the array.
After the API client has been created, the user name (`sub`) and identity tokens (`kid` and
`aud` tokens) that are issued by the API client are used as claims for the JSON Web Token
that you create to authenticate into the REST API.
- name: Apps
description: |
Apps that extend array functionality can be integrated into the Purity//FA operating system.
- name: Arrays
description: |
Array features provide the ability to configure settings that affect the operation
of the array as a whole and monitor array I/O performance.
- name: Array Connections
description: |
Manages connections between arrays.
- name: Audits
description: |
Audit trail records describe administrative actions performed by a user to modify the
configuration of an array.
- name: Buckets
description: Manages the creation, attributes, and deletion of buckets on the array.
- name: Certificates
description: |
Purity//FA creates a self-signed certificate and private key when you start the system for the
first time. You can use the default certificate, change the certificate attributes, create a new
self-signed certificate, or import an SSL certificate signed by a certificate authority.
- name: Certificate Groups
description: |
Certificate groups, also known as certificate bundles, are collections of digital certificates.
Each certificate can belong to one or more groups in order to serve different purposes.
- name: Connections
description: |
A connection gives hosts access to volumes on the array.
- name: Container Default Protections
description: |
Default protection is a list of protection groups that are applied to newly created volumes.
Volumes can opt out of the default protection at creation. The pod's `default_protections`
defaults to the array's `default_protections` at pod creation.
Default protection can be configured on the array and the pod.
- name: Controllers
description: |
Controller data includes the name, mode, FlashArray model, Purity//FA software version, and
status of each controller in the array.
- name: Directories
description: |
Important file system directories should be set up as managed directories. Managed directories
can have policies attached to them. Managed directories differ from standard directories in that
they provide space reporting and metrics.
- name: Directory Exports
description: |
Managed directory exports are created by adding NFS or SMB export policies to managed
directories.
- name: Directory Quotas
description: |
Directory quotas provide the ability to set capacity limits on managed directories.
- name: Directory Services
description: |
Manages directory service configurations for integration with LDAP servers (e.g. Active
Directory and OpenLDAP) in order to support various array services.
- name: Directory Snapshots
description: |
Directory snapshots are created manually or by adding snapshot policies to managed directories.
Each snapshot policy can be re-used for multiple directories.
- name: DNS
description: |
DNS attributes include the domain suffix, static name servers, mode (static or DHCP), and search
domain. The configured attributes can be listed.
- name: Drives
description: |
Drive data includes the name, type, status, capacity, protocol and other information
for all flash, NVRAM, and cache modules in an array.
- name: File Systems
description: |
A FlashArray can contain up to 24 separate file systems, each with a number of directories that
can be exported via supported protocols. Clients, using Active Directory or LDAP, can connect
and access these exports using SMB or NFS.
- name: Fleets
description: |
A fleet is a collection of Arrays.
- name: Hardware
description: |
Operational status is reported by most of the hardware components in an array, including the
chassis, controller, and storage shelf.
- name: Host Groups
description: |
Host groups implement consistent connections between a set of hosts and one or more volumes.
Connections are consistent in the sense that all hosts associated with a host group
address a volume connected to the group by the same LUN. Host groups are typically
used to provide a common view of storage volumes to the hosts in a clustered application.
- name: Hosts
description: |
Hosts organize the storage network addresses (iSCSI Qualified Names, NVMe qualified names, or
Fibre Channel world wide names) of client computers to identify the host's intiators. Hosts also
control communications between clients and volumes. After a volume has been created, establish a
host-volume connection so that the host can read data from and write data to the volume.
- name: KMIP
description: |
The Key Management Interoperability Protocol (KMIP) server is used in combination with the Pure
Storage Rapid Data Locking (RDL) feature and EncryptReduce feature to further secure the
encrypted data on a FlashArray.
- name: Lifecycle Rules
description: A life cycle rule helps manage the number of copies of a specific bucket. A lifecycle rule can be applied to a bucket with a rule indicating the retention time before it is to be
deleted.
- name: Log Targets
description: |
Log Targets to be used to send management or data audit logs.
- name: Maintenance Windows
description: |
During a maintenance window, alerts are suppressed that are related to connections, paths,
ports, and other resources that are down during maintenance.
- name: Network Interfaces
description: |
Manages the interfaces and the network connection attributes of the array.
- name: Object Store Access Keys
description: Manages object store access keys. A maximum of two sets of keys can be created for each object store user. A set of keys consists of an access key ID and Secret Access Key.
- name: Object Store Accounts
description: Manages object store accounts. Accounts contain buckets and users. Accounts must be created before an object store user or buckets can be created.
- name: Object Store Users
description: Manages the object store users attributes. Each user is assigned to an object store account and given an access key.
- name: Object Store Virtual Hosts
description: Manages virtual host-style addressing for S3 requests to read or write an object within a bucket on the array.
- name: Offloads
description: |
The offload feature enables system administrators to replicate point-in-time volume snapshots
from the array to an external storage system for long-term retention.
Each offload target represents an external storage system, such as an Azure Blob container,
NFS device, or S3 bucket, to where Purity//FA volume snapshots can be replicated.
- name: Presets
description: |
Presets are reusable templates that provision resources.
- name: Pods
description: |
Synchronous replication is managed through pods. A pod representing a collection of protection
groups and volumes is created on one array and stretched to another array, resulting in fully
synchronized writes between the two arrays. A pod can contain a mix of volumes, and protection
groups with member volumes. Writes to the pod coming into either array are immediately
synchronized and seen on both arrays.
- name: Pod Replica Links
description: |
Pod replica links are created by associating a source pod with a demoted pod, making
the demoted pod the target pod of the source pod. The direction of the replica link is from the
promoted source pod to the demoted target pod. Replica links can be created in either direction
between the same two FlashArrays. The target pod of a replica link cannot be on the same
FlashArray as the source pod.
- name: Policies
description: |
Policies are used to create exports (i.e., shares) and schedule snapshots. NFS and SMB policies
can be created and have one or more rules applied to them. Each policy can be reused, creating
exports for a number of managed directories.
- name: Ports
description: |
The ports on a FlashArray are assigned iSCSI Qualified Names (IQNs), NVMe Qualified Names
(NQNs), and Fibre Channel World Wide Names (WWNs).
- name: Protection Groups
description: |
A protection group defines a set of volumes, hosts, or host groups (called members) that are
protected together through snapshots with point-in-time consistency across the member volumes.
The members within the protection group have common data protection requirements and the same
snapshot, replication, and retention schedules.
- name: Protection Group Snapshots
description: |
Protection group snapshots capture the content of all volumes on the source array for the
specified protection group at a single point in time.
- name: Realms
description: "A realm is an administrative domain, a data container, and a namespace for pods, hosts, and host groups."
- name: Realm Connections
description: |
Realm connections enable replication services between different realms in a connected
array cluster.
- name: Remote Arrays
description: |
Remote arrays provide the ability to list and manage all the remote arrays known to an array.
- name: Remote Pods
description: |
A remote pod represents a pod that is on a connected array but not stretched to this array.
- name: Remote Protection Groups
description: |
A remote protection group represents a protection group that resides on an offload target with
the source side of the remote protection group being another array that is connected to the
local array. The local array can only see the remote protection groups of other arrays if the
two arrays are connected.
- name: Remote Protection Group Snapshots
description: |
A remote protection group snapshot represents a protection group snapshot that resides on an
offload target with the source side of the remote protection group snapshot being another array
that is connected to the local array. The local array can only see the remote protection group
snapshots of other arrays if the two arrays are connected.
- name: Remote Realms
description: |
A remote realm represents a realm that is on a connected array but not stretched to this array.
- name: Remote Volume Snapshots
description: |
A remote volume snapshot represents a volume snapshot that resides on an offload target with the
source side of the remote volume snapshot being another array that is connected to the local
array. The local array can only see the remote volume snapshots of other arrays if the two
arrays are connected.
- name: SAML2 SSO
description: |
SAML2 SSO allows customers to configure settings of SAML2 service provider
and identity provider. It provides a multi-factor authentication (MFA)
mechanism for customers to log in to FlashArray.
- name: Sessions
description: |
Manages Purity//FA login and user session data.
- name: SMI-S
description: |
Manages the Pure Storage Storage Management Initiative Specification (SMI-S).
- name: SMTP
description: |
Manages Simple Mail Transfer Protocol (SMTP) settings.
SMTP allows the array to send email notifications and alerts to recipients.
- name: SNMP Agents
description: |
Manages connections to Simple Network Management Protocol (SNMP) agents.
- name: SNMP Managers
description: |
Manages connections to Simple Network Management Protocol (SNMP) managers.
- name: Software
description: |
Software to be installed on the array.
- name: Subnets
description: |
Manages the subnets and VLANs used to organize the network interfaces.
- name: Subscriptions
description: |
Provides information about subscription offerings.
- name: Subscription Assets
description: |
Provides information about subscription assets.
- name: Support
description: |
Enables Support to fix bugs and help customers solve problems. Support tools include proxy,
phonehome, and remote assist.
- name: Syslog
description: |
Copied to Log Targets/Syslog for more organized way to handle all log targets.
Both endpoints are identical. We encourage our users to use Log Targets/Syslog.
- name: User Group Quotas
description: |
User Group quotas provide the ability to set capacity limits for users and groups in managed
directories.
- name: Vchost Connections
description: |
A vchost connection is between a protocol endpoint and vchost.
In the context of vchost-connection, the vchost represents a vCenter,
and the protocol endpoint is used to represent a storage container.
Creating a vchost connection gives the vCenter access to the storage container.
If `all_vchosts` is set to `true`, the container will be accessible to all vchosts.
- name: Volumes
description: |
A volume represents a container that manages the storage space on the array. After a volume has
been created, host-volume connections must be established so that the host can read data from
and write data to the volume. Volume data should be protected using asynchronous replication to
a remote array, synchronous replication between remote arrays, and replication to external
storage systems.
- name: Volume Groups
description: |
Volume groups organize volumes into logical groupings. If virtual volumes are configured, each
volume group on the FlashArray array represents its associated virtual machine, and inside each
of those volumes groups are the FlashArray volumes that are assigned to the virtual machine.
Volume groups that are associated with virtual machines have names that begin with `vvol-` and
end with the virtual machine name.
- name: Volume Snapshots
description: |
Volume snapshots are immutable, point-in-time images of the contents of one or more volumes.
There are two types of volume snapshots: volume snapshots and protection group volume
snapshots. A volume snapshot is a snapshot that captures the contents of a single volume.
A protection group volume snapshot is a volume snapshot that is created from a group of
volumes that are part of the same protection group. All of the volume snapshots created from a
protection group snapshot are point-in-time consistent with each other.
- name: Workloads
description: |
Workloads organize storage resources (such as volumes) and their related configuration and
policy objects into logical groupings. Workloads can be deployed from workload presets.
paths:
/oauth2/1.0/token:
post:
tags:
- Authorization
summary: Pure Storage Get Access Token
description: |
Exchanges an ID Token for an OAuth 2.0 access token.
parameters:
- name: X-Request-ID
in: header
description: |
Supplied by client during request or generated by server.
schema:
type: string
requestBody:
content:
application/x-www-form-urlencoded:
schema:
required:
- grant_type
- subject_token
- subject_token_type
type: object
properties:
grant_type:
$ref: '#/components/schemas/OauthGrantType'
subject_token:
$ref: '#/components/schemas/OauthSubjectToken'
subject_token_type:
$ref: '#/components/schemas/OauthSubjectTokenType'
required: true
responses:
"200":
$ref: '#/components/responses/OauthToken200'
"400":
$ref: '#/components/responses/OauthToken400'
"401":
$ref: '#/components/responses/OauthToken401'
security: []
/api/api_version:
get:
tags:
- Authorization
summary: Pure Storage List Available API Versions
description: |
Returns a list of available API versions. No authentication is required to access this endpoint.
parameters:
- $ref: '#/components/parameters/XRequestId'
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Api_versionResponse'
security: []
/api/2.52/login:
post:
tags:
- Authorization
summary: Pure Storage Create a User Session
description: |
Creates a user session and returns a session token, using either the user's API token or
their username and password. `api-token` is passed in a header, with the request
body empty. Otherwise `username` and `password` are passed in the request body,
without an `api-token` header.
Storing user passwords client-side is not recommended. The username-password
authentication option should only be used as necessary for initial retrieval of
an API token, which should be securely stored and used for all subsequent logins.
parameters:
- name: api-token
in: header
description: |
API token for a user.
schema:
type: string
example: 0f2e2884-9486-c6c2-438c-f50418f2aac3
- $ref: '#/components/parameters/XRequestId'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LoginPost'
required: false
x-codegen-request-body-name: login
responses:
"200":
description: OK
headers:
x-auth-token:
description: Session token for a user.
schema:
type: string
example: 3be3d489-55c6-4643-90ac-a476dbc98812
content:
application/json:
schema:
$ref: '#/components/schemas/UsernameResponse'
x-codegen-request-body-name: login
/api/2.52/logout:
post:
tags:
- Authorization
summary: Pure Storage POST Logout (Placeholder)
description: |
Invalidate a session token.
parameters:
- name: x-auth-token
in: header
description: Session token for a user.
schema:
type: string
example: 3be3d489-55c6-4643-90ac-a476dbc98812
- $ref: '#/components/parameters/XRequestId'
responses:
"200":
description: OK
content: {}
/api/2.52/active-directory:
get:
tags:
- Active Directory
summary: Pure Storage List Active Directory Accounts
description: |
Displays configured Active Directory accounts.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Continuation_token'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Fqnames'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Sort'
- $ref: '#/components/parameters/Total_item_count'
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/ActiveDirectoryGetResponse'
post:
tags:
- Active Directory
summary: Pure Storage Create Active Directory Account
description: |
Creates one or more Active Directory accounts.
The `user` and `password` provided are used
to join the array to the specified `domain`.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Join_existing_acct_ad'
- $ref: '#/components/parameters/Fqnames_required'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ActiveDirectoryPost'
required: true
x-codegen-request-body-name: active-directory
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/ActiveDirectoryResponse'
x-codegen-request-body-name: active-directory
delete:
tags:
- Active Directory
summary: Pure Storage Delete Active Directory Account
description: |
Deletes one or more specified Active Directory accounts.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Local_only_ad'
- $ref: '#/components/parameters/Fqnames_required'
responses:
"200":
description: OK
content: {}
patch:
tags:
- Active Directory
summary: Pure Storage Modify Active Directory Account
description: |
Modifies specified Active Directory account.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Fqnames_required'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ActiveDirectoryPatch'
required: true
x-codegen-request-body-name: active-directory
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/ActiveDirectoryResponse'
x-codegen-request-body-name: active-directory
/api/2.52/active-directory/test:
get:
tags:
- Active Directory
summary: Pure Storage GET Active-directory/test
description: >
The diagnostic process that executes a series of validation tests
on one or more `Active Directory` `accounts`. Each individual test
verifies a specific aspect of the `configuration`, such as
connectivity, authentication permissions, and service
principal integrity, to ensure the environment is
functioning properly.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Allow_errors'
- $ref: '#/components/parameters/Context_names_get'
- $ref: '#/components/parameters/Continuation_token'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Ids'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Names_required'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Sort'
- $ref: '#/components/parameters/Total_item_count'
responses:
"200":
description: OK
headers:
X-Request-ID:
description: The identifier or attribute provided by the `client` during the initial `request` or automatically generated by the `server` if not specified.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/TestResultWithResourceAndErrorContextPartialResourceResponse'
"207":
description: |
The status indicating a partial success. While some `resources`
were successfully returned, specific `errors` occurred during
the operation that may have prevented the full set of
requested data from being retrieved or displayed.
content:
application/json:
schema:
$ref: '#/components/schemas/TestResultWithResourceAndErrorContextPartialResourceResponse'
/api/2.52/admins:
get:
tags:
- Administrators
summary: Pure Storage List Administrators
description: |+
Displays a list of administrators.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Continuation_token'
- $ref: '#/components/parameters/Expose_api_token'
- $ref: '#/components/parameters/Expose_public_key'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Names'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Sort'
- $ref: '#/components/parameters/Total_item_count'
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/AdminGetResponse'
post:
tags:
- Administrators
summary: Pure Storage Create an Administrator
description: |+
Creates an administrator.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Names'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AdminPost'
required: true
x-codegen-request-body-name: admin
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/AdminResponse'
x-codegen-request-body-name: admin
delete:
tags:
- Administrators
summary: Pure Storage Delete an Administrator
description: |+
Deletes the specified administrator.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Names'
responses:
"200":
description: OK
content: {}
patch:
tags:
- Administrators
summary: Pure Storage Modify an Administrator
description: |+
Modifies properties for the specified administrator.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Names'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AdminPatch'
required: true
x-codegen-request-body-name: admin
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/AdminResponse'
x-codegen-request-body-name: admin
/api/2.52/admins/policies/management-access:
get:
tags:
- Administrators
summary: Pure Storage List Management Access Policies Attached to Administrators
description: |+
Displays a list of management access policies that are attached to administrators.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Allow_errors'
- $ref: '#/components/parameters/Context_names_get'
- $ref: '#/components/parameters/Continuation_token'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Member_ids'
- $ref: '#/components/parameters/Member_names'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Policy_ids'
- $ref: '#/components/parameters/Policy_names'
- $ref: '#/components/parameters/Sort'
- $ref: '#/components/parameters/Total_item_count'
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyMemberCleanGetResponse'
"207":
description: |
Partial success. Some resources were returned, but there
were also errors possibly preventing some resources from
being returned.
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyMemberCleanGetResponse'
post:
tags:
- Administrators
summary: Pure Storage Create a Membership Between an Administrator with One or More Management Access Policies.
description: |+
Creates a membership between an administrator with one or more management access policies.
One of `member_ids` or `member_names` parameter is required.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Context_names'
- $ref: '#/components/parameters/Member_ids'
- $ref: '#/components/parameters/Member_names'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyAssignmentPost'
required: true
x-codegen-request-body-name: policies
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyMemberCleanResponse'
x-codegen-request-body-name: policies
delete:
tags:
- Administrators
summary: Pure Storage Delete a Membership Between an Administrator and One or More Management Access Policies
description: |+
Deletes a membership between an administrator with one or more management access policies.
One of `policy_ids` or `policy_names` is required, and one of `member_ids` or `member_names`
is required.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Context_names'
- $ref: '#/components/parameters/Member_ids'
- $ref: '#/components/parameters/Member_names'
- $ref: '#/components/parameters/Policy_ids'
- $ref: '#/components/parameters/Policy_names'
responses:
"200":
description: OK
content: {}
/api/2.52/admins/api-tokens:
get:
tags:
- Administrators
summary: Pure Storage List API Tokens
description: Displays API tokens for the specified administrators.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Continuation_token'
- $ref: '#/components/parameters/Expose_api_token'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Names'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Sort'
- $ref: '#/components/parameters/Total_item_count'
r
# --- truncated at 32 KB (1552 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/pure-storage/refs/heads/main/openapi/flasharray-rest-api-openapi.yml