openapi: 3.0.1
info:
title: FlashBlade REST API
description: |
OpenAPI specification for FlashBlade REST API, developed by Pure Storage, Inc. (https://www.purestorage.com/).
version: "2.26"
x-pure-description-ref: ../custom_descriptions/FB-api-introduction.md
x-logo:
url:
$ref: ../redoc/PS-LogoBase64-FA.txt
servers:
- url: "http://[array]/"
- url: "https://[array]/"
security:
- AuthorizationHeader: []
tags:
- name: Authorization
description: "Pure Storage uses the OAuth 2.0 Token Exchange authorization grant and JSON Web Tokens (JWTs) to authenticate to the Pure Storage REST API. Before you can exchange the ID token for an access
token, create and enable the API client to generate the `key_id`, `id`, and `issuer` values. These values will be used as JWT claims for the `subject_token` parameter."
- name: Active Directory
description: Active Directory configuration joins a server to the domain and manages its computer account. Authentication for NFS or SMB is performed using Kerberos. This configuration is also used
to authorize users by mapping identities across the NFS and SMB protocols by using LDAP queries.
- name: Administrators
description: "Manage administrators, including their REST API Token and public key for SSH access. The array has a single default administrative account named `pureuser`. Additional administrators and
their administrative roles can be added by configuring the `management` directory service for the array or by creating local administrative users. The available administrative roles are `array_admin`,
`storage_admin`,`readonly`, `ops_admin`."
- name: Alerts
description: "Alerts indicate significant events that occur on the array, including whenever a component degrades or the capacity threshold of the component is reached."
- name: Alert Watchers
description: Alert watchers receive email notifications when alerts occur on an array.
- name: API Clients
description: "An API client represents an identity type. API clients are created on the array. To create an API client, register and then enable it on the array. After the API client has been created,
the user name (`sub`) and identity tokens (`kid` and `aud` tokens) that are issued by the API client are used as claims for the JSON Web Token that you create to authenticate into the REST API."
- name: Arrays
description: "Arrays features provide the ability to configure settings that affect the array as a whole, monitor array I/O performance, and make sure that the array is operating properly."
- name: Array Connections
description: "View and manage connected arrays, including their network configurations, connection keys, and replication performance."
- name: Audits
description: "View the audit trail on the array. Every request that creates, modifies, or deletes a resource will be logged in the audit trail."
- name: Audit Log Target for File Systems
description: "View and manage audit log targets that are filesystems. These are filesystems where audit logs will be stored, and they may be configured in audit policies."
- name: Audit Log Target for Object Store
description: "View and manage audit log targets for object store. These are buckets where audit logs will be stored, and they may be configured in audit policies."
- name: Blades
description: Displays the detailed information of each blade in the array.
- name: Buckets
description: "Manages the creation, attributes, and deletion of buckets on the array."
- name: Bucket Replica Links
description: "Object replication requires a replica link that connects a source bucket to a remote bucket. The configuration of a replica link includes remote credentials, bucket names, remote names,
replication status information, and cascading state."
- name: Certificates
description: "Purity//FB creates a self-signed certificate and private key when you start the system for the first time. You can use the default certificate, change the certificate attributes, create
a new self-signed certificate, or import an SSL certificate signed by a certificate authority."
- name: Certificate Groups
description: Certificate Groups can contain one or more CA certificates for verifying an LDAP server identity and establish communication over TLS.
- name: Clients
description: "Displays an NFS client’s performance metrics on the array for read, write, and meta operations."
- name: Directory Services
description: Manages directory service configurations for integration with LDAP servers (e.g. Active Directory and OpenLDAP) in order to support various array services.
- name: DNS
description: "Manages the Domain Name System (DNS) attributes, including the domain suffix and static name servers. The configured attributes can be listed."
- name: Drives
description: "Displays detailed information for each drive in the array. Drives are not used in all hardware platforms, and are currently only present in the FlashBlade//S and FlashBlade//E product lines."
- name: File Systems
description: "Manages the creation, attributes, and deletion of file systems on the array."
- name: File System Exports
description: "Manages the creation, attributes, and deletion of file system exports. Exports link either an NFS Export Policy or a SMB Client Policy, a file system, and a server."
- name: File System Junctions
description: "Manages the creation, and deletion of file system junctions. Junctions link a specific path in the origin file system to the root of a destination file system."
- name: File System Replica Links
description: "File system replication requires a replica link that connects a source array to a remote target. The configuration of a replica link includes policies, file system names, remote names, and
replication status information."
- name: File System Snapshots
description: "A file system snapshot is a point-in-time copy of a file system. Multiple snapshots of a file system can be copied for different points in time. A snapshot policy can also be applied to
a file system for automatic creation and retention of snapshots. Additionally, file system snapshots can also be sent from one array to another."
- name: Fleets
description: "A fleet is a collection of Regions, Availability Zones, and Arrays."
- name: Hardware
description: Manages hardware components. List information about array hardware components that are capable of reporting their status. The display is primarily useful for diagnosing hardware-related
problems.
- name: Hardware Connectors
description: |
The endpoints are deprecated. Use the endpoints under Network Interfaces instead.
Manages the port connector attributes on the array. Lane speeds
and port count attributes can be configured.
- name: Keytabs
description: Keytab management functionality for Kerberos authentication.
- name: KMIP
description: Manages KMIP server configurations and performs connectivity and functionality tests.
- name: Legal Holds
description: "Manages the creation, attributes, and deletion of holds on the array. A hold can be also applied to a path under a file system to mark the entries under the path as immutable."
- name: Lifecycle Rules
description: A life cycle rule helps manage the number of copies of a specific bucket. A lifecycle rule can be applied to a bucket with a rule indicating the retention time before it is to be
deleted.
- name: Link Aggregation Groups
description: Manages the link aggregation group (LAG) of Ethernet ports on the array.
- name: Logs
description: The array collects a log of command activities that can be used for analysis when the logs are sent to Pure Technical Services.
- name: Maintenance Windows
description: |
During a maintenance window, many alerts are suppressed that are related to connections,
paths, ports, and other resources that are down during maintenance.
- name: Network Interfaces
description: "Manages the interface, network connection, and port connector attributes of the array. Lane speeds and port count connector attributes can be configured."
- name: Nodes
description: Manages the nodes for pNFS. These nodes are where the client will read/write to when pNFS is enabled.
- name: Node Groups
description: Node Groups can contain one or more nodes for file system creation management.
- name: Object Store Access Keys
description: Manages object store access keys. A maximum of two sets of keys can be created for each object store user. A set of keys consists of an access key ID and Secret Access Key.
- name: Object Store Accounts
description: Manages object store accounts. Accounts contain buckets and users. Accounts must be created before an object store user or buckets can be created.
- name: Object Store Account Exports
description: Manages object store account exports. Exports expose accounts and their contained resources to servers.
- name: Object Store Remote Credentials
description: Manages remote credentials for remote objects. Remote credentials contain access information that can be reused for multiple objects.
- name: Object Store Roles
description: Manages the roles assumable by external federated entity. Each role is assigned a trust policy that determines which identity provider authorizes the entities and how.
- name: Object Store Users
description: Manages the object store users attributes. Each user is assigned to an object store account and given an access key.
- name: Object Store Virtual Hosts
description: Manages virtual host-style addressing for S3 requests to read or write an object within a bucket on the array.
- name: OIDC SSO
description: |
OIDC SSO allows customers to configure settings of OIDC service provider
and identity provider. It provides a multi-factor authentication (MFA)
mechanism for customers to log in to FlashBlade.
- name: Policies (All)
description: Displays general information for all available types of policies and their members.
- name: Policies - Audit for File Systems
description: Manages audit policies for filesystems. These policies are composed of log target which contain the destination for audit logs.
- name: Policies - Audit for Object Store
description: Manages audit policies for object store. These policies are composed of log targets which contain the destination for audit logs.
- name: Policies - Data Eviction
description: Manages file Data Eviction policies. These policies define controls that can be configured and attached to managed data lifecycle independently of the lifecycle of files.
- name: Policies - Management Access
description: Manages management access policies. These policies are composed of rules which govern an administrative user's permissions when managing resources.
- name: Policies - Management Authentication
description: Manages management authentication policies. These policies control what authentication factors are required when logging in to different management interfaces (e.g., SSH).
- name: Policies - Network Access
description: Manages network access policies. These policies are composed of rules which govern a client's ability to access different product interfaces.
- name: Policies - NFS
description: Manages NFS export policies. These policies are composed of rules which govern a client's ability to access the exported filesystem.
- name: Policies - Object Store Access
description: Manages access policies for object store users. Administrators can assign policies to users for managing buckets and objects.
- name: Policies - Password
description: Manages password policies. These policies define requirements for user passwords complexity and login attempts.
- name: Policies - QoS
description: Manages Quality of Service (QoS) policies. These policies define controls that can be configured and attached to managed objects to guarantee performance of workloads.
- name: Policies - S3 Export
description: |
Manages S3 export policies for Object Store Account Exports. These policies contain rules which
govern which buckets from the account are actually exported to the servers.
- name: Policies - SMB Client
description: An SMB Client policy manages access to SMB file systems on a per-client basis. These policies can be applied to one or more file systems.
- name: Policies - SMB Share
description: An SMB Share policy manages access to SMB file systems on a per-user/group basis. These policies can be applied to one or more file systems.
- name: Policies - Snapshot
description: "A snapshot policy manages the creation file system snapshots or it can applied to file system and object replication links for replication. These policies provide the user a way to control
the frequency of creating snapshots and objects, and the retention time for each copy. A snapshot policy can be applied to one or more file systems, objects, or replication links."
- name: Policies - SSH Certificate Authority
description: "An SSH Certificate Authority policy manages the keys that are allowed to sign user SSH certificates for access to the array, as well as the principals that they require be encoded in certificates
to authenticate. These policies can be applied to one or more users, or as a default for all users."
- name: Policies - Storage Class Tiering
description: A storage class tiering policy manages the criteria for tiering data within a filesystem from one storage class to another. These policies can be applied to one or more filesystems.
Supported storage classes are `S500X-S` for speed, and `S500X-A` for archival.
- name: Policies - TLS
description: "A TLS policy manages the allowed TLS versions and ciphers for incoming network traffic to the system. These policies can be applied at the array level, or to individual network IPs."
- name: Policies - User and Group Quota Policy
description: A user-group-quota policy manages NFS and SMB quota configuration applicable for file owners in a filesystems. Rules can be set to configure quotas for specific users or groups,
user-default and group-default.
- name: Policies - WORM Data
description: "Manages WORM data for file systems. These policies are composed of retention periods, lock type, and auto-commit status."
- name: Presets
description: |
Presets are reusable templates that provision resources.
- name: Public Keys
description: Public Keys can be configured for reference in other configurations as signing keys are used to verify cryptographic signatures.
- name: Quotas
description: A quota manages a set amount of space on a file system which a user or group may write to. A quota can be applied to a user or group of a specified file system. Once a user or group
reaches their quota they will no longer be able to write to that file system.
- name: Realm Connections
description: "Manages the connections between realms. A realm connection is a link between two realms that allows the realms to communicate with each other. Realm connections can be created, deleted,
and listed."
- name: Realms
description: |
A realm provides a means to compartmentalize storage resources,
access, and isolate administration of all contained resources.
- name: Remote Arrays
description: |
Remote arrays provide the ability to list and manage all the remote arrays known to an array.
- name: Remote Realms
description: |
Remote realms provide the ability to list all the remote realms known to an array.
- name: Resiliency Groups
description: |
Resiliency groups display pairs of nodes where HA is enabled.
- name: Resource Accesses
description: |
Resource Access captures sharing of a resource to a scope, e.g. sharing a dns to a realm.
- name: RDL
description: Displays Rapid Data Locking (RDL) configuration and performs functionality tests of the associated Enterprise Key Management (EKM) servers.
- name: Roles
description: "Displays role attributes. Each user of the array is assigned to a role and each role has a set of role based access controls (RBAC). The roles (`array_admin`, `storage_admin`, `ops_admin`,
`readonly`, and `Invalid - multiple roles`) have a specified set of permissions that allow certain actions to be performed on the array. Each role includes a listing REST actions allowable for each
endpoint."
- name: SAML2 SSO
description: |
SAML2 SSO allows customers to configure settings of SAML2 service provider
and identity provider. It provides a multi-factor authentication (MFA)
mechanism for customers to log in to FlashBlade.
- name: Servers
description: Manages the properties of servers. Servers are network and identity management access points for data.
- name: Sessions
description: Displays Purity//FB login and user session data.
- name: SMTP
description: Manages Simple Mail Transfer Protocol (SMTP) settings. SMTP allows the array to send email notifications and alerts to recipients.
- name: SNMP Agents
description: Manages the Simple Network Management Protocol (SNMP) agents and displays the Management Information Base (MIB) file. The SNMP agent sends array component status information and alerts
to the SNMP manager. The MIB file lists all manageable modules of the array.
- name: SNMP Managers
description: "Manages the Simple Network Management Protocol (SNMP) managers, including performing functionality tests. The SNMP manager receives array component status information and alerts from the
SNMP agent."
- name: Software
description: Software to be installed on the array.
- name: Subnets
description: Manages the subnets and VLANs used to organize the network interfaces.
- name: Support
description: "Manages support configurations for the array, including performing functionality tests. The remote assist and phone home feature provides supplement information to Pure Technical Services
to assist with customer issues."
- name: Support Diagnostics
description: "Manages support diagnostics for the array, including performing diagnostics tasks, running tests, finding problems and giving remediation. The diagnostics tool provides a way to test the
array components and generate a report of the results."
- name: Syslog
description: "Manages syslog servers connected to the array, including performing functionality tests of syslog servers."
- name: Targets
description: "Manages targets for replication, including viewing the performance metrics of active replication operations."
- name: Trust Policies
description: Manages policies that control assuming Object Store Roles by external federated entities via Identity Providers
- name: Topology Groups
description: |
Topology groups provide a way to manage sets of arrays. Groups are composed of individual arrays or other topology
groups. By nesting groups, customers can express group and array hierarchies. A group or array may only belong
to a single parent group.
- name: Usage
description: Displays the data usage and hard limit quotas for all users and groups on a file system.
- name: User Group Quotas
description: Displays the data usage and quotas for all users and groups on a file system affected by a quota policy.
- name: Verification Keys
description: Verification keys used by Pure Support to access the array.
- name: Workloads
description: |
Workloads organize storage resources (such as volumes) and their related configuration and
policy objects into logical groupings. Workloads can be deployed from workload presets.
paths:
/oauth2/1.0/token:
post:
tags:
- Authorization
summary: Pure Storage Get Access Token
description: |
Exchanges an ID Token for an OAuth 2.0 access token.
parameters:
- name: X-Request-ID
in: header
description: |
Supplied by client during request or generated by server.
schema:
type: string
requestBody:
content:
application/x-www-form-urlencoded:
schema:
required:
- grant_type
- subject_token
- subject_token_type
type: object
properties:
grant_type:
$ref: '#/components/schemas/OauthGrantType'
subject_token:
$ref: '#/components/schemas/OauthSubjectToken'
subject_token_type:
$ref: '#/components/schemas/OauthSubjectTokenType'
required: true
responses:
"200":
$ref: '#/components/responses/OauthToken200'
"400":
$ref: '#/components/responses/OauthToken400'
"401":
$ref: '#/components/responses/OauthToken401'
security: []
/api/api_version:
get:
tags:
- Authorization
summary: Pure Storage GET Api_version
description: |
Get available API versions. No authentication is required to access this endpoint.
parameters:
- $ref: '#/components/parameters/XRequestId'
responses:
"200":
description: OK
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/Api_version'
security: []
/api/login:
post:
tags:
- Authorization
summary: Pure Storage Log in a User
description: >
Logs in a user and returns a session token, using either the user's API token or
their username and password. `api-token` is passed in a header, with the request
body empty. Otherwise `username` and `password` are passed in the request body,
without an `api-token` header.
Storing user passwords client-side is not recommended. The username-password
authentication option should only be used as necessary for initial retrieval of
an API token, which should be securely stored and used for all subsequent logins.
parameters:
- name: api-token
in: header
description: |
API token for a user.
schema:
type: string
example: 0f2e2884-9486-c6c2-438c-f50418f2aac3
- $ref: '#/components/parameters/XRequestId'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LoginPost'
required: false
x-codegen-request-body-name: login
responses:
"200":
description: OK
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
x-auth-token:
description: Session token for a user.
schema:
type: string
example: 3be3d489-55c6-4643-90ac-a476dbc98812
content:
application/json:
schema:
$ref: '#/components/schemas/Login'
x-codegen-request-body-name: login
/api/logout:
post:
tags:
- Authorization
summary: Pure Storage POST Logout
description: |
Invalidate a REST session token.
parameters:
- $ref: '#/components/parameters/XRequestId'
responses:
"200":
description: OK
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
content: {}
/api/login-banner:
get:
tags:
- Authorization
summary: Pure Storage GET Login_banner
description: |
Get the login banner for the array. No authentication is required to access this endpoint.
parameters:
- $ref: '#/components/parameters/XRequestId'
responses:
"200":
description: OK
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/LoginBannerGetResponse'
security: []
/api/2.26/active-directory:
get:
tags:
- Active Directory
summary: Pure Storage GET Active-directory
description: List Active Directory accounts and their configuration.
parameters:
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Continuation_token'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Ids'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Names'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Sort'
responses:
"200":
description: OK
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/ActiveDirectoryGetResponse'
post:
tags:
- Active Directory
summary: Pure Storage POST Active-directory
description: |
Join an Active Directory domain and generate keytabs for the
registered SPNs and supported encryption types.
parameters:
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Join_existing_acct_ad'
- $ref: '#/components/parameters/Names'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ActiveDirectoryPost'
required: true
x-codegen-request-body-name: active-directory
responses:
"200":
description: OK
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/ActiveDirectoryResponse'
x-codegen-request-body-name: active-directory
delete:
tags:
- Active Directory
summary: Pure Storage DELETE Active-directory
description: Delete an Active Directory account.
parameters:
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Ids'
- $ref: '#/components/parameters/Local_only_ad'
- $ref: '#/components/parameters/Names'
responses:
"200":
description: OK
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
content: {}
patch:
tags:
- Active Directory
summary: Pure Storage PATCH Active-directory
description: Modify the configuration of an Active Directory account.
parameters:
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Ids'
- $ref: '#/components/parameters/Names'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ActiveDirectoryPatch'
required: true
x-codegen-request-body-name: active-directory
responses:
"200":
description: OK
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/ActiveDirectoryResponse'
x-codegen-request-body-name: active-directory
/api/2.26/active-directory/test:
get:
tags:
- Active Directory
summary: Pure Storage GET Active-directory/test
description: >
Executes a series of tests to verify if the configuration of one or more Active Directory accounts
are functioning properly. Each test verifies a different aspect of the configuration.
parameters:
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Allow_errors'
- $ref: '#/components/parameters/Context_names_get'
- $ref: '#/components/parameters/Continuation_token'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Ids'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Names'
- $ref: '#/components/parameters/Sort'
responses:
"200":
description: OK
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/TestResultRemoteExecutionGet'
"207":
description: |
Partial success. Some resources were returned, but there
were also errors possibly preventing some resources from
being returned.
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/TestResultRemoteExecutionGet'
/api/2.26/admins:
get:
tags:
- Administrators
summary: Pure Storage GET Admins
description: "List the administrator's attributes, including the API token and public key."
parameters:
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Allow_errors'
- $ref: '#/components/parameters/Context_names_get'
- $ref: '#/components/parameters/Continuation_token'
- $ref: '#/components/parameters/Expose_api_token'
- $ref: '#/components/parameters/Filter'
- $ref: '#/components/parameters/Ids'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Names'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Sort'
responses:
"200":
description: OK
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/AdminGetResponse'
"207":
description: |
Partial success. Some resources were returned, but there
were also errors possibly preventing some resources from
being returned.
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/AdminGetResponse'
post:
tags:
- Administrators
summary: Pure Storage POST Admins
description: Create a new local administrator.
parameters:
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Context_names'
- $ref: '#/components/parameters/Names'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AdminPost'
required: true
x-codegen-request-body-name: admin
responses:
"200":
description: OK
headers:
X-Request-ID:
description: Supplied by client during request or generated by server.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/AdminResponse'
x-codegen-request-body-name: admin
delete:
tags:
- Administrators
summary: Pure Storage DELETE Admins
description: Delete a local administrator..
parameters:
- $ref: '#/components/parameters/XRequestId'
- $ref: '#/components/parameters/Context_names'
- $ref: '#/components/parameters/Ids'
- $ref: '#/components/par
# --- truncated at 32 KB (1407 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/pure-storage/refs/heads/main/openapi/flashblade-rest-api-openapi.yml