Create Network Security Group

POST

https://nico-rest-api.nico.svc.cluster.local/v2/org/:org/nico/network-security-group

POST

/v2/org/:org/nico/network-security-group

$ curl -X POST https://nico-rest-api.nico.svc.cluster.local/v2/org/org/nico/network-security-group \
>      -H "Authorization: Bearer <token>" \
>      -H "Content-Type: application/json" \
>      -d '{
>   "name": "Spark VPC Firewall",
>   "siteId": "188a8f32-0001-45cf-b243-f62720a22cc4",
>   "description": "Security policies for machines in Spark VPC",
>   "rules": [
>     {
>       "direction": "INGRESS",
>       "protocol": "TCP",
>       "action": "PERMIT",
>       "sourcePrefix": "0.0.0.0/0",
>       "destinationPrefix": "1.1.1.1/0",
>       "name": "allow-http-from-public",
>       "sourcePortRange": "80-81",
>       "destinationPortRange": "180-181",
>       "priority": 55
>     }
>   ],
>   "labels": {
>     "flavor": "coconut"
>   }
> }'

1 {
2   "id": "2a21cf79-ea5e-4d28-b585-2e78948fcefb",
3   "name": "Spark VPC Firewall",
4   "description": "Security policies for machines in Spark VPC",
5   "siteId": "56f1a3ed-3653-454f-b861-9136207be660",
6   "tenantId": "79595ebe-934f-4f19-bc74-c16aefd0c57a",
7   "status": "Pending",
8   "statusHistory": [
9     {
10       "status": "Ready",
11       "message": "processed network security group creation request",
12       "created": "2025-02-26T18:17:44.862879-05:00",
13       "updated": "2025-02-26T18:17:44.862879-05:00"
14     }
15   ],
16   "rules": [
17     {
18       "direction": "INGRESS",
19       "protocol": "TCP",
20       "action": "PERMIT",
21       "sourcePrefix": "0.0.0.0/0",
22       "destinationPrefix": "1.1.1.1/0",
23       "name": "allow-http-from-public",
24       "sourcePortRange": "80-81",
25       "destinationPortRange": "180-181",
26       "priority": 55
27     }
28   ],
29   "labels": {
30     "flavor": "coconut"
31   },
32   "created": "2025-02-26T18:17:44.861317-05:00",
33   "updated": "2025-02-26T18:17:44.861317-05:00"
34 }

Create a Network Security Group for Tenant.

Org must have a Tenant entity. User must have authorization role with TENANT_ADMIN suffix.

Authentication

AuthorizationBearer

export JWT_BEARER_TOKEN="<jwt-bearer-token>"
# Example org name: "acme-inc
export ORG_NAME=<org-name>
# Use the JWT bearer token in your API request auth header:
curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://nico-rest-api.nico.svc.cluster.local/v2/org/$ORG_NAME/nico/user/current

``` export JWT_BEARER_TOKEN="<jwt-bearer-token>" # Example org name: "acme-inc export ORG_NAME=<org-name> # Use the JWT bearer token in your API request auth header: curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://nico-rest-api.nico.svc.cluster.local/v2/org/$ORG_NAME/nico/user/current ```

Path parameters

orgstringRequired

Name of the Org

Request

This endpoint expects an object.

namestringRequired2-256 characters

Name of the Network Security Group

siteIdstringRequiredformat: "uuid"

ID of the Site

descriptionstring or nullOptional

Description of the Network Security Group

statefulEgressbooleanOptional

Egress rules with protocol and destination ports defined but without source ports defined should automatically be made stateful.

ruleslist of objectsOptional

Rules that belong to the Network Security Group

labelsmap from strings to stringsOptional

User-defined key-value labels for the Network Security Group

Response

Created

idstring

Unique UUID v4 identifier for the Network Security Group

namestring2-256 characters

Name of the Network Security Group

descriptionstring or null

Description of the Network Security Group

siteIdstringformat: "uuid"

ID of the Site

tenantIdstringformat: "uuid"

ID of the Tenant

statusenum

Status of the Network Security Group

statusHistorylist of objects

Chronological status history for the Network Security Group

statefulEgressboolean

StatefulEgress defines whether a Network Security Group's egress rules will be automatically stateful

ruleslist of objects

Rules that belong to the Network Security Group

ruleCountinteger

Number of rules in the Network Security Group

attachmentStatsobject

Attachment statistics for the Network Security Group. Returned when the includeAttachmentStats query parameter is set to true in retrieval endpoints.

labelsmap from strings to strings

Set of labels/tags for the Network Security Group

createddatetime

Date/time when the Network Security Group was created

updateddatetime

Date/time when the Network Security Group was last updated

Errors

400

Bad Request Error

403

Forbidden Error

404

Not Found Error

412

Precondition Failed Error

500

Internal Server Error

501

Not Implemented Error