diff --git a/docusaurus.config.ts b/docusaurus.config.ts index add45c9ce..0fe1020f5 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -494,15 +494,20 @@ const config = { icon: "api-doc", }, { - to: "sase/api/mt-interconnect", - label: "Multitenant Interconnect", + to: "sase/api/mt-interconnect/introduction", + label: "Service Provider Interconnect", icon: "api-doc", }, { - to: "sase/api/manage-services-5g", + to: "sase/api/manage-services-5g/introduction", label: "SASE 5G Manage Services", icon: "api-doc", }, + { + to: "sase/api/monitor-services-5g/introduction_monitor", + label: "SASE 5G Monitor Services", + icon: "api-doc", + }, { to: "/sase/api/introduction", label: "Prisma Access Configuration Orchestration", @@ -926,9 +931,14 @@ const config = { outputDir: "products/sase/api/mt-notifications", sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "info" }, }, - mtinterconnect: { - specPath: "openapi-specs/sase/mt-interconnect", - outputDir: "products/sase/api/mt-interconnect", + ManageInterconnect: { + specPath: "openapi-specs/sase/mt-interconnect/Manage", + outputDir: "products/sase/api/mt-interconnect/Manage", + sidebarOptions: { groupPathsBy: "tag" }, + }, + MonitorInterconnect: { + specPath: "openapi-specs/sase/mt-interconnect/Monitor", + outputDir: "products/sase/api/mt-interconnect/Monitor", sidebarOptions: { groupPathsBy: "tag" }, }, manageservices: { @@ -936,6 +946,11 @@ const config = { outputDir: "products/sase/api/manage-services-5g", sidebarOptions: { groupPathsBy: "tag" }, }, + monitorservices: { + specPath: "openapi-specs/sase/monitor-services-5g", + outputDir: "products/sase/api/monitor-services-5g", + sidebarOptions: { groupPathsBy: "tag" }, + }, configorch: { specPath: "openapi-specs/sase/config-orch", outputDir: "products/sase/api/config-orch", diff --git a/openapi-specs/sase/manage-services-5g/5G Management Service.yaml b/openapi-specs/sase/manage-services-5g/5G-Manage-new.yaml similarity index 64% rename from openapi-specs/sase/manage-services-5g/5G Management Service.yaml rename to openapi-specs/sase/manage-services-5g/5G-Manage-new.yaml index dda9515b2..8d6af86ae 100644 --- a/openapi-specs/sase/manage-services-5g/5G Management Service.yaml +++ b/openapi-specs/sase/manage-services-5g/5G-Manage-new.yaml @@ -1,161 +1,7 @@ -components: - schemas: - CieTokenRequest: - properties: - access_token: - type: string - cie_directory: - type: string - created_at: - type: string - created_by: - type: string - tsg_id: - type: string - type: object - JsonObject: - items: - type: string - type: array - RadiusProxyRequest: - properties: - ipaddress: - type: string - name: - type: string - type: object - RadiusServerSecretRequest: - properties: - created_by: - type: string - secret: - type: string - type: object - RegisterUE: - description: A list of one or more UEs - items: - properties: - apn: - description: APN (Access Point Name) for the Tenant UE - example: apn@panw.com - type: string - cellId: - type: string - eventTime: - description: epoc time in ms - type: integer - expiryTime: - description: epoc time in ms - type: integer - imei: - description: 15 digit IMEI (International Mobile Equipment Identity) number. - Error is returned if number of digits is not exactly 15.Last digit will - be replaced by zero. - example: '123456789012345' - type: string - imsi: - description: 15 digit IMSI (International Mobile Subscriber Identity) - number. Error is returned if number of digits is not exactly 15. - example: '123456789012345' - type: string - ipType: - description: it tells whether it is ipv4, ipv6 or dual stack. Valid values - are IPv4, IPv6, IPv4v6 - example: IPV4 - type: string - ipv4Addr: - type: string - ipv6Addr: - type: string - msisdn: - type: string - ratType: - type: string - sliceId: - type: string - supi: - type: string - required: - - eventTime - - ipType - - imsi - - imei - - apn - type: object - type: array - SetInterface: - properties: - interfaceType: - example: RADIUS - type: string - interimMsgInterval: - description: How often interim messages will come(in minutes) - type: integer - processInterimMsg: - default: false - type: boolean - required: - - interfaceType - type: object - TenantGroupInfo: - properties: - group_name: - type: string - identity_id: - items: - type: string - type: array - tsg_id: - type: string - type: object - TenantGroupInfoListInput: - properties: - group_id: - type: string - tsg_id: - type: string - type: object - TenantUEInfoListInput: - properties: - tsg_id: - type: string - type: object - TenantUEInfoRequest: - properties: - apn: - type: string - imei: - type: string - imsi: - type: string - root_tsg_id: - type: string - tsg_id: - type: string - type: object - TenantUeInfoBulkDeleteRequest: - properties: - identityIds: - items: - type: string - type: array - type: object - UpdateInterimMsg: - properties: - interval: - description: How often interim messages will come(in minutes) - type: integer - processMsg: - default: false - type: boolean - type: object - securitySchemes: - Bearer: - scheme: bearer - type: http +openapi: 3.0.2 info: - contact: - email: support@paloaltonetworks.com + title: SASE 5G Manage API + version: '1.0' description: "The evolution of 5G technology is transforming enterprise connectivity,\ \ offering unprecedented speed and capacity. \nAs businesses embrace 5G networks,\ \ the demand for robust security measures grows exponentially. \nService Providers\ @@ -169,25 +15,19 @@ info: \ - one that combines scalability, ease of management, \nand comprehensive protection\ \ across all 5G scenarios. \nThe Enterprise 5G Security Solution emerges as the\ \ answer to these pressing needs, \noffering a new approach to securing the future\ - \ of enterprise connectivity.\n\nThese APIs use the common SASE authentication\ - \ mechanism and base URL. See the\n[Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ - \ guide for more information.\n\nThis Open API spec file was created on October\ - \ 07, 2025. To check for a more recent version of this file, see\n[SASE 5G Manage\ - \ Services APIs on pan.dev](https://pan.dev/sase/api/manage-services-5g/introduction).\n\ - \n\xA9 2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ - \ of Palo\nAlto Networks. A list of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ - \nAll other marks mentioned herein may be trademarks of their respective companies.\n" - title: SASE 5G Manage Service APIs - version: '1.0' -openapi: 3.0.2 + \ of enterprise connectivity. This spec was created on February 09, 2026. \xA9\ + \ 2026 Palo Alto Networks, Inc." paths: /mt/manage/5g/cie/token: post: - description: 'Save the Customer Identity and Engagement (CIE) token for the - leaf tenant. This token is used for authentication and authorization purposes. - - ' - operationId: post-mt-manage-5g-cie-token + tags: + - Cie Token Resource API + summary: Save Tenant Token + description: Use this endpoint to store the Cloud Identity Engine (CIE) token + for a specific leaf tenant within the management plane. This action establishes + the necessary credentials required for cross-tenant identity synchronization. + Perform this step during initial tenant onboarding or whenever identity credentials + require a refresh to maintain secure directory access. requestBody: content: application/json: @@ -202,19 +42,17 @@ paths: description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Save CIE token - tags: - - CIE Token Resource + operationId: PostMtManage5gCieToken /mt/manage/5g/cie/token/details: post: - description: 'Retrieve the details of the Customer Identity and Engagement (CIE) - token for the leaf tenant. This includes information about the token''s validity - and usage. - - ' - operationId: post-mt-manage-5g-cie-token-details + tags: + - Cie Token Resource API + summary: Get Token Details + description: Administrators can retrieve technical metadata for a leaf tenant's + Cloud Identity Engine (CIE) token through this interface. The system accesses + the secure storage vault to verify token validity and expiration status. Utilize + this query when auditing tenant connectivity or troubleshooting identity-based + access failures to ensure the synchronization service remains operational. requestBody: content: application/json: @@ -229,48 +67,53 @@ paths: description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Get CIE token details - tags: - - CIE Token Resource - /mt/manage/5g/connection: + operationId: PostMtManage5gCieTokenDetails + /mt/manage/5g/interconnect: get: - description: 'Retrieve connection details by regions. This includes information - about the current status and configuration of connections in different regions. - - ' - operationId: get-mt-manage-5g-connection + tags: + - Interconnect API + summary: Get Interconnect Details + description: This endpoint retrieves comprehensive technical data for all configured + 5G Network Interconnects, organized by geographical region. The management + plane aggregates metrics such as bandwidth capacity, vlan attachment counts, + and current operational status. Review these details when planning regional + capacity expansions or monitoring the health of the physical-to-virtual infrastructure + bridge. responses: '200': + description: Success content: application/json: examples: - Get Connection Details by region: + Get Interconnect Details by region: value: data: - bandwidth: 500000000 computeRegion: us-west2 - connectionCount: 2 - connectionStatusEntry: + status: Supported + vlanAttachmentCount: 2 + vlanAttachmentStatusEntry: down: 1 up: 1 - bandwidth: 100000000 computeRegion: us-central1 - connectionCount: 1 - connectionStatusEntry: + status: Supported + vlanAttachmentCount: 1 + vlanAttachmentStatusEntry: down: 0 up: 1 - bandwidth: 400000000 computeRegion: us-east2 - connectionCount: 1 - connectionStatusEntry: + status: Supported + vlanAttachmentCount: 1 + vlanAttachmentStatusEntry: down: 0 up: 1 - bandwidth: 300000000 computeRegion: us-west1 - connectionCount: 1 - connectionStatusEntry: + status: Supported + vlanAttachmentCount: 1 + vlanAttachmentStatusEntry: down: 1 up: 0 header: @@ -278,109 +121,45 @@ paths: dataCount: 4 status: subCode: 200 - description: Success '400': description: Bad Request '404': description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Get connection details - tags: - - Connection + operationId: GetMtManage5gInterconnect /mt/manage/5g/control/cert/download: get: - description: 'Download the certificate file required to enable 5G connectivity - for a specified region. This certificate is used for secure communication. - - ' - operationId: get-mt-manage-5g-control-cert-download - responses: - '200': - description: Success - '400': - description: Bad Request - '404': - description: Data Not Found - '500': - description: Server Error - security: - - Bearer: [] - summary: Download certificate - tags: - - ControlPlane Resource - /mt/manage/5g/control/interface: - get: - description: 'Retrieve details of the interface currently selected by the user. - - ' - operationId: get-mt-manage-5g-control-interface - responses: - '200': - description: Successful response - '500': - description: Server Error - security: - - Bearer: [] - summary: Get Interface - tags: - - ControlPlane Resource - post: - description: 'Set the interface type. You can optionally include interim message - configuration in the request. - - ' - operationId: post-mt-manage-5g-control-interface - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/SetInterface' - responses: - '200': - description: Successful response - '400': - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Add Interface tags: - - ControlPlane Resource - /mt/manage/5g/control/interimMsg: - put: - description: This api allows you to update the interim message config - operationId: put-mt-manage-5g-control-interimmsg - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/UpdateInterimMsg' + - Control Plane Resource API + summary: Download Certificate File + description: Securely download the required 5G control plane certificate to + establish encrypted communication between local infrastructure and the Prisma + Access backbone. This file contains the cryptographic keys needed to authorize + 5G connectivity within a specific management region. Execute this download + during the initial site setup phase to finalize the secure tunnel configuration + for 5G traffic. responses: '200': - description: Successful response + description: Success '400': description: Bad Request '404': description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Update the Interim Message Configuration - tags: - - ControlPlane Resource + operationId: GetMtManage5gControlCertDownload /mt/manage/5g/control/proxycert: get: - description: 'Check if the client certificate is uploaded for the root tenant - security group (root tsg). This certificate is necessary for secure proxy - communication. - - ' - operationId: get-mt-manage-5g-control-proxycert + tags: + - Control Plane Resource API + summary: Verify Proxy Certificate + description: Query the management plane to confirm whether the required proxy + certificate has been successfully uploaded for the root Tenant Service Group + (TSG). This check ensures that the administrative hierarchy has the valid + credentials necessary for high-level traffic inspection. Use this verification + step before attempting to provision child tenants or deploying 5G-enabled + security policies. responses: '200': description: Success @@ -390,36 +169,36 @@ paths: description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Get Client Certificate - tags: - - ControlPlane Resource + operationId: GetMtManage5gControlProxycert /mt/manage/5g/control/proxycert/upload: post: - description: 'Upload the client certificate to enable 5G connectivity for a - specified region. This certificate is necessary for secure proxy communication. - - ' - operationId: post-mt-manage-5g-control-proxycert-upload + tags: + - Control Plane Resource API + summary: Upload Certificate File + description: Transmit the cryptographic proxy certificate to the root Tenant + Service Group (TSG) to enable secure traffic handling within the 5G management + plane. By providing the binary file and associated TSG identifiers, administrators + establish the trust anchor required for secure communication. Perform this + upload when initializing a new 5G region or updating expired certificates + to prevent service interruptions. requestBody: content: multipart/form-data: - encoding: - file: - contentType: application/octet-stream schema: + type: object properties: file: format: binary type: string filename: type: string - rootTsgId: - type: string tsgId: type: string - type: object + rootTsgId: + type: string + encoding: + file: + contentType: application/octet-stream responses: '200': description: Success @@ -429,19 +208,16 @@ paths: description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Upload Client certificate - tags: - - ControlPlane Resource + operationId: PostMtManage5gControlProxycertUpload /mt/manage/5g/control/radiusProxy: get: - description: 'Retrieve the shared secret for the RADIUS server associated with - the root tenant security group (root tsg). This secret is used for secure - RADIUS communication. - - ' - operationId: get-mt-manage-5g-control-radiusproxy + tags: + - Control Plane Resource API + summary: Get Radius Proxy + description: Fetch the RADIUS server shared secret assigned to the root Tenant + Service Group (TSG) for authentication audit purposes. This endpoint retrieves + the secret from secure storage to verify that the 5G management plane aligns + with existing RADIUS server configurations. responses: '200': description: Success @@ -451,14 +227,16 @@ paths: description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Get RADIUS server secret - tags: - - ControlPlane Resource + operationId: GetMtManage5gControlRadiusproxy post: - description: Add radius server shared secrete forroot tsg - operationId: post-mt-manage-5g-control-radiusproxy + tags: + - Control Plane Resource API + summary: Add Radius Proxy + description: Create a new RADIUS server shared secret configuration for the + root Tenant Service Group (TSG). Administrators submit the specific secret + and creator details to enable the 5G management plane to proxy authentication + requests effectively. Initialize this configuration when adding new authentication + nodes or refreshing security keys for the 5G infrastructure. requestBody: content: application/json: @@ -473,19 +251,17 @@ paths: description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Add radius server shared secrete for root tsg - tags: - - ControlPlane Resource + operationId: PostMtManage5gControlRadiusproxy /mt/manage/5g/control/radiusSecret: get: - description: 'Retrieve the shared secret for the RADIUS server associated with - the root tenant security group (root tsg). This secret is used for secure - RADIUS communication. - - ' - operationId: get-mt-manage-5g-control-radiussecret + tags: + - Control Plane Resource API + summary: Get Radius Secret + description: Fetch the shared secret key used for communicating with the external + RADIUS server in the root tenant context. This allows administrators to audit + the current security parameters used to authorize 5G subscriber sessions. + Access this information when validating that local authentication configurations + match the 5G management plane settings. responses: '200': description: Success @@ -495,14 +271,16 @@ paths: description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Get RADIUS server secret - tags: - - ControlPlane Resource + operationId: GetMtManage5gControlRadiussecret post: - description: Add radius server shared secrete forroot tsg - operationId: post-mt-manage-5g-control-radiussecret + tags: + - Control Plane Resource API + summary: Add Radius Secret + description: Assign a new cryptographic shared secret for RADIUS server communication + within the root Tenant Service Group (TSG). Administrators use this to establish + the primary trust bond between the 5G management service and the corporate + identity directory. Perform this operation when configuring initial authentication + workflows or as part of a scheduled secret rotation policy. requestBody: content: application/json: @@ -517,18 +295,17 @@ paths: description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Add radius server shared secrete for root tsg - tags: - - ControlPlane Resource + operationId: PostMtManage5gControlRadiussecret /mt/manage/5g/control/radiusServers: get: - description: 'Retrieve details of the RADIUS servers. This includes information - about the configuration and status of the RADIUS servers. - - ' - operationId: get-mt-manage-5g-control-radiusservers + tags: + - Control Plane Resource API + summary: Get Radius Details + description: Retrieve the full technical specifications and configuration status + of all active RADIUS servers within a specific management region. The system + returns server addresses and metadata required to maintain 5G connectivity + and authentication flows. Use this endpoint during network troubleshooting + or when auditing the external authentication dependencies of the 5G service. responses: '200': description: Success @@ -538,314 +315,233 @@ paths: description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Get RADIUS server details - tags: - - ControlPlane Resource + operationId: GetMtManage5gControlRadiusservers /mt/manage/5g/control/supported/interfaces: get: - description: 'Retrieve all supported interface types available in the system. - - ' - operationId: get-mt-manage-5g-control-supported-interfaces + tags: + - Control Plane Resource API + summary: List Supported Interfaces + description: Access a comprehensive list of all data interfaces currently supported + by the 5G management service, such as RADIUS or Application Programming Interface-based + enrichment. This inventory identifies which integration methods are available + for tenant data processing. Consult this list when determining the optimal + telemetry integration strategy for a new 5G deployment. responses: '200': description: Successful response '500': description: Server Error - security: - - Bearer: [] - summary: List Supported Interfaces + operationId: GetMtManage5gControlSupportedInterfaces + /mt/manage/5g/control/interface: + get: tags: - - ControlPlane Resource - /mt/manage/5g/deregister/ue: + - Control Plane Resource API + summary: Get Interface Type + description: View the specific interface type currently selected for 5G telemetry + processing within the tenant context. This check identifies whether the system + uses active RADIUS polling or passive Application Programming Interface-based + registration for UE mapping. + responses: + '200': + description: Successful response + '500': + description: Server Error + operationId: GetMtManage5gControlInterface post: - description: 'Remove a previously registered User Equipment (UE) from the system. - - ' - operationId: post-mt-manage-5g-deregister-ue + tags: + - Control Plane Resource API + summary: Add Interface Type + description: "Define the primary interface type and interim message configuration\ + \ for the 5G control plane. Administrators set the integration model\u2014\ + such as RADIUS with optional message intervals\u2014to determine how the system\ + \ receives subscriber telemetry. Configure this when establishing the 5G connectivity\ + \ model to ensure accurate data synchronization." requestBody: content: application/json: - examples: - Degister Success: - value: - - apn: demo.com - eventTime: 123456789009 - imei: '333333333333333' - imsi: '333333333333333' - ipType: IPv4 - ipv4Addr: 172.29.0.8 schema: - $ref: '#/components/schemas/RegisterUE' + $ref: '#/components/schemas/SetInterface' responses: - '202': - content: - application/json: - examples: - Successful: - summary: Request Accepted - schema: - type: object - description: Accepted - '401': - content: - application/json: - example: - clientRequestId: fd96df3d-4178-4141-a497-f4b12bc4d5ab - details: Interface set is not API - errorCode: '60076' - message: Either 5g is not enabled or interface is not API - requestId: fd96df3d-4178-4141-a497-f4b12bc4d5ab - service: 5G Management Service - schema: - type: object - description: Unauthorized - security: - - Bearer: [] - summary: DeRegister UE + '200': + description: Successful response + '400': + description: Bad Request + '500': + description: Server Error + operationId: PostMtManage5gControlInterface + /mt/manage/5g/control/interimMsg: + put: tags: - - UE Enrichment - /mt/manage/5g/register/ue: - post: - description: 'Register a User Equipment (UE) with the system by submitting IMSI, - IMEI, APN, IP address, and event details. - - ' - operationId: post-mt-manage-5g-register-ue + - Control Plane Resource API + summary: Update Interim Configuration + description: Modify the existing interim message interval and processing status + for an active 5G control plane interface. This update allows administrators + to tune the frequency of heartbeat messages to optimize performance or increase + synchronization accuracy. Apply these changes when network conditions or telemetry + requirements shift during active operation. requestBody: content: application/json: - examples: - IP out of Range: - value: - - apn: demo.com - eventTime: 123456789009 - imei: '333333333333333' - imsi: '333333333333333' - ipType: IPv4 - ipv4Addr: 192.29.0.8 - Incorrect Payload: - value: - - apn: demo.com - eventTime: 123456789009 - imei: '333333333333333' - imsi: '3333333333333' - ipType: IPv4 - ipv4Addr: 172.29.0.8 - Missing mandory param: - value: - - apn: demo.com - imei: '333333333333333' - imsi: '333333333333333' - ipType: IPv4 - ipv4Addr: 172.29.0.8 - Partially correct payload: - value: - - apn: demo.com - eventTime: 123456789009 - expiryTime: 1234568988 - imei: '444444444444444' - imsi: '444444444444444' - ipType: IPv4 - ipv4Addr: 172.29.0.10 - - apn: demo.com - expiryTime: 1234568988 - imei: '333333333333444' - imsi: '333333333333444' - ipType: IPv4 - ipv4Addr: 172.29.0.9 - msisdn: test - Register UE With mandatory params: - value: - - apn: demo.com - eventTime: 123456789009 - imei: '333333333333333' - imsi: '333333333333333' - ipType: IPv4 - ipv4Addr: 172.29.0.8 - Update expiry Time: - value: - - apn: demo.com - eventTime: 123456789009 - expiryTime: 8765432190 - imei: '333333333333333' - imsi: '333333333333333' - ipType: IPv4 - ipv4Addr: 172.29.0.8 schema: - $ref: '#/components/schemas/RegisterUE' + $ref: '#/components/schemas/UpdateInterimMsg' responses: - '202': - content: - application/json: - examples: - Successful: - summary: Request Accepted - schema: - type: object - description: Accepted - '207': - content: - application/json: - example: - apn: demo.com - errorMsg: Event time is must - expiryTime: 1234568988 - imei: '333333333333440' - imsi: '333333333333444' - ipType: 0 - ipv4Addr: 172.29.0.9 - msisdn: test - schema: - type: object - description: Partial Success + '200': + description: Successful response '400': - content: - application/json: - examples: - example-0: - summary: Incorrect Payload - value: - apn: demo.com - errorMsg: IMSI needs to be 15 digits, current length is 13 - eventTime: 123456789009 - imei: '333333333333333' - imsi: '3333333333333' - ipType: 0 - ipv4Addr: 172.29.0.8 - example-1: - summary: IP Out of Range - value: - apn: demo.com - errorMsg: IP is not a part of any ue cidr block - eventTime: 123456789009 - imei: '333333333333330' - imsi: '333333333333333' - ipType: 0 - ipv4Addr: 192.29.0.8 - example-2: - summary: Missing mandatory param - value: - apn: demo.com - errorMsg: Event time is must - imei: '333333333333330' - imsi: '333333333333333' - ipType: 0 - ipv4Addr: 172.29.0.8 - schema: - type: object description: Bad Request - '401': - content: - application/json: - example: - clientRequestId: fd96df3d-4178-4141-a497-f4b12bc4d5ab - details: Interface set is not API - errorCode: '60076' - message: Either 5g is not enabled or interface is not API - requestId: fd96df3d-4178-4141-a497-f4b12bc4d5ab - service: 5G Management Service - schema: - type: object - description: Unauthorized - security: - - Bearer: [] - summary: Register UE + '404': + description: Data Not Found + '500': + description: Server Error + operationId: PutMtManage5gControlInterimmsg + /mt/manage/5g/ipcidr/{compute_region}: + get: tags: - - UE Enrichment + - Enable 5 GAPI + summary: Get IP Address Cidr + description: Retrieve the allocated IPv4 and IPv6 CIDR blocks for the 5G User + Equipment (UE) pool within a specific compute region. The management plane + provides these ranges to identify which IP Address sets are reserved for secure + 5G traffic. Access this information when configuring firewall rules or verifying + IP Address resource availability for regional 5G deployments. + parameters: + - name: compute_region + in: path + required: true + schema: + type: string + responses: + '200': + description: Success + '400': + description: Bad Request + '404': + description: Data Not Found + '500': + description: Server Error + operationId: GetMtManage5gIpcidrBy_compute_region + /mt/manage/5g/setup: + post: + tags: + - Enable 5 GAPI + summary: Enable 5G Connectivity + description: Initialize the 5G connectivity framework for a specific compute + region by provisioning the necessary CIDR blocks and enabling the management + plane. Administrators submit the desired region and IP Address ranges to establish + the secure tunnel between the 5G provider and the Prisma Access backbone. + Use this endpoint once during the initial setup of a new 5G-capable service + region. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/Enable5GRequest' + responses: + '200': + description: Success + '400': + description: Bad Request + '404': + description: Data Not Found + '500': + description: Server Error + operationId: PostMtManage5gSetup /mt/manage/5g/tenantUEInfo: post: - description: 'Create tenant-user equipment (UE) information. This includes mapping - user devices to tenants for management and policy enforcement. - - ' - operationId: post-mt-manage-5g-tenantueinfo + tags: + - UE Info Resource API + summary: Add UE Mapping + description: Create a new mapping between a tenant and specific User Equipment + (UE) identifiers, including IMSI, IMEI, and APN values. This endpoint binds + unique subscriber hardware to a specific Tenant Service Group (TSG) for targeted + policy application. Use this when onboarding individual devices or static + IoT sensors that require persistent, identity-based security within the 5G + network. requestBody: content: application/json: + schema: + $ref: '#/components/schemas/TenantUEInfoRequest' examples: Add Tenant UE Info: value: - apn: apn@panw.com - imei: '111111789012345' - imsi: '123456789012345' root_tsg_id: '123456891' tsg_id: '123456890' + imei: '111111789012345' + imsi: '123456789012345' + apn: apn@panw.com IMEI Input Size Error: value: - apn: apn@panw.com - imei: '12345678901234' - imsi: '123456789012345' root_tsg_id: '1204544558' tsg_id: '1886576124' + imei: '12345678901234' + imsi: '123456789012345' + apn: apn@panw.com IMSI Input Size Error: value: - apn: apn@panw.com - imei: '123456789012345' - imsi: '12345678901234' root_tsg_id: '1204544558' tsg_id: '1886576124' - schema: - $ref: '#/components/schemas/TenantUEInfoRequest' + imei: '123456789012345' + imsi: '12345678901234' + apn: apn@panw.com responses: '200': + description: Success content: application/json: examples: Add Tenant UE Info: value: data: - apn: apn@panw.com - create_time: 1738446903587 id: 45a4ca95-9e8b-4a63-a482-70b7d3aa4fd8 - imei: '123456789012340' - imsi: '123456789012345' root_tsg_id: '1204544558' tsg_id: '1886576124' + imei: '123456789012340' + imsi: '123456789012345' + apn: apn@panw.com + create_time: 1738446903587 update_time: 1738446903587 - description: Success '400': + description: Bad Request content: application/json: examples: Duplicate Tenant UE Info: value: - clientRequestId: 9b3655ac-ce40-4e32-a38d-eff42e593d7f - details: Duplicate UE info errorCode: '60013' message: Duplicate tenant UE information - requestId: 9b3655ac-ce40-4e32-a38d-eff42e593d7f + details: Duplicate UE info service: 5G Management Service - IMEI Input Size Error: + requestId: 9b3655ac-ce40-4e32-a38d-eff42e593d7f + clientRequestId: 9b3655ac-ce40-4e32-a38d-eff42e593d7f + Invalid TSG Id: value: - clientRequestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 - details: IMEI needs to be 15 digits, current length is 27 errorCode: '60014' message: Failed to create tenant UE information - requestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 + details: tsg_id 123456890 does not exist in TenantDetails service: 5G Management Service - IMSI Input Size Error: + requestId: 814ea495-87e3-4f41-8ceb-7bec3d09fb23 + clientRequestId: 814ea495-87e3-4f41-8ceb-7bec3d09fb23 + IMEI Input Size Error: value: - clientRequestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 - details: IMSI needs to be 15 digits, current length is 27 errorCode: '60014' message: Failed to create tenant UE information - requestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 + details: IMEI needs to be 15 digits, current length is 27 service: 5G Management Service - Invalid TSG Id: + requestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 + clientRequestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 + IMSI Input Size Error: value: - clientRequestId: 814ea495-87e3-4f41-8ceb-7bec3d09fb23 - details: tsg_id 123456890 does not exist in TenantDetails errorCode: '60014' message: Failed to create tenant UE information - requestId: 814ea495-87e3-4f41-8ceb-7bec3d09fb23 + details: IMSI needs to be 15 digits, current length is 27 service: 5G Management Service - description: Bad Request + requestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 + clientRequestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 '404': description: Data Not Found '500': + description: Server Error content: application/json: examples: @@ -853,20 +549,17 @@ paths: "Unknown error occurred", "service": "5G Management Service", "requestId": null, "clientRequestId": null}' : value: Internal Server Error - description: Server Error - security: - - Bearer: [] - summary: Create tenant-UE info - tags: - - UE Info Resource + operationId: PostMtManage5gTenantueinfo /mt/manage/5g/tenantUEInfo/delete: post: - description: 'Delete the tenant-user equipment (UE) mapping for the provided - identity ID in bulk. This removes the association between user devices and - tenants. - - ' - operationId: post-mt-manage-5g-tenantueinfo-delete + tags: + - UE Info Resource API + summary: Delete Bulk Mappings + description: Permanently remove multiple Tenant-to-UE mappings from the management + database in a single batch operation. Administrators provide a list of unique + identity IDs to decommission large sets of subscriber equipment simultaneously. + Execute this during fleet refreshes or when offboarding multiple devices from + a specific 5G service plan. requestBody: content: application/json: @@ -881,148 +574,145 @@ paths: description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Delete tenant-UE mapping - tags: - - UE Info Resource + operationId: PostMtManage5gTenantueinfoDelete /mt/manage/5g/tenantUEInfo/list: post: - description: 'List tenant-user equipment (UE) information for the provided tenant - ID or group ID. This includes details about the devices associated with the - tenant or group. - - ' - operationId: post-mt-manage-5g-tenantueinfo-list + tags: + - UE Info Resource API + summary: Get Mapping List + description: Retrieve a paginated list of all active Tenant-to-UE mappings associated + with a specific Tenant Service Group (TSG). The response includes technical + details for each mapping, such as IMSI, IMEI, and associated security groups. + Utilize this for periodic audits of subscriber inventories or when verifying + the registration status of regional 5G devices. parameters: - - in: query - name: filter + - name: filter + in: query schema: pattern: ^[a-z]+:\w+(?:,[a-z]+:\w+)*$ type: string - - in: query - name: order + - name: order + in: query schema: pattern: ^[a-z]+:(asc|desc)*$ type: string - - in: query - name: page + - name: page + in: query schema: - default: 0 format: int32 + default: 0 type: integer - - in: query - name: size + - name: size + in: query schema: - default: 50 format: int32 + default: 50 type: integer requestBody: content: application/json: - examples: + schema: + $ref: '#/components/schemas/TenantUEInfoListInput' + examples: List Tenant UE Info: value: tsg_id: '1886576124' - schema: - $ref: '#/components/schemas/TenantUEInfoListInput' responses: '200': + description: Success content: application/json: examples: List Tenant UE Info: value: + totalItems: 2 data: - - apn: apn@panw.com - create_time: 1737682646248 - group: [] - identity_id: a5831ca0-5cf4-46a9-9409-6d55ea5e210a + - identity_id: a5831ca0-5cf4-46a9-9409-6d55ea5e210a + root_tsg_id: '1204544558' + tsg_id: '1886576124' imei: '100411547312190' imsi: '264467605337818' + apn: apn@panw.com + group: [] + create_time: 1737682646248 + update_time: 1737682646248 + - identity_id: 29900486-f87f-475a-803d-12e1ee886e55 root_tsg_id: '1204544558' tsg_id: '1886576124' - update_time: 1737682646248 - - apn: apn@panw.com - create_time: 1737682657616 - group: [] - identity_id: 29900486-f87f-475a-803d-12e1ee886e55 imei: '100454707189790' imsi: '512181509888245' - root_tsg_id: '1204544558' - tsg_id: '1886576124' + apn: apn@panw.com + group: [] + create_time: 1737682657616 update_time: 1737682657616 - totalItems: 2 List Tenant UE Info with Groups: value: + totalItems: 2 data: - - apn: apn@panw.com - create_time: 1737682646248 + - identity_id: a5831ca0-5cf4-46a9-9409-6d55ea5e210a + root_tsg_id: '1204544558' + tsg_id: '1886576124' + imei: '100411547312190' + imsi: '264467605337818' + apn: apn@panw.com group: - group_id: 6e451583-b3ab-4d62-af67-398675ab746f group_name: testgroup - identity_id: a5831ca0-5cf4-46a9-9409-6d55ea5e210a - imei: '100411547312190' - imsi: '264467605337818' + create_time: 1737682646248 + update_time: 1737682646248 + - identity_id: 29900486-f87f-475a-803d-12e1ee886e55 root_tsg_id: '1204544558' tsg_id: '1886576124' - update_time: 1737682646248 - - apn: apn@panw.com - create_time: 1737682657616 - group: [] - identity_id: 29900486-f87f-475a-803d-12e1ee886e55 imei: '100454707189790' imsi: '512181509888245' - root_tsg_id: '1204544558' - tsg_id: '1886576124' + apn: apn@panw.com + group: [] + create_time: 1737682657616 update_time: 1737682657616 - totalItems: 2 - description: Success '204': + description: No Content content: application/json: examples: List Tenant UE Info Invalid TSG Id: value: - data: [] totalItems: 0 - description: No Content + data: [] '400': description: Bad Request '404': description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: List tenant-UE info - tags: - - UE Info Resource + operationId: PostMtManage5gTenantueinfoList /mt/manage/5g/tenantUEInfo/upload: post: - description: 'Upload tenant-user equipment (UE) information in bulk. This allows - for the mass addition of user devices to the system. - - ' - operationId: post-mt-manage-5g-tenantueinfo-upload + tags: + - UE Info Resource API + summary: Upload Tenant Feature + description: Enable specific 5G management features for a tenant by uploading + a configuration file directly to the management plane. This action activates + regional capabilities and tenant-specific policies required for advanced 5G + connectivity. Perform this upload during the feature activation phase to grant + a tenant access to the 5G security framework. requestBody: content: multipart/form-data: - encoding: - file: - contentType: application/octet-stream schema: + type: object properties: file: format: binary type: string filename: type: string - rootTsgId: - type: string tsgId: type: string - type: object + rootTsgId: + type: string + encoding: + file: + contentType: application/octet-stream responses: '200': description: Success @@ -1032,151 +722,106 @@ paths: description: Data Not Found '500': description: Server Error - security: - - Bearer: [] - summary: Upload tenant-UE info - tags: - - UE Info Resource + operationId: PostMtManage5gTenantueinfoUpload /mt/manage/5g/tenantUEInfo/{identity_id}: - delete: - description: 'Delete the Tenant UE mapping for provided identity_id. - - ' - operationId: delete-mt-manage-5g-tenantueinfo-identity_id - parameters: - - in: path - name: identity_id - required: true - schema: - type: string - responses: - '200': - content: - application/json: - examples: - Delete Tenant UE Info: - value: - identity_id: 45a4ca95-9e8b-4a63-a482-70b7d3aa4fd8 - description: Success - '400': - content: - application/json: - examples: - Tenant UE information not found: - value: - clientRequestId: 88df052c-b139-4d47-a8e3-1fcf01ede954 - details: Provided identityId 45a4ca95-9e8b-4a63-a482-70b7d3aa4fd8 - does not exits. - errorCode: '60011' - message: Tenant UE information not found - requestId: 88df052c-b139-4d47-a8e3-1fcf01ede954 - service: 5G Management Service - description: Bad Request - '404': - description: Data Not Found - '500': - description: Server Error - security: - - Bearer: [] - summary: Delete tenant-UE mapping by ID - tags: - - UE Info Resource put: - description: 'Update the tenant-user equipment (UE) mapping for the provided - identity ID. This modifies the association between user devices and tenants. - - ' - operationId: put-mt-manage-5g-tenantueinfo-identity_id + tags: + - UE Info Resource API + summary: Edit UE Mapping + description: Update the IMSI, IMEI, or APN parameters for an existing Tenant-to-UE + mapping using its unique identifier. This allows administrators to keep subscriber + records accurate as hardware changes or service configurations shift. parameters: - - in: path - name: identity_id + - name: identity_id + in: path required: true schema: type: string requestBody: content: application/json: + schema: + $ref: '#/components/schemas/TenantUEInfoRequest' examples: Edit Tenant UE Info: value: - apn: apn@panw.com - imei: '111111789012345' - imsi: '123456789012345' root_tsg_id: '123456891' tsg_id: '123456890' + imei: '111111789012345' + imsi: '123456789012345' + apn: apn@panw.com IMEI Input Size Error: value: - apn: apn@panw.com - imei: '12345678901234' - imsi: '123456789012345' root_tsg_id: '1204544558' tsg_id: '1886576124' + imei: '12345678901234' + imsi: '123456789012345' + apn: apn@panw.com IMSI Input Size Error: value: - apn: apn@panw.com - imei: '123456789012345' - imsi: '12345678901234' root_tsg_id: '1204544558' tsg_id: '1886576124' - schema: - $ref: '#/components/schemas/TenantUEInfoRequest' + imei: '123456789012345' + imsi: '12345678901234' + apn: apn@panw.com responses: '200': + description: Success content: application/json: examples: Edit Tenant UE Info: value: data: - apn: apn@panw.com - create_time: 1738446903587 id: 45a4ca95-9e8b-4a63-a482-70b7d3aa4fd8 - imei: '111111789012340' - imsi: '123456789012345' root_tsg_id: '1204544558' tsg_id: '1886576124' + imei: '111111789012340' + imsi: '123456789012345' + apn: apn@panw.com + create_time: 1738446903587 update_time: 1738446903587 - description: Success '400': + description: Bad Request content: application/json: examples: Duplicate Tenant UE Info: value: - clientRequestId: 9b3655ac-ce40-4e32-a38d-eff42e593d7f - details: Duplicate UE info errorCode: '60013' message: Duplicate tenant UE information - requestId: 9b3655ac-ce40-4e32-a38d-eff42e593d7f + details: Duplicate UE info service: 5G Management Service - IMEI Input Size Error: + requestId: 9b3655ac-ce40-4e32-a38d-eff42e593d7f + clientRequestId: 9b3655ac-ce40-4e32-a38d-eff42e593d7f + Invalid TSG Id: value: - clientRequestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 - details: IMEI needs to be 15 digits, current length is 27 errorCode: '60014' message: Failed to create tenant UE information - requestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 + details: tsg_id 123456890 does not exist in TenantDetails service: 5G Management Service - IMSI Input Size Error: + requestId: 814ea495-87e3-4f41-8ceb-7bec3d09fb23 + clientRequestId: 814ea495-87e3-4f41-8ceb-7bec3d09fb23 + IMEI Input Size Error: value: - clientRequestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 - details: IMSI needs to be 15 digits, current length is 27 errorCode: '60014' message: Failed to create tenant UE information - requestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 + details: IMEI needs to be 15 digits, current length is 27 service: 5G Management Service - Invalid TSG Id: + requestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 + clientRequestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 + IMSI Input Size Error: value: - clientRequestId: 814ea495-87e3-4f41-8ceb-7bec3d09fb23 - details: tsg_id 123456890 does not exist in TenantDetails errorCode: '60014' message: Failed to create tenant UE information - requestId: 814ea495-87e3-4f41-8ceb-7bec3d09fb23 + details: IMSI needs to be 15 digits, current length is 27 service: 5G Management Service - description: Bad Request + requestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 + clientRequestId: 4934299e-15a1-454e-9f6c-c96c45b6d771 '404': description: Data Not Found '500': + description: Server Error content: application/json: examples: @@ -1184,31 +829,72 @@ paths: "Unknown error occurred", "service": "5G Management Service", "requestId": null, "clientRequestId": null}' : value: Internal Server Error - description: Server Error - security: - - Bearer: [] - summary: Update tenant-UE mapping by ID + operationId: PutMtManage5gTenantueinfoBy_identity_id + delete: tags: - - UE Info Resource + - UE Info Resource API + summary: Delete UE Mapping + description: Remove a single Tenant-to-UE mapping from the management system + to revoke its 5G connectivity and security permissions. Execute this when + a specific device is retired or no longer requires access to the 5G security + solution. + parameters: + - name: identity_id + in: path + required: true + schema: + type: string + responses: + '200': + description: Success + content: + application/json: + examples: + Delete Tenant UE Info: + value: + identity_id: 45a4ca95-9e8b-4a63-a482-70b7d3aa4fd8 + '400': + description: Bad Request + content: + application/json: + examples: + Tenant UE information not found: + value: + errorCode: '60011' + message: Tenant UE information not found + details: Provided identityId 45a4ca95-9e8b-4a63-a482-70b7d3aa4fd8 + does not exits. + service: 5G Management Service + requestId: 88df052c-b139-4d47-a8e3-1fcf01ede954 + clientRequestId: 88df052c-b139-4d47-a8e3-1fcf01ede954 + '404': + description: Data Not Found + '500': + description: Server Error + operationId: DeleteMtManage5gTenantueinfoBy_identity_id /mt/manage/5g/tenantUEInfo/{ueInfoId}: get: - description: 'Retrieve Tenant UE information Mapping, which includes the mapping - of Tenant, IMSI, IMEI, and APN for the specified ID. - - ' - operationId: get-mt-manage-5g-tenantueinfo-ueinfoid + tags: + - UE Info Resource API + summary: Get Mapping Details + description: Fetch the detailed technical specification of a single Tenant-to-UE + mapping through its unique identifier. The system returns the bound IMSI, + IMEI, and APN data along with registration timestamps. Use this for deep inspection + of a specific subscriber's configuration during troubleshooting or compliance + audits. parameters: - - in: path - name: ueInfoId + - name: ueInfoId + in: path required: true schema: type: string - - in: query - name: unknownUes + - name: unknownUes + in: query schema: type: boolean responses: '200': + description: Success content: application/json: examples: @@ -1224,54 +910,54 @@ paths: tsg_id: '1157492855' update_time: 1738909540647 header: - clientRequestId: 70e19fff-0793-45e7-93db-511ffe26288d createdAt: '2025-02-10T18:47:01.000Z' + clientRequestId: 70e19fff-0793-45e7-93db-511ffe26288d dataCount: 1 status: subCode: 200 - description: Success '400': + description: Bad Request content: application/json: examples: Tenant UE information not found: value: - clientRequestId: 88df052c-b139-4d47-a8e3-1fcf01ede954 - details: Provided identityId 45a4ca95-9e8b-4a63-a482-70b7d3aa4fd8 - does not exits. errorCode: '60011' message: Tenant UE information not found - requestId: 88df052c-b139-4d47-a8e3-1fcf01ede954 + details: Provided identityId 45a4ca95-9e8b-4a63-a482-70b7d3aa4fd8 + does not exits. service: 5G Management Service - description: Bad Request + requestId: 88df052c-b139-4d47-a8e3-1fcf01ede954 + clientRequestId: 88df052c-b139-4d47-a8e3-1fcf01ede954 '404': description: Data Not Found '500': + description: Server Error content: application/json: examples: Invalid TSG Id: value: - details: Unknown error occurred errorCode: '60000' message: Unexpected server error + details: Unknown error occurred service: 5G Management Service - description: Server Error - security: - - Bearer: [] - summary: Retrieve UE Mapping - tags: - - UE Info Resource + operationId: GetMtManage5gTenantueinfoBy_ueinfoid /mt/manage/5g/userGroup: post: - description: 'Create a user group with user equipment (UE) information. This - allows for the grouping of user devices for management and policy enforcement. - - ' - operationId: post-mt-manage-5g-usergroup + tags: + - Group Resource API + summary: Add User Group + description: Create a logical group of Tenant User Equipment (UE) identities + to facilitate the application of shared security policies. Administrators + bundle multiple unique UE IDs under a single group name to simplify large-scale + management within a tenant. Use this when defining common access rules for + specific device classes, such as IoT sensors or mobile workforce groups. requestBody: content: application/json: + schema: + $ref: '#/components/schemas/TenantGroupInfo' examples: Add User Group: value: @@ -1280,86 +966,85 @@ paths: - e20f9c45-6f53-4c2f-96fc-7964532d8b83 - e79bda5e-d2ae-4e1d-b0f2-c9318a2b7fa2 tsg_id: '1886576124' - schema: - $ref: '#/components/schemas/TenantGroupInfo' responses: '200': + description: Success content: application/json: examples: Add User Group: value: data: - cieGroupId: 137b7d3b-25b2-446c-b7c4-e40fbf704125 - createTime: 1738448314169 id: 6e451583-b3ab-4d62-af67-398675ab746f + userGroupName: testgroup + cieGroupId: 137b7d3b-25b2-446c-b7c4-e40fbf704125 tsgId: '1886576124' + createTime: 1738448314169 updateTime: 1738448314412 - userGroupName: testgroup Add User Group with Incorrect Identity ID: value: data: - cieGroupId: 137b7d3b-25b2-446c-b7c4-e40fbf704125 - createTime: 1738448314169 id: 6e451583-b3ab-4d62-af67-398675ab746f + userGroupName: testgroup + cieGroupId: 137b7d3b-25b2-446c-b7c4-e40fbf704125 tsgId: '1886576124' + createTime: 1738448314169 updateTime: 1738448314412 - userGroupName: testgroup - description: Success '400': + description: Bad Request content: application/json: examples: Add Duplicate User Group Name: value: - clientRequestId: 8e414a6e-51ce-4d71-b272-e00b3f17c961 - details: Duplicate user group name testgroup errorCode: '60003' message: Duplicate user group name - requestId: 8e414a6e-51ce-4d71-b272-e00b3f17c961 + details: Duplicate user group name testgroup service: 5G Management Service - description: Bad Request + requestId: 8e414a6e-51ce-4d71-b272-e00b3f17c961 + clientRequestId: 8e414a6e-51ce-4d71-b272-e00b3f17c961 '404': description: Data Not Found '500': + description: Server Error content: application/json: examples: Internal Server Error: value: - details: Unknown error occurred errorCode: '60000' message: Unexpected server error + details: Unknown error occurred service: 5G Management Service - description: Server Error - security: - - Bearer: [] - summary: Create user group - tags: - - Group Resource + operationId: PostMtManage5gUsergroup /mt/manage/5g/userGroup/list: post: - description: 'List user groups for the provided tenant ID. This includes details - about the groups and their associated user devices. - - ' - operationId: post-mt-manage-5g-usergroup-list + tags: + - Group Resource API + summary: Get Group List + description: Retrieve an inventory of all user groups configured within a specific + Tenant Service Group (TSG). The system provides the group names, member counts, + and unique identifiers required for secondary management actions. Use this + endpoint to audit group structures and monitor device organization across + the 5G management plane. requestBody: content: application/json: + schema: + $ref: '#/components/schemas/TenantGroupInfoListInput' examples: List User Group: value: tsg_id: '1886576124' - schema: - $ref: '#/components/schemas/TenantGroupInfoListInput' responses: '200': + description: Success content: application/json: examples: List User Group: value: + totalItems: 2 data: - group_id: 3ff7689a-c7a8-410c-b973-8ccac5e6d20d group_name: testgroup2 @@ -1369,51 +1054,49 @@ paths: group_name: testgroup tsg_id: '1886576124' user_count: 2 - totalItems: 2 - description: Success '204': + description: No Content content: application/json: examples: List User Group Invalid TSG Id: value: - data: [] totalItems: 0 - description: No Content + data: [] '400': description: Bad Request '404': description: Data Not Found '500': + description: Server Error content: application/json: examples: Internal Server Error: value: - details: Unknown error occurred errorCode: '60000' message: Unexpected server error + details: Unknown error occurred service: 5G Management Service - description: Server Error - security: - - Bearer: [] - summary: List user groups - tags: - - Group Resource + operationId: PostMtManage5gUsergroupList /mt/manage/5g/userGroup/{groupId}: get: - description: 'Retrieve Tenant UE information IDs for the specified groupId. - - ' - operationId: get-mt-manage-5g-usergroup-groupid + tags: + - Group Resource API + summary: Get Group IDs + description: Fetch the full list of Tenant User Equipment (UE) identifiers associated + with a specific user group. This reveals exactly which devices belong to the + group for detailed policy verification. Access this information when auditing + group membership or verifying the reach of a group-based security policy. parameters: - - in: path - name: groupId + - name: groupId + in: path required: true schema: type: string responses: '200': + description: Success content: application/json: examples: @@ -1430,59 +1113,58 @@ paths: - e38f8ebf-437f-4ca8-a447-42714eae24d6 tsg_id: '1157492855' header: - clientRequestId: 237266cc-8f00-45c8-9122-e551fba2a1fa createdAt: '2025-02-10T18:53:31.000Z' + clientRequestId: 237266cc-8f00-45c8-9122-e551fba2a1fa dataCount: 1 status: subCode: 200 - description: Success '400': + description: Bad Request content: application/json: examples: Invalid User Group: value: - clientRequestId: 7e2309f1-d50e-4ee6-a9cb-cb45eb0930ae - details: 'No group found for the provided group ID: e2cbebf8-b6b3-405e-ad00-04ad4' errorCode: '60007' message: User group validation failed - requestId: 7e2309f1-d50e-4ee6-a9cb-cb45eb0930ae + details: 'No group found for the provided group ID: e2cbebf8-b6b3-405e-ad00-04ad4' service: 5G Management Service - description: Bad Request + requestId: 7e2309f1-d50e-4ee6-a9cb-cb45eb0930ae + clientRequestId: 7e2309f1-d50e-4ee6-a9cb-cb45eb0930ae '404': description: Data Not Found '500': + description: Server Error content: application/json: examples: Internal Server Error: value: - details: Unknown error occurred errorCode: '60000' message: Unexpected server error + details: Unknown error occurred service: 5G Management Service - description: Server Error - security: - - Bearer: [] - summary: Retrieve UE IDs - tags: - - Group Resource + operationId: GetMtManage5gUsergroupBy_groupid /mt/manage/5g/userGroup/{group_id}: put: - description: 'Update the user group mapping for the provided group ID. This - modifies the association between user devices and the group. - - ' - operationId: put-mt-manage-5g-usergroup-group_id + tags: + - Group Resource API + summary: Edit User Group + description: Modify the name or member list of an existing user group within + the 5G management plane. Administrators can add or remove UE identifiers to + adjust the scope of group-based security rules. Apply these updates when device + deployments change or when group hierarchies require realignment. parameters: - - in: path - name: group_id + - name: group_id + in: path required: true schema: type: string requestBody: content: application/json: + schema: + $ref: '#/components/schemas/TenantGroupInfo' examples: Edit User Group: value: @@ -1491,78 +1173,76 @@ paths: - e20f9c45-6f53-4c2f-96fc-7964532d8b83 - e79bda5e-d2ae-4e1d-b0f2-c9318a2b7fa2 tsg_id: '1886576124' - schema: - $ref: '#/components/schemas/TenantGroupInfo' responses: '200': + description: Success content: application/json: examples: Edit User Group: value: data: - cieGroupId: 137b7d3b-25b2-446c-b7c4-e40fbf704125 - createTime: 1738448314169 id: 6e451583-b3ab-4d62-af67-398675ab746f + userGroupName: testgroup + cieGroupId: 137b7d3b-25b2-446c-b7c4-e40fbf704125 tsgId: '1886576124' + createTime: 1738448314169 updateTime: 1738448314412 - userGroupName: testgroup Edit User Group with Incorrect Identity ID: value: data: - cieGroupId: 137b7d3b-25b2-446c-b7c4-e40fbf704125 - createTime: 1738448314169 id: 6e451583-b3ab-4d62-af67-398675ab746f + userGroupName: testgroup + cieGroupId: 137b7d3b-25b2-446c-b7c4-e40fbf704125 tsgId: '1886576124' + createTime: 1738448314169 updateTime: 1738448314412 - userGroupName: testgroup - description: Success '400': + description: Bad Request content: application/json: examples: Invalid User Group: value: - clientRequestId: 7e2309f1-d50e-4ee6-a9cb-cb45eb0930ae - details: 'No group found for the provided group ID: e2cbebf8-b6b3-405e-ad00-04ad4' errorCode: '60007' message: User group validation failed - requestId: 7e2309f1-d50e-4ee6-a9cb-cb45eb0930ae + details: 'No group found for the provided group ID: e2cbebf8-b6b3-405e-ad00-04ad4' service: 5G Management Service - description: Bad Request + requestId: 7e2309f1-d50e-4ee6-a9cb-cb45eb0930ae + clientRequestId: 7e2309f1-d50e-4ee6-a9cb-cb45eb0930ae '404': description: Data Not Found '500': + description: Server Error content: application/json: examples: Internal Server Error: value: - details: Unknown error occurred errorCode: '60000' message: Unexpected server error + details: Unknown error occurred service: 5G Management Service - description: Server Error - security: - - Bearer: [] - summary: Update user group - tags: - - Group Resource + operationId: PutMtManage5gUsergroupBy_group_id /mt/manage/5g/userGroup/{identity_id}: delete: - description: 'Delete the user group mapping for the provided identity ID. This - removes the association between user devices and the group. - - ' - operationId: delete-mt-manage-5g-usergroup-identity_id + tags: + - Group Resource API + summary: Delete User Group + description: Permanently decommission a specific user group and remove its associated + identity mappings from the management database. This action stops the application + of group-level policies without deleting the underlying individual UE records. + Execute this during configuration cleanup or when retiring specific device + classification models. parameters: - - in: path - name: identity_id + - name: identity_id + in: path required: true schema: type: string responses: '200': + description: Success content: application/json: examples: @@ -1572,80 +1252,536 @@ paths: Delete User Group Again: value: identity_id: 45a4ca95-9e8b-4a63-a482-70b7d3aa4fd8 - description: Success '400': + description: Bad Request content: application/json: examples: Invalid User Group: value: - clientRequestId: 7e2309f1-d50e-4ee6-a9cb-cb45eb0930ae - details: 'No group found for the provided group ID: e2cbebf8-b6b3-405e-ad00-04ad4' errorCode: '60007' message: User group validation failed - requestId: 7e2309f1-d50e-4ee6-a9cb-cb45eb0930ae + details: 'No group found for the provided group ID: e2cbebf8-b6b3-405e-ad00-04ad4' service: 5G Management Service - description: Bad Request + requestId: 7e2309f1-d50e-4ee6-a9cb-cb45eb0930ae + clientRequestId: 7e2309f1-d50e-4ee6-a9cb-cb45eb0930ae '404': description: Data Not Found '500': + description: Server Error content: application/json: examples: Internal Server Error: value: - details: Unknown error occurred errorCode: '60000' message: Unexpected server error + details: Unknown error occurred service: 5G Management Service - description: Server Error - security: - - Bearer: [] - summary: Delete user group mapping + operationId: DeleteMtManage5gUsergroupBy_identity_id + /mt/manage/5g/register/ue: + post: tags: - - Group Resource + - UE Enrichment + summary: Register UE Device + description: Dynamically register one or more User Equipment (UE) devices with + the 5G management plane by providing their IP Address addresses and subscriber + identifiers. This enrichment process allows the 5G security solution to map + real-time traffic to specific IMSI and IMEI identities. Perform this registration + when using the Application Programming Interface-based integration model to + ensure traffic flows are correctly attributed to tenants. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RegisterUE' + examples: + Register UE With mandatory params: + value: + - imsi: '333333333333333' + imei: '333333333333333' + apn: demo.com + ipv4Addr: 172.29.0.8 + ipType: IPv4 + eventTime: 123456789009 + Incorrect Payload: + value: + - imsi: '3333333333333' + imei: '333333333333333' + apn: demo.com + ipv4Addr: 172.29.0.8 + ipType: IPv4 + eventTime: 123456789009 + IP out of Range: + value: + - imsi: '333333333333333' + imei: '333333333333333' + apn: demo.com + ipv4Addr: 192.29.0.8 + ipType: IPv4 + eventTime: 123456789009 + Missing mandory param: + value: + - imsi: '333333333333333' + imei: '333333333333333' + apn: demo.com + ipv4Addr: 172.29.0.8 + ipType: IPv4 + Partially correct payload: + value: + - imsi: '444444444444444' + imei: '444444444444444' + apn: demo.com + ipv4Addr: 172.29.0.10 + ipType: IPv4 + eventTime: 123456789009 + expiryTime: 1234568988 + - imsi: '333333333333444' + imei: '333333333333444' + apn: demo.com + ipv4Addr: 172.29.0.9 + ipType: IPv4 + expiryTime: 1234568988 + msisdn: test + Update expiry Time: + value: + - imsi: '333333333333333' + imei: '333333333333333' + apn: demo.com + ipv4Addr: 172.29.0.8 + ipType: IPv4 + eventTime: 123456789009 + expiryTime: 8765432190 + responses: + '202': + description: Accepted + content: + application/json: + schema: + type: object + examples: + Successful: + summary: Request Accepted + '207': + description: Partial Success + content: + application/json: + schema: + type: object + example: + apn: demo.com + errorMsg: Event time is must + expiryTime: 1234568988 + imei: '333333333333440' + imsi: '333333333333444' + ipType: 0 + ipv4Addr: 172.29.0.9 + msisdn: test + '400': + description: Bad Request + content: + application/json: + schema: + type: object + examples: + example-0: + summary: Incorrect Payload + value: + apn: demo.com + errorMsg: IMSI needs to be 15 digits, current length is 13 + eventTime: 123456789009 + imei: '333333333333333' + imsi: '3333333333333' + ipType: 0 + ipv4Addr: 172.29.0.8 + example-1: + summary: IP Out of Range + value: + apn: demo.com + errorMsg: IP is not a part of any ue cidr block + eventTime: 123456789009 + imei: '333333333333330' + imsi: '333333333333333' + ipType: 0 + ipv4Addr: 192.29.0.8 + example-2: + summary: Missing mandatory param + value: + apn: demo.com + errorMsg: Event time is must + imei: '333333333333330' + imsi: '333333333333333' + ipType: 0 + ipv4Addr: 172.29.0.8 + '401': + description: Unauthorized + content: + application/json: + schema: + type: object + example: + errorCode: '60076' + message: Either 5g is not enabled or interface is not API + details: Interface set is not API + service: 5G Management Service + requestId: fd96df3d-4178-4141-a497-f4b12bc4d5ab + clientRequestId: fd96df3d-4178-4141-a497-f4b12bc4d5ab + operationId: PostMtManage5gRegisterUe + /mt/manage/5g/deregister/ue: + post: + tags: + - UE Enrichment + summary: Deregister UE Device + description: Terminate the real-time registration of one or more User Equipment + (UE) devices to stop the attribution of traffic to those subscriber identifiers. + This endpoint cleans up the active mapping table when a session ends or a + device disconnects from the 5G network. Use this to maintain an accurate and + up-to-date view of active 5G subscribers within the management plane. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RegisterUE' + examples: + Degister Success: + value: + - imsi: '333333333333333' + imei: '333333333333333' + apn: demo.com + ipv4Addr: 172.29.0.8 + ipType: IPv4 + eventTime: 123456789009 + responses: + '202': + description: Accepted + content: + application/json: + schema: + type: object + examples: + Successful: + summary: Request Accepted + '401': + description: Unauthorized + content: + application/json: + schema: + type: object + example: + errorCode: '60076' + message: Either 5g is not enabled or interface is not API + details: Interface set is not API + service: 5G Management Service + requestId: fd96df3d-4178-4141-a497-f4b12bc4d5ab + clientRequestId: fd96df3d-4178-4141-a497-f4b12bc4d5ab + operationId: PostMtManage5gDeregisterUe servers: -- url: https://api.sase.paloaltonetworks.com -tags: -- description: "The Customer Identity and Engagement (CIE) Token Resource API is responsible\ - \ for managing tokens used for authentication and authorization purposes within\ - \ the 5G SASE system. This includes operations such as saving, retrieving, and\ - \ validating CIE tokens for leaf tenants. \nThese tokens are crucial for ensuring\ - \ secure access and interaction with the system's resources.\n" - name: CIE Token Resource API -- description: "The Connection API provides endpoints for retrieving and managing\ - \ connection details across different regions within the 5G SASE system. \nThis\ - \ includes information about the current status, configuration, and performance\ - \ of connections. \nAdministrators can use this API to monitor and optimize network\ - \ connectivity, ensuring efficient and reliable communication.\n" - name: Connection API -- description: "The Control Plane Resource API is responsible for managing control\ - \ plane operations within the 5G SASE system. \nThis includes handling certificates,\ - \ proxy configurations, and RADIUS server secrets. \nThese operations are critical\ - \ for establishing secure communication channels and ensuring the proper functioning\ - \ of the control plane, which orchestrates the overall network management and\ - \ security policies.\n" - name: Control Plane Resource API -- description: 'The User Equipment (UE) Info Resource API manages information related - to user devices within the 5G SASE system. This includes creating, updating, listing, - and deleting tenant-user equipment mappings. - - By managing UE information, this API helps in enforcing security policies, tracking - device usage, and ensuring that user devices are properly associated with their - respective tenants. - - ' - name: UE Info Resource API -- description: "The Group Resource API is responsible for managing user groups within\ - \ the 5G SASE system. This includes creating, updating, listing, and deleting\ - \ groups that contain user equipment (UE) information. \nBy organizing user devices\ - \ into groups, this API facilitates the application of group-based security policies\ - \ and simplifies the management of multiple devices within the network.\n" - name: Group Resource API -- description: "The User Equipment (UE) Enrichment API is designed to augment UE data\ - \ with additional context and security-related information. This includes enriching\ - \ UE profiles with details such as device type, location, user identity, and security\ - \ posture. \nBy enriching this data, the API enables more granular policy enforcement,\ - \ better threat detection, and improved network visibility, helping administrators\ - \ to make more informed decisions about device access and security.\n" - name: UE Enrichment API +- url: https://stratacloudmanager.paloaltonetworks.com +security: +- JWT: [] +components: + schemas: + CSVFieldDelimiter: + enum: + - comma + - semi_colon + - tab + type: string + CieTokenRequest: + type: object + properties: + tsg_id: + type: string + access_token: + type: string + created_by: + type: string + created_at: + type: string + cie_directory: + type: string + CompressionType: + enum: + - gzip + - none + - snappy + type: string + ConnectionRegionEntry: + description: Connection Region Entry + type: object + properties: + computeRegion: + type: string + connectionCount: + format: int32 + type: integer + connectionStatusEntry: + $ref: '#/components/schemas/ConnectionStatusEntry' + bandwidth: + format: int64 + description: Bandwidth in BPS + type: integer + status: + type: string + ConnectionStatusEntry: + type: object + properties: + up: + format: int32 + type: integer + down: + format: int32 + type: integer + Enable5GRequest: + type: object + properties: + compute_region: + type: string + action: + type: string + ipv4_cidr: + type: string + ipv6_cidr: + type: string + JsonObject: + type: array + items: + type: string + RadiusProxyRequest: + type: object + properties: + name: + type: string + ipaddress: + type: string + RadiusServerSecretRequest: + type: object + properties: + secret: + type: string + created_by: + type: string + RegisterUE: + type: array + description: A list of one or more UEs + items: + type: object + properties: + apn: + description: APN (Access Point Name) for the Tenant UE + example: apn@panw.com + type: string + imei: + description: 15 digit IMEI (International Mobile Equipment Identity) number. + Error is returned if number of digits is not exactly 15.Last digit will + be replaced by zero. + example: '123456789012345' + type: string + imsi: + description: 15 digit IMSI (International Mobile Subscriber Identity) + number. Error is returned if number of digits is not exactly 15. + example: '123456789012345' + type: string + ipType: + description: it tells whether it is ipv4, ipv6 or dual stack. Valid values + are IPv4, IPv6, IPv4v6 + example: IPV4 + type: string + ipv4Addr: + type: string + ipv6Addr: + type: string + eventTime: + description: epoc time in ms + type: integer + expiryTime: + description: epoc time in ms + type: integer + sliceId: + type: string + msisdn: + type: string + ratType: + type: string + cellId: + type: string + supi: + type: string + required: + - eventTime + - ipType + - imsi + - imei + - apn + SetInterface: + type: object + properties: + interfaceType: + type: string + example: RADIUS + processInterimMsg: + type: boolean + default: false + interimMsgInterval: + type: integer + description: How often interim messages will come(in minutes) + required: + - interfaceType + TDF: + type: object + properties: + image: + type: string + zclusterIds: + type: array + items: + type: string + TenantGroupInfo: + type: object + properties: + tsg_id: + type: string + identity_id: + type: array + items: + type: string + group_name: + type: string + TenantGroupInfoListInput: + type: object + properties: + tsg_id: + type: string + group_id: + type: string + TenantUEInfoListInput: + type: object + properties: + tsg_id: + type: string + TenantUEInfoRequest: + type: object + properties: + tsg_id: + type: string + imei: + type: string + imsi: + type: string + apn: + type: string + root_tsg_id: + type: string + TenantUeInfoBulkDeleteRequest: + type: object + properties: + identityIds: + type: array + items: + type: string + RequestBody_TenantUeInfoAddEdit: + properties: + mapping: + allOf: + - $ref: '#/components/schemas/TenantUeInfoMapping' + description: Tenant UE Info mapping request body + type: object + required: + - mapping + type: object + RequestBody_TsgId: + properties: + mapping: + allOf: + - $ref: '#/components/schemas/TsgIdInput' + description: TSG (Tenant Subscriber Group) Id Input + type: object + required: + - mapping + type: object + RequestBody_UserGroupAddEdit: + properties: + userGroupInfo: + allOf: + - $ref: '#/components/schemas/UserGroupInfo' + description: User Group mapping request body + type: object + required: + - userGroupInfo + type: object + TenantUeInfoMapping: + properties: + apn: + description: APN (Access Point Name) for the Tenant UE + example: apn@panw.com + type: string + imei: + description: 15 digit IMEI (International Mobile Equipment Identity) number. + Error is returned if number of digits is not exactly 15.Last digit will + be replaced by zero. + example: '123456789012345' + type: string + imsi: + description: 15 digit IMSI (International Mobile Subscriber Identity) number. + Error is returned if number of digits is not exactly 15. + example: '123456789012345' + type: string + root_tsg_id: + description: TSG Id of the Root Tenant. No error is returned if invalid + TSG Id is provided. + example: '1234567891' + type: string + tsg_id: + description: TSG Id of the Child or Enterprise Tenant. Error is returned + if invalid TSG Id is provided. + example: '1234567890' + type: string + required: + - root_tsg_id + - tsg_id + - imsi + - imei + - apn + type: object + TsgIdInput: + properties: + tsg_id: + description: TSG Id of the Child or Enterprise Tenant. Error is returned + if invalid TSG Id is provided. + example: '1234567890' + type: string + required: + - tsg_id + type: object + UpdateInterimMsg: + type: object + properties: + processMsg: + type: boolean + default: false + interval: + type: integer + description: How often interim messages will come(in minutes) + UserGroupInfo: + properties: + group_name: + description: User Group Name. Must be unique across tenants. + example: test_user_group + type: string + identity_id: + description: Array of Tenant UE Info mapping ids + example: 1234567890 + items: + type: string + type: array + tsg_id: + description: TSG Id of the Child or Enterprise Tenant. Error is returned + if invalid TSG Id is provided. + example: '1234567890' + type: string + required: + - group_name + - identity_id + - tsg_id + type: object +ExternalTags: {} diff --git a/openapi-specs/sase/monitor-services-5g/5G-monitor.yaml b/openapi-specs/sase/monitor-services-5g/5G-monitor.yaml new file mode 100644 index 000000000..b6fca9296 --- /dev/null +++ b/openapi-specs/sase/monitor-services-5g/5G-monitor.yaml @@ -0,0 +1,968 @@ +openapi: 3.0.2 +info: + title: SASE 5G Monitor API + version: '1.0' + description: "The SASE 5G Monitoring APIs provide real-time visibility and technical\ + \ telemetry across the 5G infrastructure. These interfaces enable administrators\ + \ to track subscriber scaling, monitor regional registration trends, and audit\ + \ network throughput. By integrating these monitoring endpoints into centralized\ + \ dashboards, organizations can identify unauthorized device mappings, respond\ + \ to security incidents by severity, and ensure that 5G network interconnects\ + \ maintain optimal performance levels. This spec was created on February 09, 2026.\ + \ \xA9 2026 Palo Alto Networks, Inc." +paths: + /mt/monitor/5g/tenants: + get: + tags: + - Total Tenants + summary: Retrieve Total Tenants + description: Access the central management plane to retrieve the total count + of tenants currently provisioned within the 5G environment. This query provides + high-level visibility into ecosystem scale by scanning the active tenant database. + Administrators should execute this check periodically to ensure tenant counts + align with expected licensing and service levels. + responses: + '200': + description: Success + content: + application/json: + example: + data: + total_tenants: 8 + header: + createdAt: '2025-12-17T01:28:33Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + '401': + description: Permission Denied + '500': + description: Server Error + operationId: GetMtMonitor5gTenants + /mt/monitor/5g/ueIp/registered: + get: + tags: + - Registered UE Mappings + summary: Fetch Registered Mappings + description: Retrieve the current total of successfully registered User Equipment + (UE) device mappings across the entire network. This operation identifies + how many devices have active IP Address assignments by querying the real-time + registration table. Use this data whenever you need to verify the current + load of authenticated devices on the 5G network. + responses: + '200': + description: Success + content: + application/json: + example: + data: + registered_device: 6 + header: + createdAt: '2025-12-17T02:03:07Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + '401': + description: Permission Denied + '500': + description: Server Error + operationId: GetMtMonitor5gUeipRegistered + /mt/monitor/5g/ueIp/region: + get: + tags: + - UE IP Region + summary: Get UEs Region + description: View a list of all geographical compute regions where User Equipment + (UE) devices are currently registered. This endpoint scans regional gateways + to identify active subscriber locations. Perform this query to determine the + global distribution of 5G traffic and ensure that subscribers are connecting + to the intended regional nodes. + responses: + '200': + description: Success + content: + application/json: + example: + data: + - compute_region: us-west2 + header: + createdAt: '2025-12-17T02:06:52Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + '401': + description: Permission Denied + '500': + description: Server Error + operationId: GetMtMonitor5gUeipRegion + /mt/monitor/5g/ueIp/registered/trend: + post: + tags: + - 5G Registered Trend + summary: Get Registered UE Trend + description: Generate a historical trend report showing the rate of successful + UE device registrations over a specified time interval. By submitting a TrendRequest + with filtering parameters, you can identify growth patterns or sudden spikes + in device connectivity. Use this analysis to forecast capacity requirements + and detect anomalies in subscriber behavior. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/TrendRequest' + example: + properties: + - property: imei + function: count + alias: registered_count + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 7 + - property: compute_region + operator: in + values: + - us-central1 + histogram: + property: event_time + range: day + enableEmptyInterval: false + value: '1' + responses: + '200': + description: Success + content: + application/json: + example: + data: + - event_time: 1765324800000 + registered_count: 4 + - event_time: 1765411200000 + registered_count: 4 + header: + createdAt: '2025-12-17T02:05:29Z' + clientRequestId: null + dataCount: 7 + status: + subCode: 200 + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + operationId: PostMtMonitor5gUeipRegisteredTrend + /mt/monitor/5g/ueIp/deregistered/trend: + post: + tags: + - 5G Deregistered Trend + summary: Get DeRegistered UE Trend + description: Track the trend of devices disconnecting or deregistering from + the 5G network over time. This endpoint processes historical telemetry to + show when and where UE mappings are cleared. Monitor these trends to identify + potential network stability issues or scheduled device maintenance windows + that impact active subscriber counts. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/TrendRequest' + example: + properties: + - property: imei + function: count + alias: deregistered_count + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 7 + - property: compute_region + operator: in + values: + - us-central1 + histogram: + property: event_time + range: day + enableEmptyInterval: false + value: '1' + responses: + '200': + description: Success + content: + application/json: + example: + data: + - event_time: 1765324800000 + deregistered_count: 3 + - event_time: 1765411200000 + deregistered_count: 3 + header: + createdAt: '2025-12-17T02:05:42Z' + clientRequestId: null + dataCount: 7 + status: + subCode: 200 + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + operationId: PostMtMonitor5gUeipDeregisteredTrend + /mt/monitor/5g/ueIp/count: + post: + tags: + - Added and Cleared Mappings + summary: Count Mapping Changes + description: Retrieve a summary count of all UE IP Address mappings that were + either added or cleared during a specific timeframe. This query uses time-based + filters to provide a snapshot of network "churn" or movement. Execute this + to audit how frequently IP Address assignments change within your 5G subscriber + pool. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CountFilterRequest' + example: + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 7 + responses: + '200': + description: Success + content: + application/json: + example: + data: + add_count: 28 + delete_count: 19 + header: + createdAt: '2025-12-17T02:07:14Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + operationId: PostMtMonitor5gUeipCount + /mt/monitor/5g/unknownIp/region: + get: + tags: + - Unknown IP Regions + summary: Locate Unknown IPs + description: Identify the compute regions where the system has detected 5G traffic + from unknown or unmapped IP Address addresses. This endpoint scans regional + traffic logs to find packets that lack a valid subscriber identity. Use this + information to investigate potential security breaches or configuration errors + in specific regional gateways. + responses: + '200': + description: Success + content: + application/json: + example: + data: + - compute_region: us-west2 + header: + createdAt: '2025-12-17T02:04:26Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + '401': + description: Permission Denied + '500': + description: Server Error + operationId: GetMtMonitor5gUnknownipRegion + /mt/monitor/5g/unknownIp/trend: + post: + tags: + - 5G Unknown IPs Trend + summary: Track Unknown IPs + description: Monitor the historical trend of unknown IP Address address detections + over a defined period. By analyzing these trends, you can determine if unauthorized + traffic is increasing or if specific regions are consistently seeing unmapped + devices. Use this telemetry to refine your UE registration policies and improve + network-based security. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/TrendRequest' + example: + properties: + - property: ip_address + function: distinct_count + alias: count + - property: compute_region + alias: region + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 7 + - property: compute_region + operator: in + values: + - us-central1 + histogram: + property: event_time + range: day + enableEmptyInterval: false + value: '1' + responses: + '200': + description: Success + content: + application/json: + example: + data: + - region: us-central1 + event_time: 1765324800000 + count: 13 + - region: us-central1 + event_time: 1765411200000 + count: 7 + header: + createdAt: '2025-12-17T02:05:04Z' + clientRequestId: null + dataCount: 8 + status: + subCode: 200 + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + operationId: PostMtMonitor5gUnknownipTrend + /mt/monitor/5g/mapping/activeUEs: + get: + tags: + - Active Mappings + summary: Get Active UE Mappings + description: Returns the number of active UE mappings. + responses: + '200': + description: Success + content: + application/json: + example: + data: + active_mappings: 4 + header: + createdAt: '2025-12-17T02:05:18Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + '401': + description: Permission Denied + '500': + description: Server Error + operationId: GetMtMonitor5gMappingActiveues + /mt/monitor/5g/mapping/configuredUEs: + get: + tags: + - Configured UE Mappings + summary: Get Configured UE Mappings + description: Returns the number of UEs configured by the users. + responses: + '200': + description: Success + content: + application/json: + example: + data: + configured_ue_count: 94 + header: + createdAt: '2025-12-17T02:07:37Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + '401': + description: Permission Denied + '500': + description: Server Error + operationId: GetMtMonitor5gMappingConfiguredues + /mt/monitor/5g/mapping/unknownUEs: + get: + tags: + - Unknown UE Mappings + summary: Detect Unknown Mappings + description: Identify User Equipment (UE) mappings that were registered through + automated methods, such as RADIUS or Application Programming Interface, but + were never explicitly configured by a user. This check highlights "shadow" + devices or guest equipment that has entered the network. Review these mappings + to ensure that automated registration flows are not introducing unauthorized + devices. + responses: + '200': + description: Success + content: + application/json: + example: + data: + unknown_mappings: 1 + header: + createdAt: '2025-12-17T02:07:45Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + '401': + description: Permission Denied + '500': + description: Server Error + operationId: GetMtMonitor5gMappingUnknownues + /mt/monitor/5g/mapping/region: + get: + tags: + - Region + summary: Get 5G Mapping Region + description: Returns the list of regions where mappings exist. + responses: + '200': + description: Success + content: + application/json: + example: + data: + - us-west2 + - us-central1 + header: + createdAt: '2025-12-17T02:10:45Z' + clientRequestId: null + dataCount: 2 + status: + subCode: 200 + '401': + description: Permission Denied + '500': + description: Server Error + operationId: GetMtMonitor5gMappingRegion + /mt/monitor/5g/mapping: + post: + tags: + - UE Mappings + summary: Query Mapping Details + description: Search for specific UE mapping details using IMSI, IMEI, or IP + Address Address identifiers across your 5G tenant base. This endpoint supports + advanced filtering and pagination to handle large datasets. Use this detailed + search capability when troubleshooting connectivity for a specific device + or performing a security audit on a particular subscriber. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/MappingRequest' + examples: + Paginated List: + value: + pageSize: 100 + pageNum: 0 + Paginated List With Tenant Filter: + value: + pageSize: 100 + pageNum: 0 + tenant: + - '1459340040' + - '1635727460' + Paginated List With Region Filter: + value: + pageSize: 100 + pageNum: 0 + region: us-west2 + Paginated List With Region and Tenant Filter: + value: + pageSize: 100 + pageNum: 0 + region: us-west2 + tenant: + - '1459340040' + - '1635727460' + Search with Pagination: + value: + searchKey: '500012222222222' + pageSize: 100 + pageNum: 0 + Search with Pagination and Filtering: + value: + searchKey: '310260418380113' + pageSize: 100 + pageNum: 0 + region: us-west2 + tenant: + - '1459340040' + - '1635727460' + responses: + '200': + description: Success + content: + application/json: + examples: + Single Mapping: + value: + data: + mappings: + - apn: demo.com + createTime: 1737113951692 + groups: new_grp + imei: '000000000000000' + imsi: '500012222222222' + tenantProvisioned: Inactive + tsgId: '1131085573' + totalCount: 1 + header: + createdAt: '2025-12-17T02:07:58Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + Multiple Mappings: + value: + data: + mappings: + - apn: pan.pcweb.comm + createTime: 1759426780582 + imei: '000000000000000' + imsi: '310260418380113' + tenantProvisioned: Inactive + tsgId: '1558164857' + - apn: pan.fast.comm + createTime: 1759426957812 + imei: '359414782481750' + imsi: '310260418380113' + tenantProvisioned: Inactive + tsgId: '1558164857' + totalCount: 2 + header: + createdAt: '2025-12-17T02:08:33Z' + clientRequestId: null + dataCount: 2 + status: + subCode: 200 + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + operationId: PostMtMonitor5gMapping + /mt/monitor/5g/proxy: + get: + tags: + - Total Proxies + summary: Retrieve Proxy Counts + description: Get a count of all proxy servers that have been configured by the + client to handle 5G control plane traffic. This visibility ensures that the + required infrastructure nodes are accounted for in the management plane. Execute + this query during infrastructure audits to verify that all intended proxy + servers are visible to the 5G management service. + responses: + '200': + description: Success + content: + application/json: + example: + data: + count: 5 + header: + createdAt: '2025-12-17T02:05:51Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + '401': + description: Permission Denied + '500': + description: Server Error + operationId: GetMtMonitor5gProxy + /mt/monitor/5g/incidents/count: + post: + tags: + - Incidents by Severity + summary: Get Incidents By Severity + description: Returns the count of incidents based on severity levels. + parameters: + - name: agg_by + in: query + schema: + type: string + enum: + - tenant + description: Aggregation parameter + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IncidentsCountRequest' + example: + properties: + - property: total_count + - property: critical_count + - property: warning_count + filter: + rules: + - property: raised_time + operator: last_n_days + values: + - 7 + - property: status + operator: equals + values: + - Raised + - property: severity + operator: in + values: + - Critical + - Warning + - property: domain + operator: in + values: + - External + - external + responses: + '200': + description: Success + content: + application/json: + example: + data: + - total_count: 680 + critical_count: 340 + warning_count: 0 + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + operationId: PostMtMonitor5gIncidentsCount + /mt/monitor/5g/api/stats: + post: + tags: + - API Stats + summary: Get Application Programming Interface Stats + description: Returns the total Application Programming Interface calls made + and count of success and failure calls. Applicable for interface type Application + Programming Interface. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CountFilterRequest' + example: + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 7 + responses: + '200': + description: Success + content: + application/json: + example: + data: + total_count: 0 + success_count: 0 + failure_count: 0 + header: + createdAt: '2025-12-17T02:06:39Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + operationId: PostMtMonitor5gApiStats + /mt/monitor/5g/interconnect/details: + get: + tags: + - 5G Network Interconnects and Bandwidth + summary: Get Interconnect Details + description: Returns total bandwidth, region list and 5G Network Connections. + responses: + '200': + description: Success + content: + application/json: + example: + data: + - bandwidth: 200 + regions: + - us-east1 + - us-west2 + - us-central1 + vlanStatus: + down: 0 + total: 8 + up: 8 + header: + createdAt: '2025-12-17T02:07:25Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + '401': + description: Permission Denied + '500': + description: Server Error + operationId: GetMtMonitor5gInterconnectDetails + /mt/monitor/5g/interconnect/throughput: + post: + tags: + - Throughput Trend + summary: Get Throughput Trend + description: Returns the throughput trend data for egress and ingress traffic. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ThroughputRequest' + example: + properties: + - property: egress_throughput + - property: ingress_throughput + - property: event_time + - property: region + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 7 + - property: region + operator: equals + values: + - us-central1 + histogram: + property: event_time + range: day + enableEmptyInterval: false + value: '1' + responses: + '200': + description: Success + content: + application/json: + example: + data: + - egress_throughput: 0.002508770165798529 + ingress_throughput: 0.003023766583801299 + event_time: 1765324800000 + region: us-central1 + - egress_throughput: 0.0027237501165300205 + ingress_throughput: 0.0034827909235609217 + event_time: 1765411200000 + region: us-central1 + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + operationId: PostMtMonitor5gInterconnectThroughput + /mt/monitor/5g/users: + get: + tags: + - Total Number of Configured Users + summary: Get Total Configured Users + description: Returns the total count of configured users. + responses: + '200': + description: Success + content: + application/json: + example: + data: + total_users: 5000 + header: + createdAt: '2025-12-17T02:08:46Z' + clientRequestId: null + dataCount: 1 + status: + subCode: 200 + '401': + description: Permission Denied + '500': + description: Server Error + operationId: GetMtMonitor5gUsers +servers: +- url: https://stratacloudmanager.paloaltonetworks.com +security: +- BearerAuth: [] +components: + schemas: + TrendRequest: + type: object + properties: + properties: + type: array + items: + type: object + properties: + property: + type: string + function: + type: string + alias: + type: string + filter: + type: object + properties: + operator: + type: string + rules: + type: array + items: + type: object + properties: + property: + type: string + operator: + type: string + values: + type: array + items: {} + histogram: + type: object + properties: + property: + type: string + range: + type: string + enableEmptyInterval: + type: boolean + value: + type: string + CountFilterRequest: + type: object + properties: + filter: + type: object + properties: + operator: + type: string + rules: + type: array + items: + type: object + properties: + property: + type: string + operator: + type: string + values: + type: array + items: {} + MappingRequest: + type: object + properties: + pageSize: + type: integer + format: int32 + pageNum: + type: integer + format: int32 + searchKey: + type: string + region: + type: string + tenant: + type: array + items: + type: string + IncidentsCountRequest: + type: object + properties: + properties: + type: array + items: + type: object + properties: + property: + type: string + filter: + type: object + properties: + rules: + type: array + items: + type: object + properties: + property: + type: string + operator: + type: string + values: + type: array + items: {} + ThroughputRequest: + type: object + properties: + properties: + type: array + items: + type: object + properties: + property: + type: string + filter: + type: object + properties: + operator: + type: string + rules: + type: array + items: + type: object + properties: + property: + type: string + operator: + type: string + values: + type: array + items: {} + histogram: + type: object + properties: + property: + type: string + range: + type: string + enableEmptyInterval: + type: boolean + value: + type: string +ExternalTags: {} diff --git a/openapi-specs/sase/mt-interconnect/.paloaltonetworks-multitenant_interconnect.yaml.swp b/openapi-specs/sase/mt-interconnect/.paloaltonetworks-multitenant_interconnect.yaml.swp deleted file mode 100644 index e69c7433d..000000000 Binary files a/openapi-specs/sase/mt-interconnect/.paloaltonetworks-multitenant_interconnect.yaml.swp and /dev/null differ diff --git a/openapi-specs/sase/mt-interconnect/Manage/SP-Interconnect-Manage.yaml b/openapi-specs/sase/mt-interconnect/Manage/SP-Interconnect-Manage.yaml new file mode 100644 index 000000000..8af6bc7fc --- /dev/null +++ b/openapi-specs/sase/mt-interconnect/Manage/SP-Interconnect-Manage.yaml @@ -0,0 +1,1463 @@ +openapi: 3.1.0 +info: + title: SP Interconnect Manage APIs + version: '1.0' + description: "These APIs provide the administrative tools necessary to configure\ + \ and manage the lifecycle of Service Provider (SP) Interconnects \nand virtual\ + \ VlanAttachments within the management plane. They enable administrators to establish\ + \ private, secure bridges between Service Providers \nand Prisma Access to bypass\ + \ public cloud backbones. Use these tools during initial deployment or regional\ + \ expansion to provision high-capacity physical and virtual links. \nBy submitting\ + \ specific regional and partner parameters, you can automate the creation of shared\ +<<<<<<< HEAD + \ or dedicated per-tenant infrastructure. This Open API spec file was created\ + \ on February 04, 2026. \xA9 2026 Palo Alto Networks, Inc. Palo Alto Networks\ + \ is a registered trademark of Palo Alto Networks. A list of our trademarks can\ + \ be found at [https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html).\ + \ All other marks mentioned herein may be trademarks of their respective companies." +======= + \ or dedicated per-tenant infrastructure. This spec was created on February 09,\ + \ 2026. \xA9 2026 Palo Alto Networks, Inc." +paths: + /mt/sp-interconnect/interconnects: + get: + tags: + - Interconnect + summary: Retrieve All Interconnects + description: Access a complete inventory of Service Provider Interconnects configured + within the multi-tenant environment. This inventory resides in the management + plane and allows administrators to audit existing connectivity across AWS + and GCP providers. Use this during system audits or when mapping regional + resource availability to verify that backbones align with tenant requirements. + Query parameters facilitate targeted searches by including default interconnects + or expanding associated tenant data. + parameters: + - name: includeDefaultInterconnect + in: query + schema: + type: boolean + - name: includeTenantsAssociated + in: query + schema: + type: boolean + responses: + '200': + description: Success + '500': + description: Server Error + operationId: GetMtSp-interconnectInterconnects + post: + tags: + - Interconnect + summary: Create New Interconnect + description: Provision a top-level Interconnect resource to serve as the logical + container for all subsequent virtual connectivity. This resource creates a + private bridge between a Service Provider and Prisma Access to bypass public + internet routes. Initialize this when onboarding a new region or establishing + isolated per-tenant infrastructure for high-compliance environments. Provide + the cloud provider, region, and usage model (SHARED or PER_TENANT) along with + partner contact details to begin the automated setup process. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/InterconnectRequest' + required: true + responses: + '200': + description: Success + '400': + description: Bad Request + '409': + description: Conflict + '500': + description: Server Error + operationId: PostMtSp-interconnectInterconnects + /mt/sp-interconnect/interconnects/physical-connections: + get: + tags: + - Physical Connection + summary: List Physical Connections + description: Retrieve technical data regarding the underlying hardware links + that support your Interconnects. This visibility allows network engineers + to monitor link speeds (10G/100G) and MACsec encryption status at specific + colocation sites. Access this information when troubleshooting layer-1 connectivity + or performing routine infrastructure health checks. The system returns a list + of physical resources, indicating their current operational status and colocation + zone. + responses: + '200': + description: Success + '400': + description: Bad Request + '500': + description: Server Error + operationId: GetMtSp-interconnectInterconnectsPhysical-connections + post: + tags: + - Physical Connection + summary: Provision Physical Connection + description: Initiate a physical link request within an Interconnect at a specific + colocation facility. This establishes the core hardware foundation required + before virtual circuits can be provisioned. Use this when expanding regional + bandwidth capacity or establishing a new physical Point of Presence (PoP). + To proceed, define the desired link speed, the link count, and the specific + colocation facility IDs intended for deployment. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PhysicalConnectionEntry' + required: true + responses: + '201': + description: Success + '404': + description: Not Found + '400': + description: Bad Request + '500': + description: Server Error + operationId: PostMtSp-interconnectInterconnectsPhysical-connections + /mt/sp-interconnect/interconnects/physical-connections/{physicalConnectionId}: + delete: + tags: + - Physical Connection + summary: Delete Physical Connection + description: Decommission a specific physical link from the environment using + its unique identifier. Terminating these links helps release hardware resources + and end service agreements when specific hardware paths are no longer required. + Execute this during hardware refreshes or regional exit strategies. The system + immediately marks the connection for deletion and initiates the teardown in + the management database and provider portals. + parameters: + - name: physicalConnectionId + in: path + required: true + schema: + type: string + responses: + '200': + description: Success + '404': + description: Not Found + '400': + description: Bad Request + '500': + description: Server Error + operationId: DeleteMtSp-interconnectInterconnectsPhysical-connectionsBy_physicalconnectionid + get: + tags: + - Physical Connection + summary: Get Physical Connection + description: View the detailed technical specification of a single physical + link. This displays configuration parameters such as colocation addresses, + HA status, and link types. Use this when preparing for on-site maintenance + at a data center or verifying link readiness before provisioning virtual circuits. + By submitting the physicalConnectionId, you obtain the full state and list + of permitted management actions for that specific resource. + parameters: + - name: physicalConnectionId + in: path + required: true + schema: + type: string + - name: includeDetails + in: query + schema: + type: boolean + responses: + '200': + description: Success + '404': + description: Not Found + operationId: GetMtSp-interconnectInterconnectsPhysical-connectionsBy_physicalconnectionid + /mt/sp-interconnect/interconnects/summary: + get: + tags: + - Interconnect + summary: Summarize All Interconnects + description: View a high-level statistical snapshot of the current Interconnect + ecosystem. This summary provides active/inactive counts, total IP Address + pool usage, and bandwidth distribution across cloud providers. Utilize this + for executive summaries or operational dashboards to monitor global health + at a glance. Filtering by usage type allows you to isolate metrics for SHARED + versus PER_TENANT deployment models. + parameters: + - name: usage + in: query + schema: + $ref: '#/components/schemas/InterconnectUsage' + responses: + '200': + description: Success + '400': + description: Bad Request + '500': + description: Server Error + operationId: GetMtSp-interconnectInterconnectsSummary + /mt/sp-interconnect/interconnects/{interconnectId}: + get: + tags: + - Interconnect + summary: Retrieve Specific Interconnect + description: Fetch the full configuration data and current operational state + of a single Interconnect container. This reveals regional placement, current + status, and the collection of virtual circuits (VlanAttachments) grouped within + the Interconnect. Use this when diagnosing regional connectivity issues or + retrieving internal IDs for sub-resource management. The response details + cloud-specific parameters and optional data regarding tenants currently utilizing + the resource. + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + - name: includeTenantsAssociated + in: query + schema: + type: boolean + responses: + '200': + description: Success + '404': + description: Not Found + '400': + description: Bad Request + '500': + description: Server Error + operationId: GetMtSp-interconnectInterconnectsBy_interconnectid + delete: + tags: + - Interconnect + summary: Remove Specific Interconnect + description: Permanently remove an Interconnect and its associated configuration + from the environment. This retirees the bridge once all virtual attachments + have been deleted and egress traffic has been rerouted. Execute this only + when a regional Interconnect is no longer required for egress traffic. Success + removes the resource from the database and ends its logical association with + the Prisma Access backend. + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + responses: + '200': + description: Success + '400': + description: Bad Request + '404': + description: Not Found + '500': + description: Server Error + operationId: DeleteMtSp-interconnectInterconnectsBy_interconnectid + /mt/sp-interconnect/interconnects/{interconnectId}/ip-pool: + put: + tags: + - IP Pool + summary: Update Existing Pool + description: Modify the assigned IP Address blocks or the provider type for + an existing Interconnect pool. This update occurs within the specific Interconnect + context and allows for scaling the number of CIDR blocks as traffic grows. + Use this when expanding Bring Your Own IP Address (BYOIP) capacity or updating + edge location mappings. You must submit the full updated list of IP Address + blocks, specifying their primary or secondary status and the designated edge + location. + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IPPoolRequest' + required: true + responses: + '200': + description: Success + '500': + description: Internal Error + '400': + description: Bad Request + operationId: PutMtSp-interconnectInterconnectsBy_interconnectidIp-pool + get: + tags: + - IP Pool + summary: Get IP Address Address Pool + description: View the current IP Address address configuration assigned to an + Interconnect, including CIDR ranges and provider status. This provides visibility + into the addressing scheme used at the edge for egress routing. Access this + to verify that the correct SP-provided or public IP Address ranges are in + effect. The data returned includes the IP Address pool ID, its provisioning + state, and a list of all active CIDR blocks. + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + responses: + '200': + description: Success + '400': + description: Bad Request + operationId: GetMtSp-interconnectInterconnectsBy_interconnectidIp-pool + delete: + tags: + - IP Pool + summary: Delete IP Address Pool + description: Remove all IP Address block associations and provider settings + from the specified Interconnect. Terminating the pool stops the use of specific + CIDRs for routing and returns the container to an unassigned state. Use this + when retiring BYOIP ranges or preparing to swap service provider IP Address + schemes. Note that deleting an active pool will immediately impact egress + traffic relying on those addresses. + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + responses: + '200': + description: Success + operationId: DeleteMtSp-interconnectInterconnectsBy_interconnectidIp-pool + post: + tags: + - IP Pool + summary: Create New Pool + description: Provision and attach a new IP Address address pool to an existing + Interconnect. This defines the addressing model (SP-provided or PANW-provided) + that Prisma Access traffic will use at the edge. Use this when finalizing + the egress setup for a new regional Interconnect container. When using SP-provided + pools, you must include at least one valid public CIDR block mapped to a supported + edge location. + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IPPoolRequest' + required: true + responses: + '201': + description: Success + '400': + description: Bad Request + '500': + description: Internal Error + operationId: PostMtSp-interconnectInterconnectsBy_interconnectidIp-pool + /mt/sp-interconnect/interconnects/{interconnectId}/vlan-attachments: + get: + tags: + - Vlan Attachment + summary: List Vlan Attachments + description: Retrieve all virtual circuits configured within a specific Interconnect. + This allows administrators to verify the regional distribution of attachments + and their current BGP states. Use this when auditing high-availability (HA) + domains or verifying pairing key availability. The response lists BGP parameters, + edge availability domains, and current provisioning states for each circuit. + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + responses: + '200': + description: Success + '400': + description: Bad Request + '500': + description: Server Error + operationId: GetMtSp-interconnectInterconnectsBy_interconnectidVlan-attachments + post: + tags: + - Vlan Attachment + summary: Provision Vlan Attachment + description: Create a new virtual circuit, known as a VlanAttachment, within + an Interconnect to enable data transfer. This establishes the actual logical + path for Prisma Access traffic routing through the Service Provider. Deploy + this when initializing new egress paths or adding redundant links for regional + reliability. Required parameters include a unique name, BGP Peer ASN, and + BFD initialization mode to ensure robust connectivity. + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/VlanAttachmentRequest' + required: true + responses: + '201': + description: Success + '404': + description: Not Found + '400': + description: Bad Request + '500': + description: Server Error + operationId: PostMtSp-interconnectInterconnectsBy_interconnectidVlan-attachments + /mt/sp-interconnect/interconnects/{interconnectId}/vlan-attachments/{vlanAttachmentId}: + get: + tags: + - Vlan Attachment + summary: Get Vlan Attachment + description: View the full technical specification of a single virtual circuit + by its unique identifier. This displays parameters such as MD5 authentication, + BGP session timers, and stack type (IPv4/Dual-Stack). Use this to verify pairing + key generation or to inspect the specific edge availability domain assigned + for redundancy. The returned data provides the exact state needed for alignment + with service provider configurations. + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + - name: vlanAttachmentId + in: path + required: true + schema: + type: string + responses: + '200': + description: Success + '400': + description: Bad Request + '500': + description: Server Error + operationId: GetMtSp-interconnectInterconnectsBy_interconnectidVlan-attachmentsBy_vlanattachmentid + delete: + tags: + - Vlan Attachment + summary: Delete Vlan Attachment + description: Permanently remove a specific virtual circuit and its logical configuration + from the Interconnect. Terminating these circuits is necessary when network + paths are being replaced or retired. Execute this during scheduled maintenance + windows or regional re-architecting. Ensure the paired service provider resource + is also manually decommissioned to prevent unintended billing. + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + - name: vlanAttachmentId + in: path + required: true + schema: + type: string + responses: + '200': + description: Success + '404': + description: Not Found + '400': + description: Bad Request + '500': + description: Server Error + operationId: DeleteMtSp-interconnectInterconnectsBy_interconnectidVlan-attachmentsBy_vlanattachmentid + /mt/sp-interconnect/interconnects/{interconnectId}/vlan-attachments/{vlanAttachmentId}/accept: + post: + tags: + - Vlan Attachment + summary: Accept AWS Attachment + description: Transition a pending AWS Direct Connect attachment into the accepted + state within the management plane. This serves as the final confirmation required + by AWS to activate the virtual circuit. Trigger this action when the circuit + state reaches PENDING_SP_ACCEPTANCE in the AWS console. Note that this action + is exclusive to AWS deployments and cannot be used for GCP or other providers. + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + - name: vlanAttachmentId + in: path + required: true + schema: + type: string + responses: + '200': + description: Success + '400': + description: Bad Request + '404': + description: Not Found + '500': + description: Server Error + operationId: PostMtSp-interconnectInterconnectsBy_interconnectidVlan-attachmentsBy_vlanattachmentidAccept + /mt/sp-interconnect/interconnects/{interconnectId}/vlan-attachments/{vlanAttachmentId}/logs: + get: + tags: + - Vlan Attachment + summary: Fetch Router Logs + description: Retrieve real-time CloudRouter logs for virtual attachments deployed + on the GCP network. These logs provide critical data on BGP session stability, + peer adjacency events, and routing updates. Use this during initial deployment + or when troubleshooting regional connectivity drops. You must provide a valid + lookback duration (e.g., 1h, 1d); this feature is not supported for AWS-based + attachments. + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + - name: vlanAttachmentId + in: path + required: true + schema: + type: string + - name: duration + in: query + description: 'Duration for logs. Allowed values: 15m, 1h, 1d, 3d' + schema: + type: string + default: 1d + enum: + - 15m + - 1h + - 1d + - 3d + responses: + '200': + description: Success + '400': + description: Bad Request + '500': + description: Server Error + operationId: GetMtSp-interconnectInterconnectsBy_interconnectidVlan-attachmentsBy_vlanattachmentidLogs + /mt/sp-interconnect/regions: + get: + tags: + - Interconnect + summary: List of Regions and Edge Locations + description: Fetch the master list of all geographical regions and edge locations + supported by the SP Interconnect service. This assists in network planning + by identifying optimal locations for Interconnect placement. Consult this + data to determine the closest edge location to your physical infrastructure + for low-latency traffic egress. The response is dynamically filtered based + on the cloudProvider to ensure regional compatibility. + parameters: + - name: cloudProvider + in: query + schema: + $ref: '#/components/schemas/CloudProvider' + responses: + '200': + description: Success + operationId: GetMtSp-interconnectRegions + /mt/sp-interconnect/regions/physical-connections: + get: + tags: + - Interconnect + summary: List of Physical Connection Regions in GCP + description: Retrieve the specific regions and colocation facilities available + for physical interconnect deployments on the GCP network. This informs network + engineers of the precise locations where high-speed physical links can be + provisioned. Use this when developing a dedicated physical connectivity strategy + for large-scale multi-tenant environments. The data provides a hierarchy of + continents, cities, and specific facility names. + responses: + '200': + description: Success + operationId: GetMtSp-interconnectRegionsPhysical-connections + /mt/sp-interconnect/settings: + post: + tags: + - Interconnect + summary: Configure Egress Settings + description: Apply traffic routing preferences and egress behavior for a specific + Tenant Service Group (TSG). This determines whether egress traffic utilizes + the private Service Provider (SP) path or the standard Prisma Access (PA) + path. Set this during tenant onboarding or when modifying existing regional + traffic policies. If SP egress is selected, you must specify the CIDR ranges + that should participate in the private routing. + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SettingsEntry' + required: true + responses: + '200': + description: Success + '400': + description: Bad Request + '409': + description: Conflict + operationId: PostMtSp-interconnectSettings + get: + tags: + - Interconnect + summary: Get Egress Settings + description: View the current egress and routing configuration for the authenticated + tenant context. This verifies whether the tenant is currently utilizing the + SP Interconnect or the default public path for their egress traffic. Access + this to validate that your network architecture policies have been correctly + applied at the management plane. The response provides the egress type and + all participating CIDR blocks. + responses: + '200': + description: Success + '400': + description: Bad Request + '404': + description: Not Found + operationId: GetMtSp-interconnectSettings +>>>>>>> c340db311fb328d16bfdf0243d249403105a1721 +servers: +- url: https://api.sase.paloaltonetworks.com +security: +- authKey: [] +components: + schemas: + CloudProvider: + type: string + enum: + - GCP + - AWS + ConnectionType: + type: string + enum: + - DEDICATED + - PARTNER + DedicatedVlanAttachmentDetailsEntry: + type: object + properties: + edgeAvailability: + type: string + bandwidth: + $ref: '#/components/schemas/Bandwidth' + required: + - edgeAvailability + InterconnectRequest: + type: object + required: + - name + - region + - partnerName + - partnerEmail + - usage + - cloudProvider + - type + properties: + name: + type: string + pattern: ^([-0-9a-z]){1,13}$ + region: + type: string + pattern: \\S+ + partnerName: + type: string + pattern: ^([a-zA-Z0-9\s\-]){1,30}$ + partnerEmail: + type: string + pattern: \\S + usage: + $ref: '#/components/schemas/InterconnectUsage' + tsgId: + type: string + pattern: ^[0-9-]+$ + cloudProvider: + $ref: '#/components/schemas/CloudProvider' + type: + $ref: '#/components/schemas/ConnectionType' + ipPool: + $ref: '#/components/schemas/IPPoolRequest' + physicalConnection: + $ref: '#/components/schemas/PhysicalConnectionEntry' + vlanAttachment: + $ref: '#/components/schemas/VlanAttachmentRequest' + InterconnectUsage: + type: string + enum: + - SHARED + - PER_TENANT + IPPoolRequest: + type: object + required: + - ipProvider + properties: + ipBlocks: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/IPBlockEntry' + ipProvider: + $ref: '#/components/schemas/IPProvider' + IPBlockEntry: + type: object + required: + - cidr + properties: + edgeLocation: + type: string + cidr: + type: array + minItems: 1 + uniqueItems: true + items: + type: string + type: + $ref: '#/components/schemas/IPBlockType' + IPBlockType: + type: string + enum: + - PRIMARY + - SECONDARY + IPProvider: + type: string + enum: + - SP + - PANW + PhysicalConnectionEntry: + type: object + required: + - physicalConnectionName + - linkType + - coloFacilities + - partnerName + - partnerEmail + properties: + physicalConnectionName: + type: string + pattern: \\S + linkType: + $ref: '#/components/schemas/PhysicalInterconnectLinkType' + requestedLinkCount: + type: integer + format: int32 + coloFacilities: + type: array + minItems: 1 + items: + type: string + macSecEnabled: + type: boolean + partnerName: + type: string + pattern: \\S + partnerEmail: + type: string + pattern: \\S + PhysicalInterconnectLinkType: + type: string + enum: + - LINK_TYPE_ETHERNET_10G_LR + - LINK_TYPE_ETHERNET_100G_LR + VlanAttachmentRequest: + type: object + required: + - name + - bgpPeerAsn + - bgpPeerBfdSessionInitMode + properties: + name: + type: string + pattern: ^([-0-9a-z]){1,13}$ + stackType: + $ref: '#/components/schemas/StackType' + bandwidth: + $ref: '#/components/schemas/Bandwidth' + bgpPeerAsn: + type: integer + format: int64 + minimum: 1 + bgpPeerBfdSessionInitMode: + $ref: '#/components/schemas/SessionInitializationMode' + bgpPeerBfdMinTransmitInterval: + type: integer + format: int64 + maximum: 30000 + minimum: 1000 + bgpPeerBfdMinReceiveInterval: + type: integer + format: int64 + maximum: 30000 + minimum: 1000 + bgpPeerBfdMultiplier: + type: integer + format: int64 + maximum: 16 + minimum: 5 + dedicatedConnectionDetails: + type: array + items: + $ref: '#/components/schemas/DedicatedVlanAttachmentDetailsEntry' + bgpPeerMd5AuthEnabled: + type: boolean + StackType: + type: string + enum: + - IPV4_ONLY + - IPV4_IPV6 + Bandwidth: + type: string + enum: + - BPS_50M + - BPS_100M + - BPS_200M + - BPS_300M + - BPS_400M + - BPS_500M + - BPS_1G + - BPS_2G + - BPS_5G + - BPS_10G + SessionInitializationMode: + type: string + enum: + - ACTIVE + - PASSIVE + - DISABLED + SettingsEntry: + type: object + required: + - egressType + properties: + egressType: + type: string + pattern: SP|PA + cidr: + type: array + uniqueItems: true + items: + type: string + pattern: ^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})(\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})){3})/(3[0-2]|[1-2][0-9]|[0-9])$ + securitySchemes: + authKey: + type: http + scheme: Bearer +ExternalTags: {} +paths: + /mt/sp-interconnect/interconnects: + get: + summary: Retrieve All Interconnects + description: Access a complete inventory of Service Provider Interconnects configured + within the multi-tenant environment. This inventory resides in the management + plane and allows administrators to audit existing connectivity across AWS + and GCP providers. Use this during system audits or when mapping regional + resource availability to verify that backbones align with tenant requirements. + Query parameters facilitate targeted searches by including default interconnects + or expanding associated tenant data. + operationId: GetMtSp-interconnectInterconnects + responses: + '200': + description: Success + '500': + description: Server Error + parameters: + - name: includeDefaultInterconnect + in: query + schema: + type: boolean + - name: includeTenantsAssociated + in: query + schema: + type: boolean + tags: + - Interconnect + post: + summary: Create New Interconnect + description: Provision a top-level Interconnect resource to serve as the logical + container for all subsequent virtual connectivity. This resource creates a + private bridge between a Service Provider and Prisma Access to bypass public + internet routes. Initialize this when onboarding a new region or establishing + isolated per-tenant infrastructure for high-compliance environments. Provide + the cloud provider, region, and usage model (SHARED or PER_TENANT) along with + partner contact details to begin the automated setup process. + operationId: PostMtSp-interconnectInterconnects + responses: + '200': + description: Success + '400': + description: Bad Request + '409': + description: Conflict + '500': + description: Server Error + parameters: [] + tags: + - Interconnect + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/InterconnectRequest' + required: true + /mt/sp-interconnect/interconnects/physical-connections: + get: + summary: List Physical Connections + description: Retrieve technical data regarding the underlying hardware links + that support your Interconnects. This visibility allows network engineers + to monitor link speeds (10G/100G) and MACsec encryption status at specific + colocation sites. Access this information when troubleshooting layer-1 connectivity + or performing routine infrastructure health checks. The system returns a list + of physical resources, indicating their current operational status and colocation + zone. + operationId: GetMtSp-interconnectInterconnectsPhysical-connections + responses: + '200': + description: Success + '400': + description: Bad Request + '500': + description: Server Error + parameters: [] + tags: + - Physical Connection + post: + summary: Provision Physical Connection + description: Initiate a physical link request within an Interconnect at a specific + colocation facility. This establishes the core hardware foundation required + before virtual circuits can be provisioned. Use this when expanding regional + bandwidth capacity or establishing a new physical Point of Presence (PoP). + To proceed, define the desired link speed, the link count, and the specific + colocation facility IDs intended for deployment. + operationId: PostMtSp-interconnectInterconnectsPhysical-connections + responses: + '201': + description: Success + '404': + description: Not Found + '400': + description: Bad Request + '500': + description: Server Error + parameters: [] + tags: + - Physical Connection + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PhysicalConnectionEntry' + required: true + /mt/sp-interconnect/interconnects/physical-connections/{physicalConnectionId}: + delete: + summary: Delete Physical Connection + description: Decommission a specific physical link from the environment using + its unique identifier. Terminating these links helps release hardware resources + and end service agreements when specific hardware paths are no longer required. + Execute this during hardware refreshes or regional exit strategies. The system + immediately marks the connection for deletion and initiates the teardown in + the management database and provider portals. + operationId: DeleteMtSp-interconnectInterconnectsPhysical-connectionsbyphysicalconnectionid + responses: + '200': + description: Success + '404': + description: Not Found + '400': + description: Bad Request + '500': + description: Server Error + parameters: + - name: physicalConnectionId + in: path + required: true + schema: + type: string + tags: + - Physical Connection + get: + summary: Get Physical Connection + description: View the detailed technical specification of a single physical + link. This displays configuration parameters such as colocation addresses, + HA status, and link types. Use this when preparing for on-site maintenance + at a data center or verifying link readiness before provisioning virtual circuits. + By submitting the physicalConnectionId, you obtain the full state and list + of permitted management actions for that specific resource. + operationId: GetMtSp-interconnectInterconnectsPhysical-connectionsbyphysicalconnectionid + responses: + '200': + description: Success + '404': + description: Not Found + parameters: + - name: physicalConnectionId + in: path + required: true + schema: + type: string + - name: includeDetails + in: query + schema: + type: boolean + tags: + - Physical Connection + /mt/sp-interconnect/interconnects/summary: + get: + summary: Summarize All Interconnects + description: View a high-level statistical snapshot of the current Interconnect + ecosystem. This summary provides active/inactive counts, total IP Address + pool usage, and bandwidth distribution across cloud providers. Utilize this + for executive summaries or operational dashboards to monitor global health + at a glance. Filtering by usage type allows you to isolate metrics for SHARED + versus PER_TENANT deployment models. + operationId: GetMtSp-interconnectInterconnectsSummary + responses: + '200': + description: Success + '400': + description: Bad Request + '500': + description: Server Error + parameters: + - name: usage + in: query + schema: + $ref: '#/components/schemas/InterconnectUsage' + tags: + - Interconnect + /mt/sp-interconnect/interconnects/{interconnectId}: + get: + summary: Retrieve Specific Interconnect + description: Fetch the full configuration data and current operational state + of a single Interconnect container. This reveals regional placement, current + status, and the collection of virtual circuits (VlanAttachments) grouped within + the Interconnect. Use this when diagnosing regional connectivity issues or + retrieving internal IDs for sub-resource management. The response details + cloud-specific parameters and optional data regarding tenants currently utilizing + the resource. + operationId: GetMtSp-interconnectInterconnectsbyinterconnectid + responses: + '200': + description: Success + '404': + description: Not Found + '400': + description: Bad Request + '500': + description: Server Error + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + - name: includeTenantsAssociated + in: query + schema: + type: boolean + tags: + - Interconnect + delete: + summary: Remove Specific Interconnect + description: Permanently remove an Interconnect and its associated configuration + from the environment. This retirees the bridge once all virtual attachments + have been deleted and egress traffic has been rerouted. Execute this only + when a regional Interconnect is no longer required for egress traffic. Success + removes the resource from the database and ends its logical association with + the Prisma Access backend. + operationId: DeleteMtSp-interconnectInterconnectsbyinterconnectid + responses: + '200': + description: Success + '400': + description: Bad Request + '404': + description: Not Found + '500': + description: Server Error + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + tags: + - Interconnect + /mt/sp-interconnect/interconnects/{interconnectId}/ip-pool: + put: + summary: Update Existing Pool + description: Modify the assigned IP Address blocks or the provider type for + an existing Interconnect pool. This update occurs within the specific Interconnect + context and allows for scaling the number of CIDR blocks as traffic grows. + Use this when expanding Bring Your Own IP Address (BYOIP) capacity or updating + edge location mappings. You must submit the full updated list of IP Address + blocks, specifying their primary or secondary status and the designated edge + location. + operationId: PutMtSp-interconnectInterconnectsBy_interconnectidIp-pool + responses: + '200': + description: Success + '500': + description: Internal Error + '400': + description: Bad Request + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + tags: + - IP Pool + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IPPoolRequest' + required: true + get: + summary: Get IP Address Address Pool + description: View the current IP Address address configuration assigned to an + Interconnect, including CIDR ranges and provider status. This provides visibility + into the addressing scheme used at the edge for egress routing. Access this + to verify that the correct SP-provided or public IP Address ranges are in + effect. The data returned includes the IP Address pool ID, its provisioning + state, and a list of all active CIDR blocks. + operationId: GetMtSp-interconnectInterconnectsBy_interconnectidIp-pool + responses: + '200': + description: Success + '400': + description: Bad Request + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + tags: + - IP Pool + delete: + summary: Delete IP Address Pool + description: Remove all IP Address block associations and provider settings + from the specified Interconnect. Terminating the pool stops the use of specific + CIDRs for routing and returns the container to an unassigned state. Use this + when retiring BYOIP ranges or preparing to swap service provider IP Address + schemes. Note that deleting an active pool will immediately impact egress + traffic relying on those addresses. + operationId: DeleteMtSp-interconnectInterconnectsBy_interconnectidIp-pool + responses: + '200': + description: Success + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + tags: + - IP Pool + post: + summary: Create New Pool + description: Provision and attach a new IP Address address pool to an existing + Interconnect. This defines the addressing model (SP-provided or PANW-provided) + that Prisma Access traffic will use at the edge. Use this when finalizing + the egress setup for a new regional Interconnect container. When using SP-provided + pools, you must include at least one valid public CIDR block mapped to a supported + edge location. + operationId: PostMtSp-interconnectInterconnectsBy_interconnectidIp-pool + responses: + '201': + description: Success + '400': + description: Bad Request + '500': + description: Internal Error + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + tags: + - IP Pool + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IPPoolRequest' + required: true + /mt/sp-interconnect/interconnects/{interconnectId}/vlan-attachments: + get: + summary: List Vlan Attachments + description: Retrieve all virtual circuits configured within a specific Interconnect. + This allows administrators to verify the regional distribution of attachments + and their current BGP states. Use this when auditing high-availability (HA) + domains or verifying pairing key availability. The response lists BGP parameters, + edge availability domains, and current provisioning states for each circuit. + operationId: GetMtSp-interconnectInterconnectsBy_interconnectidVlan-attachments + responses: + '200': + description: Success + '400': + description: Bad Request + '500': + description: Server Error + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + tags: + - Vlan Attachment + post: + summary: Provision Vlan Attachment + description: Create a new virtual circuit, known as a VlanAttachment, within + an Interconnect to enable data transfer. This establishes the actual logical + path for Prisma Access traffic routing through the Service Provider. Deploy + this when initializing new egress paths or adding redundant links for regional + reliability. Required parameters include a unique name, BGP Peer ASN, and + BFD initialization mode to ensure robust connectivity. + operationId: PostMtSp-interconnectInterconnectsBy_interconnectidVlan-attachments + responses: + '201': + description: Success + '404': + description: Not Found + '400': + description: Bad Request + '500': + description: Server Error + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + tags: + - Vlan Attachment + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/VlanAttachmentRequest' + required: true + /mt/sp-interconnect/interconnects/{interconnectId}/vlan-attachments/{vlanAttachmentId}: + get: + summary: Get Vlan Attachment + description: View the full technical specification of a single virtual circuit + by its unique identifier. This displays parameters such as MD5 authentication, + BGP session timers, and stack type (IPv4/Dual-Stack). Use this to verify pairing + key generation or to inspect the specific edge availability domain assigned + for redundancy. The returned data provides the exact state needed for alignment + with service provider configurations. + operationId: GetMtSp-interconnectInterconnectsBy_interconnectidVlan-attachmentsbyvlanattachmentid + responses: + '200': + description: Success + '400': + description: Bad Request + '500': + description: Server Error + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + - name: vlanAttachmentId + in: path + required: true + schema: + type: string + tags: + - Vlan Attachment + delete: + summary: Delete Vlan Attachment + description: Permanently remove a specific virtual circuit and its logical configuration + from the Interconnect. Terminating these circuits is necessary when network + paths are being replaced or retired. Execute this during scheduled maintenance + windows or regional re-architecting. Ensure the paired service provider resource + is also manually decommissioned to prevent unintended billing. + operationId: DeleteMtSp-interconnectInterconnectsBy_interconnectidVlan-attachmentsbyvlanattachmentid + responses: + '200': + description: Success + '404': + description: Not Found + '400': + description: Bad Request + '500': + description: Server Error + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + - name: vlanAttachmentId + in: path + required: true + schema: + type: string + tags: + - Vlan Attachment + /mt/sp-interconnect/interconnects/{interconnectId}/vlan-attachments/{vlanAttachmentId}/accept: + post: + summary: Accept AWS Attachment + description: Transition a pending AWS Direct Connect attachment into the accepted + state within the management plane. This serves as the final confirmation required + by AWS to activate the virtual circuit. Trigger this action when the circuit + state reaches PENDING_SP_ACCEPTANCE in the AWS console. Note that this action + is exclusive to AWS deployments and cannot be used for GCP or other providers. + operationId: PostMtSp-interconnectInterconnectsBy_interconnectidVlan-attachmentsBy_vlanattachmentidAccept + responses: + '200': + description: Success + '400': + description: Bad Request + '404': + description: Not Found + '500': + description: Server Error + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + - name: vlanAttachmentId + in: path + required: true + schema: + type: string + tags: + - Vlan Attachment + /mt/sp-interconnect/interconnects/{interconnectId}/vlan-attachments/{vlanAttachmentId}/logs: + get: + summary: Fetch Router Logs + description: Retrieve real-time CloudRouter logs for virtual attachments deployed + on the GCP network. These logs provide critical data on BGP session stability, + peer adjacency events, and routing updates. Use this during initial deployment + or when troubleshooting regional connectivity drops. You must provide a valid + lookback duration (e.g., 1h, 1d); this feature is not supported for AWS-based + attachments. + operationId: GetMtSp-interconnectInterconnectsBy_interconnectidVlan-attachmentsBy_vlanattachmentidLogs + responses: + '200': + description: Success + '400': + description: Bad Request + '500': + description: Server Error + parameters: + - name: interconnectId + in: path + required: true + schema: + type: string + - name: vlanAttachmentId + in: path + required: true + schema: + type: string + - name: duration + in: query + description: 'Duration for logs. Allowed values: 15m, 1h, 1d, 3d' + schema: + type: string + default: 1d + enum: + - 15m + - 1h + - 1d + - 3d + tags: + - Vlan Attachment + /mt/sp-interconnect/regions: + get: + summary: List of Regions and Edge Locations + description: Fetch the master list of all geographical regions and edge locations + supported by the SP Interconnect service. This assists in network planning + by identifying optimal locations for Interconnect placement. Consult this + data to determine the closest edge location to your physical infrastructure + for low-latency traffic egress. The response is dynamically filtered based + on the cloudProvider to ensure regional compatibility. + operationId: GetMtSp-interconnectRegions + responses: + '200': + description: Success + parameters: + - name: cloudProvider + in: query + schema: + $ref: '#/components/schemas/CloudProvider' + tags: + - Interconnect + /mt/sp-interconnect/regions/physical-connections: + get: + summary: List of Physical Connection Regions in GCP + description: Retrieve the specific regions and colocation facilities available + for physical interconnect deployments on the GCP network. This informs network + engineers of the precise locations where high-speed physical links can be + provisioned. Use this when developing a dedicated physical connectivity strategy + for large-scale multi-tenant environments. The data provides a hierarchy of + continents, cities, and specific facility names. + operationId: GetMtSp-interconnectRegionsPhysical-connections + responses: + '200': + description: Success + parameters: [] + tags: + - Interconnect + /mt/sp-interconnect/settings: + post: + summary: Configure Egress Settings + description: Apply traffic routing preferences and egress behavior for a specific + Tenant Service Group (TSG). This determines whether egress traffic utilizes + the private Service Provider (SP) path or the standard Prisma Access (PA) + path. Set this during tenant onboarding or when modifying existing regional + traffic policies. If SP egress is selected, you must specify the CIDR ranges + that should participate in the private routing. + operationId: PostMtSp-interconnectSettings + responses: + '200': + description: Success + '400': + description: Bad Request + '409': + description: Conflict + parameters: [] + tags: + - Interconnect + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SettingsEntry' + required: true + get: + summary: Get Egress Settings + description: View the current egress and routing configuration for the authenticated + tenant context. This verifies whether the tenant is currently utilizing the + SP Interconnect or the default public path for their egress traffic. Access + this to validate that your network architecture policies have been correctly + applied at the management plane. The response provides the egress type and + all participating CIDR blocks. + operationId: GetMtSp-interconnectSettings + responses: + '200': + description: Success + '400': + description: Bad Request + '404': + description: Not Found + parameters: [] + tags: + - Interconnect diff --git a/openapi-specs/sase/mt-interconnect/Monitor/SP-Interconnect-Monitor.yaml b/openapi-specs/sase/mt-interconnect/Monitor/SP-Interconnect-Monitor.yaml new file mode 100644 index 000000000..34a000974 --- /dev/null +++ b/openapi-specs/sase/mt-interconnect/Monitor/SP-Interconnect-Monitor.yaml @@ -0,0 +1,627 @@ +openapi: 3.1.0 +info: +<<<<<<< HEAD + title: SP Interconnect Manage APIs +======= + title: SP Interconnect Monitor APIs +>>>>>>> c340db311fb328d16bfdf0243d249403105a1721 + version: '1.0' + description: "These APIs deliver real-time visibility and performance analytics\ + \ for all configured interconnect \nresources through the monitoring plane. They\ + \ allow network teams to track health, bandwidth throughput, \nand data transfer\ + \ volumes at the edge to ensure optimal network security and reliability. \nAccess\ + \ these metrics during routine audits or active troubleshooting to diagnose latency\ + \ spikes or BGP session instability. \nBy applying time-based filters and histograms,\ + \ you can generate detailed traffic trends and monitor IP pool consumption across\ +<<<<<<< HEAD + \ your global infrastructure. This Open API spec file was created on February\ + \ 04, 2026. \xA9 2026 Palo Alto Networks, Inc. Palo Alto Networks is a registered\ + \ trademark of Palo Alto Networks. A list of our trademarks can be found at [https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html).\ + \ All other marks mentioned herein may be trademarks of their respective companies." +servers: +- url: https://api.sase.paloaltonetworks.com +security: +- BearerAuth: [] +components: + securitySchemes: + BearerAuth: + type: http + scheme: bearer + bearerFormat: JWT +ExternalTags: {} +======= + \ your global infrastructure. Created on February 09, 2026. \xA9 2026 Palo Alto\ + \ Networks, Inc." +>>>>>>> c340db311fb328d16bfdf0243d249403105a1721 +paths: + /mt/sp-interconnect/monitor/vlanAttachments/stats: + post: + summary: Get Vlan Attachment Statistics + description: "Retrieve granular performance metrics and operational metadata\ + \ for virtual circuits within the multi-tenant interconnect framework. This\ + \ data resides in the monitoring plane and provides visibility into throughput,\ + \ BGP states, and uptime for specific regional attachments. Access these statistics\ + \ during health audits or when verifying that provisioned bandwidth aligns\ + \ with actual consumption. To execute, define the desired properties\u2014\ + such as ingress/egress throughput or cloud router IPs\u2014and apply filters\ + \ based on time ranges or specific interconnect IDs." + operationId: PostMtSp-interconnectMonitorVlanattachmentsStats + responses: + '200': + description: Success + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + parameters: [] + tags: + - VLAN Attachment Statistics + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/MonitorRequest' + example: + properties: + - property: ingress_throughput + function: avg + - property: egress_throughput + function: avg + - property: vlan_attachment_name + - property: interconnect_name + - property: vlan_attachment_id + - property: interconnect_id + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 30 + - property: interconnect_id + operator: in + values: + - c4ac1cc9-684e-11f0-92e9-4201ac16024e +<<<<<<< HEAD +======= + responses: + '200': + description: Success + content: + application/json: + example: + data: + - cloudProvider: GCP + cloudRouterIp: 169.254.23.177/29 + cloudRouterIpv6: 2600:2d00:0:1:8000:25:4:7879/125 + createTime: 1737611965296 + egress_throughput: 0.0011975343058471016 + ingress_throughput: 0.0017068013320864356 + interconnect_id: c4ac1cc9-684e-11f0-92e9-4201ac16024e + interconnect_name: ic-us-east1 + region: us-east1 + state: ACTIVE_BGP_UP_BGP_IPV6_UP + status: ACTIVE + tenants: 0 + up_time: 1763134414000 + updateTime: 1763755310226 + vlan_attachment_id: 9764ced6-ef10-437e-80a4-d7609dee6264 + vlan_attachment_name: us-east-1-add-2 + requestId: 45759649-4f0f-41b7-a8d2-766f924eaf67 + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + operationId: PostMtSp-interconnectMonitorVlanattachmentsStats +>>>>>>> c340db311fb328d16bfdf0243d249403105a1721 + /mt/sp-interconnect/monitor/interconnects/traffic: + post: + summary: Get Interconnect Data Transfer + description: Aggregate data transfer volumes for entire Interconnect containers + to track total network consumption. This information is calculated at the + edge locations and allows administrators to monitor data egress and ingress + for billing or capacity planning. Utilize this for monthly usage reports or + when analyzing long-term traffic trends across SHARED or PER_TENANT models. + You can retrieve either specific windowed data or total lifetime traffic by + toggling the lifetime query parameter and defining the appropriate time-based + filters. + operationId: PostMtSp-interconnectMonitorInterconnectsTraffic + responses: + '200': + description: Success + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + parameters: + - name: lifetime + in: query + schema: + type: boolean + description: Set to true to get lifetime traffic data + tags: + - Interconnect Traffic + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/MonitorRequest' + examples: + Egress Traffic Last N Days: + value: + properties: + - property: interconnect_name + sort: + order: asc + - function: sum + property: egress_traffic + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 30 + - property: interconnect_id + operator: equals + values: + - c4ac1d7a-684e-11f0-92e9-4201ac16024e +<<<<<<< HEAD + /mt/sp-interconnect/monitor/interconnects/throughput: + post: + summary: Get Throughput By Interconnect + description: Monitor the real-time and historical throughput rates for designated + Interconnect resources. This metric tracks the speed of data flow across the + Service Provider bridge to identify potential bottlenecks or underutilized + capacity. Access this when performing performance tuning or when investigating + regional latency issues. To proceed, define the throughput properties and + use the histogram object to group data by time intervals, such as daily or + hourly trends. + operationId: PostMtSp-interconnectMonitorInterconnectsThroughput +======= + Traffic Over Time: + value: + properties: + - property: egress_traffic + function: sum + - property: ingress_traffic + function: sum + - property: interconnect_name + sort: + order: asc + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 30 + - property: interconnect_id + operator: in + values: + - c4ac1d7a-684e-11f0-92e9-4201ac16024e + histogram: + property: event_time + range: day + enableEmptyInterval: false + value: '1' + Lifetime Traffic: + value: + properties: + - property: interconnect_name + sort: + order: asc + - function: sum + property: egress_traffic + filter: + operator: AND + rules: + - property: event_time + operator: lessThan + values: + - '1766104066466' + - property: interconnect_id + operator: equals + values: + - c4ac1d7a-684e-11f0-92e9-4201ac16024e +>>>>>>> c340db311fb328d16bfdf0243d249403105a1721 + responses: + '200': + description: Success + content: + application/json: + examples: + Egress Traffic: + value: + data: + - interconnect_name: ic-us-central1 + egress_traffic: 73.40927790249995 + requestId: c39c2083-2aa0-4255-9b22-d87c75ec6ade + Traffic Over Time: + value: + data: + - interconnect_name: ic-us-central1 + event_time: 1763424000000 + egress_traffic: 25.912407871000052 + ingress_traffic: 50.45267106150007 + - interconnect_name: ic-us-central1 + event_time: 1763510400000 + egress_traffic: 26.001434308999958 + ingress_traffic: 48.22614097999999 + requestId: c9369eee-108d-4ab8-8498-15bcbb6cf55e + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + parameters: [] + tags: + - Interconnect Throughput + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/MonitorRequest' + example: + properties: + - property: egress_throughput + - property: ingress_throughput + - property: event_time + - property: interconnect_name + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 30 + - property: interconnect_id + operator: equals + values: + - c4ac1d7a-684e-11f0-92e9-4201ac16024e + histogram: + property: event_time + range: day + enableEmptyInterval: false + value: '1' + /mt/sp-interconnect/monitor/vlanAttachments/throughput: + post: + summary: Get Vlan Attachment Throughput Trends + description: Track throughput performance specifically for individual virtual + circuits within an Interconnect. This provides granular visibility into the + load distribution across multiple VlanAttachments to ensure high-availability + (HA) domains are operating as expected. Use this when diagnosing specific + circuit failures or verifying that a new attachment is carrying traffic correctly. + Define the VlanAttachment ID and apply a time-based histogram to visualize + throughput shifts over the desired monitoring period. + operationId: PostMtSp-interconnectMonitorVlanattachmentsThroughput + responses: + '200': + description: Success + content: + application/json: + example: + data: + - egress_throughput: 0.002407656942160277 + ingress_throughput: 0.004687820775191641 + event_time: 1763424000000 + interconnect_name: ic-us-central1 + - egress_throughput: 0.0024075402109722268 + ingress_throughput: 0.0044653834247916635 + event_time: 1763510400000 + interconnect_name: ic-us-central1 + requestId: 3fb923a8-0077-443b-a334-07b3cd2123ed + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + parameters: [] + tags: + - VLAN Attachment Throughput + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/MonitorRequest' + example: + properties: + - property: egress_throughput + function: avg + - property: ingress_throughput + function: avg + - property: vlan_attachment_name + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 30 + - property: vlan_attachment_id + operator: in + values: + - 30eb7634-0f21-4dae-a42f-94d7f7cfdbd1 + histogram: + property: event_time + range: day + enableEmptyInterval: false + value: '1' + /mt/sp-interconnect/monitor/vlanAttachments/traffic: + post: + summary: Get Vlan Attachment Traffic Trends + description: Analyze traffic volume trends for specific virtual circuits over + time. This function captures the total amount of data processed by a VlanAttachment, + assisting in usage-based auditing or capacity forecasting for regional egress. + Deploy this when identifying which virtual circuits are the primary contributors + to regional data transfer. Provide the unique circuit identifier and specify + the aggregation function, such as a sum of egress traffic, to generate a time-series + traffic report. + operationId: PostMtSp-interconnectMonitorVlanattachmentsTraffic + responses: + '200': + description: Success + content: + application/json: + example: + data: + - vlan_attachment_name: us-centrl-con-2 + event_time: 1763424000000 + egress_throughput: 0.0012025526091289183 + ingress_throughput: 0.0019499224276655067 + - vlan_attachment_name: us-centrl-con-2 + event_time: 1763510400000 + egress_throughput: 0.001203609572708337 + ingress_throughput: 0.0017978866898611117 + requestId: 8bcffcf2-5cba-4ed6-bc63-ed1e8a60bec6 + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + parameters: [] + tags: + - VLAN Attachment Traffic + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/MonitorRequest' + example: + properties: + - property: egress_traffic + function: sum + - property: ingress_traffic + function: sum + - property: vlan_attachment_name + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 30 + - property: vlan_attachment_id + operator: in + values: + - 30eb7634-0f21-4dae-a42f-94d7f7cfdbd1 + histogram: + property: event_time + range: day + enableEmptyInterval: false + value: '1' + /mt/sp-interconnect/monitor/vlanAttachments/latency: + post: + summary: Get Vlan Attachment Latency Trends + description: Monitor latency performance for virtual circuits to ensure network + paths meet required service levels. This metric measures the delay in traffic + traversal between Prisma Access and the Service Provider edge. Access this + during troubleshooting to determine if network slowness is related to the + private Interconnect path rather than internal cloud routing. Specify the + vlan_attachment_id and utilize a daily or hourly histogram to detect latency + spikes or persistent high-delay trends. + operationId: PostMtSp-interconnectMonitorVlanattachmentsLatency + responses: + '200': + description: Success + content: + application/json: + example: + data: + - vlan_attachment_name: us-centrl-con-2 + event_time: 1763424000000 + egress_traffic: 12.942472452499988 + ingress_traffic: 20.98604013349996 + - vlan_attachment_name: us-centrl-con-2 + event_time: 1763510400000 + egress_traffic: 12.99898336799997 + ingress_traffic: 19.417176225000027 + requestId: 3291624f-4e40-4b10-9a9c-9851c8bbbd82 + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + parameters: [] + tags: + - VLAN Attachment Latency + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/MonitorRequest' + example: + properties: + - property: latency + - property: event_time + - property: region + filter: + operator: AND + rules: + - property: event_time + operator: last_n_days + values: + - 30 + - property: vlan_attachment_id + operator: in + values: + - 30eb7634-0f21-4dae-a42f-94d7f7cfdbd1 + histogram: + property: event_time + range: day + enableEmptyInterval: false + value: '1' +<<<<<<< HEAD +======= + responses: + '200': + description: Success + content: + application/json: + example: + data: + - vlan_attachment_name: us-centrl-con-2 + event_time: 1766016000000 + latency: 4.204661846160889 + - vlan_attachment_name: us-centrl-con-2 + event_time: 1765238400000 + latency: 3.15822172164917 + - vlan_attachment_name: us-centrl-con-2 + event_time: 1764115200000 + latency: 4.052086353302002 + requestId: 8e701533-5ab3-4815-90af-b4da543804a9 + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error + operationId: PostMtSp-interconnectMonitorVlanattachmentsLatency +>>>>>>> c340db311fb328d16bfdf0243d249403105a1721 + /mt/sp-interconnect/monitor/ip-pool-usage: + get: + summary: Get IP Address Pool Usage + description: Retrieve consumption statistics for the IP Address address pools + assigned to an Interconnect. This visibility helps prevent IP Address exhaustion + by tracking the percentage of used versus configured addresses across primary + and secondary blocks. Use this when monitoring regional IP Address resources + or when investigating incidents related to IP Address address unavailability. + By submitting a valid interconnectId, you receive data on used IPs, incident + counts, and pool locations for the specified resource. + operationId: GetMtSp-interconnectMonitorIp-pool-usage + responses: + '200': + description: Success + content: + application/json: + example: + data: + - configuredIps: 16 + createTime: 1734992147821 + incidentCount: 1 + ipBlockType: SECONDARY + ipProvider: SP + location: US Central + percentageUsed: 100 + region: us-central1 + updateTime: 1734992205233 + usedIps: 16 + - configuredIps: 4 + createTime: 1734992147821 + incidentCount: 1 + ipBlockType: PRIMARY + ipProvider: SP + location: US Central + percentageUsed: 100 + region: us-central1 + updateTime: 1734992205233 + usedIps: 4 + requestId: 4c06b78f-caa4-4be9-ab90-c58c3855bd8c + '400': + description: Bad Request + '401': + description: Permission Denied + '500': + description: Server Error +<<<<<<< HEAD + parameters: + - name: interconnectId + in: query + required: true + schema: + type: string + description: The interconnect ID to query + example: c4ac1d7a-684e-11f0-92e9-4201ac16024e + tags: + - IP Pool Usage +======= + operationId: GetMtSp-interconnectMonitorIp-pool-usage +servers: +- url: https://api.sase.paloaltonetworks.com +security: +- authKey: [] +components: + schemas: + MonitorRequest: + type: object + properties: + properties: + type: array + items: + type: object + properties: + property: + type: string + function: + type: string + alias: + type: string + sort: + type: object + properties: + order: + type: string + filter: + type: object + properties: + operator: + type: string + rules: + type: array + items: + type: object + properties: + property: + type: string + operator: + type: string + values: + type: array + items: {} + histogram: + type: object + properties: + property: + type: string + range: + type: string + enableEmptyInterval: + type: boolean + value: + type: string + securitySchemes: + authKey: + type: http + scheme: Bearer +ExternalTags: {} +>>>>>>> c340db311fb328d16bfdf0243d249403105a1721 diff --git a/openapi-specs/sase/mt-interconnect/paloaltonetworks-multitenant_interconnect.yaml b/openapi-specs/sase/mt-interconnect/paloaltonetworks-multitenant_interconnect.yaml deleted file mode 100644 index 9e1e81009..000000000 --- a/openapi-specs/sase/mt-interconnect/paloaltonetworks-multitenant_interconnect.yaml +++ /dev/null @@ -1,1930 +0,0 @@ -components: - schemas: - AssignIPPoolEntry: - properties: - ipPoolId: - pattern: \S - type: string - required: - - ipPoolId - type: object - BackboneEntryRequest: - properties: - name: - pattern: \S - type: string - required: - - name - type: object - BackboneFilter: - properties: - operator: - description: Always set to AND - type: string - rules: - anyOf: - - $ref: '#/components/schemas/BackboneRule' - - $ref: '#/components/schemas/TimeFilter' - items: - type: object - type: array - required: - - operator - type: object - BackboneProperty: - properties: - alias: - type: string - function: - description: Operations that need to be run on the property field. Operations - can be run only on number properties. - example: sum, avg - type: string - property: - description: Property field name. Property fields will be returned in the - API response. - example: ingress_throughput, egress_throughput, ingress_traffic, egress_traffic,backbone_name, - backbone_id, event_time, region - type: string - type: object - BackboneRule: - properties: - operator: - description: Filter operator that is one of the example values and is run - on the property field - example: in - type: string - property: - description: Filter property field that is one of the example values - example: backbone_name,backbone_id, region - type: string - values: - description: Filter property value - example: SP_Backbone1 if property is backbone_name - items: - type: string - type: array - type: object - Bandwidth: - enum: - - BPS_5G - - BPS_10G - - BPS_20G - - BPS_50G - type: string - ConnectionEntryRequest: - properties: - bandwidth: - $ref: '#/components/schemas/Bandwidth' - bgpPeerAsn: - format: int64 - type: integer - bgpPeerBfdMinReceiveInterval: - format: int64 - maximum: 30000 - minimum: 1000 - type: integer - bgpPeerBfdMinTransmitInterval: - format: int64 - maximum: 30000 - minimum: 1000 - type: integer - bgpPeerBfdMultiplier: - format: int64 - maximum: 16 - minimum: 5 - type: integer - haRegion: - type: string - name: - pattern: \S - type: string - partnerEmail: - pattern: \S - type: string - partnerName: - pattern: \S - type: string - region: - pattern: \S - type: string - required: - - name - - partnerName - - partnerEmail - - region - - bandwidth - - bgpPeerAsn - - bgpPeerBfdMinReceiveInterval - - bgpPeerBfdMinTransmitInterval - - bgpPeerBfdMultiplier - - bgpPeerMd5AuthEnabled - type: object - ConnectionFilter: - properties: - operator: - description: Always set to AND - type: string - rules: - anyOf: - - $ref: '#/components/schemas/ConnectionRule' - - $ref: '#/components/schemas/TimeFilter' - items: - type: object - type: array - required: - - operator - type: object - ConnectionProperty: - properties: - alias: - type: string - function: - description: Operations that need to be run on the property field. Operations - can be run only on number properties. - example: sum, avg - type: string - property: - description: Property field name. Property fields will be returned in the - API response. - example: ingress_throughput, egress_throughput, ingress_traffic, egress_traffic,connection_name, - connection_id, event_time - type: string - type: object - ConnectionRule: - properties: - operator: - description: Filter operator that is one of the example values and is run - on the property field - example: in - type: string - property: - description: Filter property field that is one of the example values - example: connection_name, connection_id,backbone_name,backbone_id,event_time - type: string - values: - description: Filter property value - example: Connection1 if property is connection_name - items: - type: string - type: array - type: object - IPBlockEntry: - properties: - cidr: - items: - type: string - minItems: 1 - type: array - uniqueItems: true - edgeLocation: - pattern: \S - type: string - required: - - edgeLocation - - cidr - type: object - IPPoolEntry: - properties: - haRegion: - type: string - ipBlocks: - items: - $ref: '#/components/schemas/IPBlockEntry' - type: array - uniqueItems: true - ipProvider: - $ref: '#/components/schemas/IPProvider' - name: - pattern: \S - type: string - region: - pattern: \S - type: string - spContactEmail: - type: string - required: - - name - - region - - ipProvider - type: object - IPProvider: - enum: - - SP - - PANW - type: string - RequestBody_Backbone: - properties: - filter: - allOf: - - $ref: '#/components/schemas/BackboneFilter' - - description: filter json object - properties: - description: List of property json objects - items: - $ref: '#/components/schemas/BackboneProperty' - type: array - required: - - properties - - filter - type: object - RequestBody_Connection: - properties: - filter: - allOf: - - $ref: '#/components/schemas/ConnectionFilter' - - description: filter json object - properties: - description: List of property json objects - items: - $ref: '#/components/schemas/ConnectionProperty' - type: array - required: - - properties - - filter - type: object - TimeFilter: - properties: - operator: - description: Filter operator that is one of the example values and is run - on the property field - example: gt, lt, last_n_minutes, last_n_hours, last_n_days - type: string - property: - description: Filter property field that is one of the example values - example: event_time, update_time, updated_time - type: string - values: - description: Filter property value - example: minute, hour or day counts if property is event_time - items: - type: string - type: array - type: object - securitySchemes: - Bearer: - scheme: bearer - type: http -info: - contact: - email: support@paloaltonetworks.com - description: "This Open API spec file represents the APIs available for\n[Palo Alto\ - \ Networks Interconnect](https://docs.paloaltonetworks.com/NEED-URL) APIs. The\ - \ Service Provider(SP) Interconnect API allows you to use SP Backbones like BT,\ - \ Orange, AT&T, and more for directing Prisma Access egress traffic.\nWithout\ - \ the SP Interconnect, Prisma Access egress traffic relies on public cloud providers\ - \ like GCP, AWS, and Azure for network backbone connectivity. \nThe SP Interconnect\ - \ API offers several benefits, including enhanced security, optimized network\ - \ costs, and realibility. \nYou can easily manage traffic routing preferences\ - \ on a per-SP and per-Prisma Access location or region basis, ensuring flexibility\ - \ and efficiency in network operations.\n\nThese APIs use the common SASE authentication\ - \ mechanism and base URL. See the\n[Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ - \ guide for more information.\n\nThis Open API spec file was created on July 17,\ - \ 2024. To check for a more recent version of this file, see\n[Interconnect APIs\ - \ on pan.dev](https://pan.dev/sase/api/mt-sp-interconnect/mt-interconnect-api.html).\n\ - \n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ - \ of Palo\nAlto Networks. A list of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ - \nAll other marks mentioned herein may be trademarks of their respective companies.\n" - title: Multitenant Interconnect APIs - version: '1.0' -openapi: 3.0.2 -paths: - /mt/monitor/v1/interconnect/backbones: - get: - description: 'Lists all the created backbones along with the backbone ID. - - ' - operationId: get-mt-monitor-v1-interconnect-backbones - responses: - '200': - content: - application/json: - examples: - Get all backbone for a particular tsgId: - value: - data: - - connectionStats: - active: 1 - failed: 2 - pending: 3 - staging: 4 - total: 10 - totalBandwidth: 0Mbps - connections: - - bandwidth: BPS_50M - bgpPeerAsn: 16550 - bgpPeerBfdMinReceiveInterval: 1000 - bgpPeerBfdMinTransmitInterval: 1000 - bgpPeerBfdMultiplier: 5 - bgpPeerBfdSessionInitMode: PASSIVE - bgpPeerMd5AuthEnabled: true - bgpPeerMd5AuthKey: authKey - edgeAvailability: REDUNDANT - haRegion: us-west2 - id: 0df743a9-05e5-40b7-bea7-8882560af564 - name: abc-edge-1 - partnerEmail: sp@mail.com - partnerName: sp_abc_name - region: us-central1 - state: CREATED_CONNECTION - status: PENDING - id: 3113b3ac-f808-42ba-afc0-6a94338cd61f - name: backbone-name - status: STAGING - tenants: - - '1234' - - '5678' - requestId: dab32ea4-a388-4886-b4f8-491d7ab10e4b - description: Success - '400': - description: Bad Request - security: - - Bearer: [] - summary: List backbones - tags: - - Backbone - post: - description: "You can create a backbone by providing a name. \n" - operationId: post-mt-monitor-v1-interconnect-backbones - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/BackboneEntryRequest' - responses: - '200': - content: - application/json: - examples: - Add a backbone: - value: - data: - id: 8c2f06b2-3e71-4833-9cc4-7c28af986630 - name: backbone_name9 - requestId: e1bff5ee-3478-4f74-bcac-ddf14670ef5d - description: Success - '400': - content: - application/json: - examples: - Add a backbone with invalid payload: - value: - error: - errorCode: 50001 - errorType: VALIDATION_ERROR - httpStatus: 400 - msg: Backbone name is empty! - requestId: 432568e0-05e2-4baa-8595-ed6bb4f98b64 - description: Bad Request - '409': - content: - application/json: - examples: - Add an already existing backbone: - value: - error: - errorCode: 50003 - errorType: VALIDATION_ERROR - httpStatus: 409 - msg: Backbone with name already exists! - requestId: 432568e0-05e2-4baa-8595-ed6bb4f98b64 - description: Conflict - '500': - content: - application/json: - examples: - Add backbone failed due to internal error: - value: - error: - errorCode: 50002 - errorType: INTERNAL_ERROR - httpStatus: 500 - msg: Failed to add Backbone in db - requestId: 432568e0-05e2-4baa-8595-ed6bb4f98b64 - description: Server Error - security: - - Bearer: [] - summary: Create backbone - tags: - - Backbone - /mt/monitor/v1/interconnect/backbones/{backboneId}: - delete: - description: "Delete a backbone using an ID. You can get the ID when you create\ - \ a backbone. \n" - operationId: delete-mt-monitor-v1-interconnect-backbones-backboneid - parameters: - - in: path - name: backboneId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - examples: - Delete Backbone: - value: - data: Successfully Deleted Backbone - requestId: 7e656271-20f3-4fa4-9c4a-e0f455476fe9 - description: Success - '400': - description: Bad Request - '404': - content: - application/json: - examples: - Delete Backbone not found: - value: - error: - errorCode: 50004 - errorType: NOT_FOUND - httpStatus: 404 - msg: Backbone not found! - requestId: 33a4acfb-d3ee-491e-96ce-ccce0e8d3ba4 - description: Not Found - '500': - content: - application/json: - examples: - Delete Backbone failed: - value: - error: - errorCode: 50005 - errorType: INTERNAL_ERROR - httpStatus: 500 - msg: Backbone delete failed! - requestId: 33a4acfb-d3ee-491e-96ce-ccce0e8d3ba4 - description: Server Error - security: - - Bearer: [] - summary: Delete backbone - tags: - - Backbone - get: - description: "You can get details on the backbone using ID. \n" - operationId: get-mt-monitor-v1-interconnect-backbones-backboneid - parameters: - - in: path - name: backboneId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - examples: - Get backbone by Id: - value: - data: - connectionStats: - active: 0 - failed: 0 - pending: 1 - staging: 0 - total: 1 - totalBandwidth: 0Mbps - connections: - - bandwidth: BPS_50M - bgpPeerAsn: 16550 - bgpPeerBfdMinReceiveInterval: 1000 - bgpPeerBfdMinTransmitInterval: 1000 - bgpPeerBfdMultiplier: 5 - bgpPeerBfdSessionInitMode: PASSIVE - bgpPeerMd5AuthEnabled: true - bgpPeerMd5AuthKey: authKey - edgeAvailability: REDUNDANT - haRegion: us-west2 - id: 0df743a9-05e5-40b7-bea7-8882560af564 - name: abc-edge-1 - partnerEmail: sp@mail.com - partnerName: sp_abc_name - region: us-central1 - state: CREATED_CONNECTION - status: PENDING - id: 3113b3ac-f808-42ba-afc0-6a94338cd61f - name: backbone-name - status: PENDING - tenants: - - '1234' - - '5678' - requestId: cc0bf133-e1de-45d9-bdbc-f3fa31696717 - description: Success - '400': - description: Bad Request - '404': - content: - application/json: - examples: - Get backbone by Id not found: - value: - error: - errorCode: 50004 - errorType: NOT_FOUND - httpStatus: 404 - msg: Backbone not found! - requestId: 176b1c95-9801-4138-b7b7-3d7db83bd274 - description: Not Found - security: - - Bearer: [] - summary: Backbone details - tags: - - Backbone - /mt/monitor/v1/interconnect/backbones/{backboneId}/connections: - get: - description: "Get connection details using backbone ID. \n" - operationId: get-mt-monitor-v1-interconnect-backbones-backboneid-connections - parameters: - - description: 'Provide backbone ID - - ' - in: path - name: backboneId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - examples: - Get Connections in a backbone: - value: - data: - - bandwidth: BPS_50M - bgpPeerAsn: 16550 - bgpPeerBfdMinReceiveInterval: 1000 - bgpPeerBfdMinTransmitInterval: 1000 - bgpPeerBfdMultiplier: 5 - bgpPeerBfdSessionInitMode: PASSIVE - bgpPeerMd5AuthEnabled: true - bgpPeerMd5AuthKey: authKey - edgeAvailability: ZONE1 - haRegion: us-west2 - id: dee52272-d1e2-4b88-9ebc-a5e70e414d58 - name: abc-edge-1 - partnerEmail: sp@mail.com - partnerName: sp_abc_name - region: us-central1 - state: NOT_STARTED - status: PENDING - requestId: 36ea5c86-bf56-4e7a-ad8b-19f246532937 - description: Success - '400': - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Connection details - tags: - - Connection - post: - description: 'Create a connection using backbone ID. - - ' - operationId: post-mt-monitor-v1-interconnect-backbones-backboneid-connections - parameters: - - description: "Provide backbone ID \n" - in: path - name: backboneId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/ConnectionEntryRequest' - responses: - '201': - content: - application/json: - examples: - Add connection in backbone: - value: - data: - - bandwidth: BPS_50M - bgpPeerAsn: 16550 - bgpPeerBfdMinReceiveInterval: 1000 - bgpPeerBfdMinTransmitInterval: 1000 - bgpPeerBfdMultiplier: 5 - bgpPeerBfdSessionInitMode: PASSIVE - bgpPeerMd5AuthEnabled: true - bgpPeerMd5AuthKey: authKey - edgeAvailability: REDUNDANT - haRegion: us-west2 - id: 242e46fd-8408-40ea-b815-8dcd4ad73ad5 - name: abc-edge-1 - partnerEmail: sp@mail.com - partnerName: sp_abc_name - region: us-central1 - state: NOT_STARTED - status: enum(PENDING/STAGING/ACTIVE/FAILED) - tenants: 0 - - bandwidth: BPS_50M - bgpPeerAsn: 16550 - bgpPeerBfdMinReceiveInterval: 1000 - bgpPeerBfdMinTransmitInterval: 1000 - bgpPeerBfdMultiplier: 5 - bgpPeerBfdSessionInitMode: PASSIVE - bgpPeerMd5AuthEnabled: true - bgpPeerMd5AuthKey: authKey - edgeAvailability: REDUNDANT - haRegion: us-west2 - id: 5982d9c3-2bce-4e21-b9ae-ad769e10c939 - name: abc-edge-2 - partnerEmail: sp@mail.com - partnerName: sp_abc_name - region: us-central1 - state: NOT_STARTED - status: enum(PENDING/STAGING/ACTIVE/FAILED) - tenants: 0 - requestId: 9b1ee5d1-0912-4aca-a8cd-b1fc1d662f0c - description: Success - '400': - description: Bad Request - '404': - content: - application/json: - examples: - Add connection, backbone not found: - value: - error: - errorCode: 50004 - errorType: NOT_FOUND - httpStatus: 404 - msg: Backbone not found! - requestId: d42dba1a-23f1-4818-813b-2da9f35c95bb - description: Bad Request - '500': - content: - application/json: - examples: - Add connection failed in GCP: - value: - error: - errorCode: 50020 - errorType: INTERNAL_ERROR - httpStatus: 500 - msg: Failed adding Cloud Router in GCP! - requestId: d42dba1a-23f1-4818-813b-2da9f35c95bb - description: Server Error - security: - - Bearer: [] - summary: Create Connection - tags: - - Connection - /mt/monitor/v1/interconnect/backbones/{backboneId}/connections/{connectionId}: - delete: - description: "Delete a connection using backbone ID. \n" - operationId: delete-mt-monitor-v1-interconnect-backbones-backboneid-connections-connectionid - parameters: - - description: 'Provide backbone ID - - ' - in: path - name: backboneId - required: true - schema: - type: string - - in: path - name: connectionId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - examples: - Delete Backbone: - value: - data: Successfully Deleted Connection - requestId: 7e656271-20f3-4fa4-9c4a-e0f455476fe9 - description: Success - '400': - description: Bad Request - '404': - content: - application/json: - examples: - Delete Connection not found: - value: - error: - errorCode: 50007 - errorType: NOT_FOUND - httpStatus: 404 - msg: Connection not found! - requestId: cf32af05-7df6-4dd2-b27e-7b6ef2683145 - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Delete Connection - tags: - - Connection - get: - description: 'Get connection details using ID. - - ' - operationId: get-mt-monitor-v1-interconnect-backbones-backboneid-connections-connectionid - parameters: - - description: 'Provide backbone ID - - ' - in: path - name: backboneId - required: true - schema: - type: string - - in: path - name: connectionId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - examples: - Get Connection by Id: - value: - data: - bandwidth: BPS_50M - bgpPeerAsn: 16550 - bgpPeerBfdMinReceiveInterval: 1000 - bgpPeerBfdMinTransmitInterval: 1000 - bgpPeerBfdMultiplier: 5 - bgpPeerBfdSessionInitMode: PASSIVE - bgpPeerMd5AuthEnabled: true - bgpPeerMd5AuthKey: authKey - edgeAvailability: ZONE1 - haRegion: us-west2 - id: dee52272-d1e2-4b88-9ebc-a5e70e414d58 - name: abc-edge-1 - partnerEmail: sp@mail.com - partnerName: sp_abc_name - region: us-central1 - state: CREATED_CONNECTION - status: PENDING - requestId: 138de731-25c2-4001-8ea5-d81992c146d7 - description: Success - '400': - description: Bad Request - '404': - content: - application/json: - examples: - Get connection by Id not found: - value: - error: - errorCode: 50007 - errorType: NOT_FOUND - httpStatus: 404 - msg: Connection not found! - requestId: 7c066854-29e8-43a9-b5ae-052362693578 - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Connection details by ID - tags: - - Connection - /mt/monitor/v1/interconnect/ip-pool: - get: - description: "Get details of all the IP Pools. \n" - operationId: get-mt-monitor-v1-interconnect-ip-pool - responses: - '200': - content: - application/json: - examples: - List IP Pools: - value: - data: - - haRegion: us-west1 - id: 9c68ad1e-5112-4dd2-9b8d-b55708dd2f00 - ipBlocks: - - cidr: - - 14.3.0.0/24 - - 14.1.0.0/24 - displayName: US West - edgeLocation: us-west-1 - - cidr: - - 14.1.0.0/24 - displayName: US Southwest - edgeLocation: us-west-201 - ipProvider: SP - name: demo-1 - permittedActions: - - UPDATE_IP_POOL - region: us-west2 - state: SUBNETWORK_UPDATE_CIDR_COMPLETE - status: READY - tsgId: '1091039496' - - id: a55d7799-997d-4cb3-8d68-318f1909b842 - ipBlocks: - - cidr: - - 4.56.78.0/25 - displayName: Senegal - edgeLocation: senegal - ipProvider: SP - name: sample-24 - permittedActions: - - ASSIGN_IP_POOL - - DELETE_IP_POOL - - UPDATE_IP_POOL - region: europe-west1 - state: NOT_STARTED - status: PENDING - tsgId: '1091039496' - requestId: 86062188-ccb4-4d22-8c00-de0a49fed038 - description: Success - '400': - description: Bad Request - security: - - Bearer: [] - summary: IP Pools details - tags: - - IPPool - post: - description: 'Create a new IP Pool by selecting either Prisma Access or get - your own IP. - - ' - operationId: post-mt-monitor-v1-interconnect-ip-pool - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/IPPoolEntry' - responses: - '201': - content: - application/json: - examples: - Add an IP Pool: - value: - data: - haRegion: us-west2 - id: 7673a661-a98b-4202-b70a-8edc3934a3f5 - ipBlocks: - - cidr: - - 21.58.1.0/29 - edgeLocation: mexico-central - ipProvider: SP - name: ip-pool-test - permittedActions: - - ASSIGN_IP_POOL - - DELETE_IP_POOL - - UPDATE_IP_POOL - region: us-south1 - state: NOT_STARTED - status: PENDING - tsgId: '1091039496' - requestId: a097e994-e9e2-4b7a-8c52-606f9a60b42b - description: Success - '400': - description: Bad Request - '500': - description: Internal Error - security: - - Bearer: [] - summary: Create IP Pool - tags: - - IPPool - /mt/monitor/v1/interconnect/ip-pool/assign: - post: - description: "After you create an IP Pool, you can assign a region and the status\ - \ becomes active. \nNote: Once you assign an IP Pool, you cannot update or\ - \ delete an IP Pool. \n" - operationId: post-mt-monitor-v1-interconnect-ip-pool-assign - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/AssignIPPoolEntry' - responses: - '200': - content: - application/json: - examples: - Assign an IP Pool: - value: - data: - haRegion: us-west2 - id: 7673a661-a98b-4202-b70a-8edc3934a3f5 - ipBlocks: - - cidr: - - 21.58.1.0/29 - displayName: Mexico Central - edgeLocation: mexico-central - ipProvider: SP - name: ip-pool-test - permittedActions: [] - region: us-south1 - state: SUBNETWORK_UPDATE_CIDR_IN_PROGRESS - status: IN_PROGRESS - tsgId: '1091039496' - requestId: 6eb154b3-5ac0-441c-a8e4-a092f5b5b588 - description: Success - '400': - description: Bad Request - '500': - description: Internal Error - security: - - Bearer: [] - summary: Assign IP Pool - tags: - - IPPool - /mt/monitor/v1/interconnect/ip-pool/region: - get: - description: 'Get IP Pool regions and edge locations. - - ' - operationId: get-mt-monitor-v1-interconnect-ip-pool-region - responses: - '200': - content: - application/json: - examples: - Get IP Pool regions/edge locations: - value: - data: - - edgeLocation: - - displayName: US Southwest - edgeLocation: us-west-201 - - displayName: US West - edgeLocation: us-west-1 - region: us-west2 - - edgeLocation: - - displayName: US Central West - edgeLocation: us-west-3 - haRegion: us-west2 - region: us-west3 - requestId: e459bba9-ca17-4bfa-a55a-f7305a7e8f75 - description: Success - security: - - Bearer: [] - summary: IP Pool regions - tags: - - IPPool - /mt/monitor/v1/interconnect/ip-pool/{ipPoolId}: - delete: - description: 'Delete an IP Pool using an ID. - - ' - operationId: delete-mt-monitor-v1-interconnect-ip-pool-ippoolid - parameters: - - description: 'Provide IP Pool ID - - ' - in: path - name: ipPoolId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - examples: - Delete IP Pool by id: - value: - data: IP Pool successfully deleted - requestId: e34443d5-dfbd-482b-a76c-5d753034efc0 - description: Success - security: - - Bearer: [] - summary: Delete IP Pool - tags: - - IPPool - get: - description: 'Get IP pool details by prividing an ID. - - ' - operationId: get-mt-monitor-v1-interconnect-ip-pool-ippoolid - parameters: - - description: 'Provide IP Pool ID - - ' - in: path - name: ipPoolId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - examples: - Get IP Pool by id: - value: - data: - haRegion: us-west1 - id: 9c68ad1e-5112-4dd2-9b8d-b55708dd2f00 - ipBlocks: - - cidr: - - 14.1.0.0/24 - cidrInUse: - - 14.1.0.0/24 - displayName: US Southwest - edgeLocation: us-west-201 - - cidr: - - 14.3.0.0/24 - - 14.1.0.0/24 - cidrInUse: - - 14.3.0.0/24 - - 14.1.0.0/24 - displayName: US West - edgeLocation: us-west-1 - ipProvider: SP - name: demo-1 - permittedActions: - - UPDATE_IP_POOL - region: us-west2 - state: SUBNETWORK_UPDATE_CIDR_COMPLETE - status: READY - tsgId: '1091039496' - requestId: adfa0a27-fe75-45ed-bf6d-48d82816f322 - description: Success - '400': - description: Bad Request - security: - - Bearer: [] - summary: IP Pool by ID - tags: - - IPPool - put: - description: 'Update an IP Pool using an ID. - - ' - operationId: put-mt-monitor-v1-interconnect-ip-pool-ippoolid - parameters: - - description: 'Provide IP Pool ID - - ' - in: path - name: ipPoolId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/IPPoolEntry' - responses: - '200': - content: - application/json: - examples: - Update IP Pool: - value: "{\n \"data\": {\n \"id\": \"7673a661-a98b-4202-b70a-8edc3934a3f5\"\ - ,\n \"ipBlocks\": [\n {\n \ - \ \"cidr\": [\n \"21.58.2.0/29\"\n \ - \ ],\n \"displayName\": \"Mexico\ - \ Central\",\n \"edgeLocation\": \"mexico-central\"\ - \n }\n ],\n \"ipProvider\": \"\ - SP\",\n \"name\": \"ip-pool-test\",\n \"permittedActions\"\ - : [],\n \"region\": \"us-south1\",\n \"state\"\ - : \"NOT_STARTED\",\n \"status\": \"PENDING\"\n \ - \ \"tsgId\": \"1091039496\"\n },\n \"requestId\"\ - : \"6eb154b3-5ac0-441c-a8e4-a092f5b5b588\"\n}" - description: Success - '400': - description: Bad Request - '500': - description: Internal Error - security: - - Bearer: [] - summary: Update IP Pool - tags: - - IPPool - /mt/monitor/v1/interconnect/monitor/backbones/theatres: - get: - description: 'Monitor a group of regions. - - ' - operationId: get-mt-monitor-v1-interconnect-monitor-backbones-theatres - parameters: - - in: query - name: backboneId - schema: - type: string - - in: query - name: tsgId - schema: - type: string - responses: - '200': - content: - application/json: - examples: - Theatre to Region Mapping: - value: - - region: - - Test - - Test1 - theatre: Theatre1 - description: Success - '400': - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Monitor regions - tags: - - BackboneMonitoring - /mt/monitor/v1/interconnect/monitor/backbones/throughput: - post: - description: "Provides comprehensive data on the rate of ingress and egress\ - \ data traffic, offering insights into bandwidth utilization and network performance.\ - \ \n" - operationId: post-mt-monitor-v1-interconnect-monitor-backbones-throughput - requestBody: - content: - application/json: - examples: - Throughput By Backbone: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - - operator: in - property: backbone_id - values: - - '1' - histogram: - enableEmptyInterval: false - property: event_time - range: day - value: '1' - properties: - - property: backbone_name - - property: backbone_id - - property: event_time - - property: egress_throughput - - property: ingress_throughput - Throughput By Region: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - - operator: in - property: region - values: - - us-east1 - - us-west1 - histogram: - enableEmptyInterval: false - property: event_time - range: day - value: '1' - properties: - - property: region - - property: event_time - - property: egress_throughput - - property: ingress_throughput - schema: - $ref: '#/components/schemas/RequestBody_Backbone' - responses: - '200': - content: - application/json: - examples: - Throughput By Backbone: - value: - - backbone_id: 10 - backbone_name: Test - egress_throughput: 100.0 - event_time: 34567890 - ingress_throughput: 89.0 - - backbone_id: 10 - backbone_name: Test - egress_throughput: 100.0 - event_time: 34567890 - ingress_throughput: 89.0 - Throughput By Region: - value: - - egress_throughput: 100.0 - event_time: 34567890 - ingress_throughput: 89.0 - region: us-west1 - - egress_throughput: 100.0 - event_time: 34567890 - ingress_throughput: 89.0 - region: us-west2 - description: Success - '400': - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Ingress/Egress throughput - tags: - - BackboneMonitoring - /mt/monitor/v1/interconnect/monitor/backbones/throughput/{tsgId}: - post: - description: "Provides detailed measurements of the rate at which data is transmitted\ - \ into and out of a network for \neach individual tenant within a multi-tenant\ - \ environment.\n" - operationId: post-mt-monitor-v1-interconnect-monitor-backbones-throughput-tsgid - parameters: - - description: "A sub-tenant TSG ID retrieves and provides the unique indentifier\ - \ (TSG ID) associated with a specific sub-tenant within the multi-tenant\ - \ architecture, \nproviding precise tenant management and resource allocation.\ - \ \n" - example: 123456789 - in: path - name: tsgId - required: true - schema: - type: string - requestBody: - content: - application/json: - examples: - Throughput By Backbone per Tenant: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - - operator: in - property: backbone_id - values: - - '1' - histogram: - enableEmptyInterval: false - property: event_time - range: day - value: '1' - properties: - - property: backbone_name - - property: backbone_id - - property: event_time - - property: egress_throughput - - property: ingress_throughput - Throughput By Region per Tenant: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - - operator: in - property: region - values: - - us-east1 - - us-west1 - histogram: - enableEmptyInterval: false - property: event_time - range: day - value: '1' - properties: - - property: region - - property: event_time - - property: egress_throughput - - property: ingress_throughput - schema: - $ref: '#/components/schemas/RequestBody_Backbone' - responses: - '200': - content: - application/json: - examples: - Throughput By Backbone per Tenant: - value: - - backbone_id: 10 - backbone_name: Test - egress_throughput: 100.0 - event_time: 34567890 - ingress_throughput: 89.0 - - backbone_id: 10 - backbone_name: Test - egress_throughput: 100.0 - event_time: 34567890 - ingress_throughput: 89.0 - Throughput By Region per Tenant: - value: - - egress_throughput: 100.0 - event_time: 34567890 - ingress_throughput: 89.0 - region: us-west1 - - egress_throughput: 100.0 - event_time: 34567890 - ingress_throughput: 89.0 - region: us-west2 - description: Success - '400': - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Ingress/Egress throughput by tenant - tags: - - BackboneMonitoring - /mt/monitor/v1/interconnect/monitor/backbones/traffic: - post: - description: "Provides details on ingress/egress network traffic specific to\ - \ each tenant within a multi-tenant environment. \n" - operationId: post-mt-monitor-v1-interconnect-monitor-backbones-traffic - parameters: - - description: "Duration for which the network or application state is considered\ - \ valid. \n" - example: false - in: query - name: lifeTime - schema: - type: boolean - requestBody: - content: - application/json: - examples: - Backbone Data Transfer Over Time: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - histogram: - enableEmptyInterval: false - property: event_time - range: day - value: '1' - properties: - - property: backbone_name - - property: backbone_id - - function: sum - property: egress_traffic - - function: sum - property: ingress_traffic - Backbone Egress Data Transfer: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - properties: - - property: backbone_name - - property: backbone_id - - function: sum - property: egress_traffic - Backbone Egress Data Transfer Lifetime: - value: - filter: - operator: AND - rules: - - operator: lessThan - property: event_time - values: - - 1234567890 - properties: - - property: backbone_name - - property: backbone_id - - function: sum - property: egress_traffic - schema: - $ref: '#/components/schemas/RequestBody_Backbone' - responses: - '200': - content: - application/json: - examples: - Backbone Data Transfer Over Time: - value: - - backbone_id: 10 - backbone_name: Test - egress_traffic: 100.0 - event_time: 34567890 - ingress_traffic: 89.0 - - backbone_id: 10 - backbone_name: Test - egress_traffic: 100.0 - event_time: 34567987 - ingress_traffic: 89.0 - Backbone Egress Data Transfer: - value: - - backbone_id: 10 - backbone_name: Test - egress_traffic: 100.0 - Backbone Egress Data Transfer Lifetime: - value: - - backbone_id: 10 - backbone_name: Test - egress_traffic: 100.0 - description: Success - '400': - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Ingress/Egress traffic - tags: - - BackboneMonitoring - /mt/monitor/v1/interconnect/monitor/backbones/traffic/{tsgId}: - post: - description: 'Retrieves the ingress/egress traffic data categorized by tenant. - - ' - operationId: post-mt-monitor-v1-interconnect-monitor-backbones-traffic-tsgid - parameters: - - description: "A sub-tenant TSG ID retrieves and provides the unique indentifier\ - \ (TSG ID) associated with a specific sub-tenant within the multi-tenant\ - \ architecture, \nproviding precise tenant management and resource allocation.\ - \ \n" - example: 123456789 - in: path - name: tsgId - required: true - schema: - type: string - - example: false - in: query - name: lifeTime - schema: - type: boolean - requestBody: - content: - application/json: - examples: - Backbone Data Transfer Over Time per Tenant: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - histogram: - enableEmptyInterval: false - property: event_time - range: day - value: '1' - properties: - - property: backbone_name - - property: backbone_id - - property: event_time - - property: egress_traffic - - property: ingress_traffic - Backbone Egress Data Transfer Lifetime per Tenant: - value: - filter: - operator: AND - rules: - - operator: lessThan - property: event_time - values: - - 1234567890 - properties: - - property: backbone_name - - property: backbone_id - - property: egress_traffic - Backbone Egress Data Transfer per Tenant: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - properties: - - property: backbone_name - - property: backbone_id - - property: egress_traffic - schema: - $ref: '#/components/schemas/RequestBody_Backbone' - responses: - '200': - content: - application/json: - examples: - Backbone Data Transfer Over Time per Tenant: - value: - - backbone_id: 10 - backbone_name: Test - egress_traffic: 100.0 - event_time: 34567890 - ingress_traffic: 89.0 - - backbone_id: 10 - backbone_name: Test - egress_traffic: 100.0 - event_time: 34567987 - ingress_traffic: 89.0 - Backbone Egress Data Transfer Lifetime per Tenant: - value: - - backbone_id: 10 - backbone_name: Test - egress_traffic: 100.0 - Backbone Egress Data Transfer per Tenant: - value: - - backbone_id: 10 - backbone_name: Test - egress_traffic: 100.0 - description: Success - '400': - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Ingress/Egress traffic by tenant - tags: - - BackboneMonitoring - /mt/monitor/v1/interconnect/monitor/connections/connectionStats: - post: - description: "Offers detailed metrics on the performance and realibity of a\ - \ network connection. \n" - operationId: post-mt-monitor-v1-interconnect-monitor-connections-connectionstats - requestBody: - content: - application/json: - examples: - Connections: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - properties: - - property: connection_name - - property: backbone_name - - function: avg - property: egress_throughput - - function: avg - property: egress_throughput - Connections Per Backbone: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - - operator: in - property: backbone_name - values: - - backbone1 - properties: - - property: connection_name - - function: avg - property: egress_throughput - - function: avg - property: ingress_throughput - - property: backbone_name - schema: - $ref: '#/components/schemas/RequestBody_Connection' - responses: - '200': - content: - application/json: - examples: - Connections: - value: - - backbone_name: backbone1 - connection_name: connection1 - egress_throughput: 100.0 - ingress_throughput: 89.0 - status: ACTIVE - tenants: 5 - upTime: 123456 - Connections Per Backbone: - value: - - backbone_name: backbone1 - connection_name: connection1 - egress_throughput: 100.0 - ingress_throughput: 89.0 - status: ACTIVE - tenants: 5 - upTime: 123456 - description: Success - '400': - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Connection statistics - tags: - - ConnectionMonitoring - /mt/monitor/v1/interconnect/monitor/connections/latency: - post: - description: "Provides precise measurements of the time delay experienced in\ - \ data transmission across a network connection, \nenabling real-time monitoring\ - \ and optimization of network performance. \n" - operationId: post-mt-monitor-v1-interconnect-monitor-connections-latency - requestBody: - content: - application/json: - examples: - Connection Latency to PA Edge: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - - operator: in - property: connection_id - values: - - '12345' - histogram: - enableEmptyInterval: false - property: event_time - range: day - value: '1' - properties: - - property: region - - property: latency - - property: event_time - schema: - $ref: '#/components/schemas/RequestBody_Connection' - responses: - '200': - content: - application/json: - examples: - Connection Latency to PA Edge: - value: - - connection_name: connection1 - event_time: 9876547 - latency: 100.0 - description: Success - '400': - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Latency materics - tags: - - ConnectionMonitoring - /mt/monitor/v1/interconnect/monitor/connections/throughput: - post: - description: "Provides detailed metrics on the rate of incoming (ingress) and\ - \ outgoing (egress) data traffic, allowing for \nreal-time monitoring and\ - \ analysis of network performance and bandwidth utilization. \n" - operationId: post-mt-monitor-v1-interconnect-monitor-connections-throughput - requestBody: - content: - application/json: - examples: - Ingress Egress Throughput: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - - operator: in - property: connection_name - values: - - connection1 - histogram: - enableEmptyInterval: false - property: event_time - range: day - value: '1' - properties: - - property: connection_name - - function: avg - property: egress_throughput - - function: avg - property: ingress_throughput - - property: connection_id - - property: event_time - schema: - $ref: '#/components/schemas/RequestBody_Connection' - responses: - '200': - content: - application/json: - examples: - Ingress Egress Throughput: - value: - - connection_id: id1 - connection_name: connection1 - egress_throughput: 100.0 - event_time: 9876547 - ingress_throughput: 89.0 - description: Success - '400': - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Ingress/Egress throughput - tags: - - ConnectionMonitoring - /mt/monitor/v1/interconnect/monitor/connections/traffic: - post: - description: "Provides comprehensive data on incoming (ingress) and outgoing\ - \ (egress) netwrok traffic, \nenabling moniotoring and anlysis of traffic\ - \ patterns, bandwidth usage, and network performance. \n" - operationId: post-mt-monitor-v1-interconnect-monitor-connections-traffic - requestBody: - content: - application/json: - examples: - Ingress Egress Data Transfer: - value: - filter: - operator: AND - rules: - - operator: last_n_days - property: event_time - values: - - 7 - - operator: in - property: connection_name - values: - - connection1 - histogram: - enableEmptyInterval: false - property: event_time - range: day - value: '1' - properties: - - property: connection_name - - function: sum - property: egress_traffic - - function: sum - property: ingress_traffic - - property: connection_id - schema: - $ref: '#/components/schemas/RequestBody_Connection' - responses: - '200': - content: - application/json: - examples: - Ingress Egress Data Transfer: - value: - - connection_id: id1 - connection_name: connection1 - egress_traffic: 100.0 - event_time: 9876547 - ingress_traffic: 89.0 - description: Success - '400': - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: Ingress/Egress traffic - tags: - - ConnectionMonitoring - /mt/monitor/v1/interconnect/monitor/ip-pool-usage: - get: - description: "Provides a real-time and historical data on the allocation and\ - \ utilization of IP addresses within a specified pool, enabling efficient\ - \ network resource management. \n" - operationId: get-mt-monitor-v1-interconnect-monitor-ip-pool-usage - responses: - '200': - content: - application/json: - examples: - IP Pool Usage: - value: - - configuredIps: 768 - incidentCount: 0 - location: US West - name: anil - percentageUsed: 0.0 - region: us-west2 - usedIps: 0 - description: Success - '400': - description: Bad Request - '500': - description: Server Error - security: - - Bearer: [] - summary: IP Pool usage - tags: - - IPPoolMonitor - /mt/monitor/v1/interconnect/regions: - get: - description: "Get list of all the supported regions and you can use this during\ - \ the creation of a connection. \n" - operationId: get-mt-monitor-v1-interconnect-regions - responses: - '200': - content: - application/json: - examples: - Get Regions: - value: - data: - - asia-east1 - - asia-east2 - - asia-south1 - - asia-south2 - - asia-southeast1 - - asia-southeast2 - - australia-southeast1 - - australia-southeast2 - - europe-north1 - - europe-southwest1 - - europe-west1 - - europe-west2 - - europe-west3 - - europe-west4 - - europe-west6 - - europe-west8 - - europe-west9 - - northamerica-northeast1 - - northamerica-northeast2 - - southamerica-east1 - - southamerica-west1 - - us-central1 - - us-east1 - - us-east4 - - us-south1 - - us-west1 - - us-west2 - requestId: 06bd35c6-e446-4e2a-96ae-a6b05607084b - description: Success - security: - - Bearer: [] - summary: Supported regions - tags: - - Region -servers: -- url: https://api.sase.paloaltonetworks.com -tags: -- description: "A Backbone is a virtual grouping of network connections. It serves\ - \ as the core structure around which other elements like connections and tenants\ - \ are organized. \nManaging a backbone allows you to oversee the connections and\ - \ tenants associated with it, providing a centralized point for monitoring and\ - \ control.\n" - name: Backbone API -- description: "A Connection represents a link between different network segments\ - \ or regions. Creating and managing connections allows for the integration and\ - \ interaction of various parts of your network infrastructure. \nEach connection\ - \ is associated with a specific backbone, enabling detailed monitoring and management.\ - \ \n" - name: Connection API -- description: "You can select or assign an IP Pool to a region of your choice from\ - \ the given list. \n" - name: Region API -- description: "Monitor the performance and status of all backbones. You can track\ - \ egress and ingress throughput, view detailed egress and ingress statistics,\ - \ and monitor egress and ingress throughput by providing tenant information. \n\ - Additionally, you can view egress and ingress statistics by tenant and get an\ - \ autogenerated summary of the backbone's overall performance and status.\n" - name: Backbone Monitoring API -- description: "Monitor the performance and details of all connections. This includes\ - \ providing connection statistics, latency details, and connection statistics\ - \ through egress and ingress throughput. \nAdditionally, you can monitor egress\ - \ and ingress traffic for each connection.\n" - name: Connection Monitoring API -- description: "An IP Pool is a collection of IP addresses that can be assigned to\ - \ different regions within your network. You can either use IP address provided\ - \ by Prisma Access or bring your own IP address.\nManaging IP pools includes creating,updating,assigning\ - \ to regions, and deleting IP pools based on your network requirements. \n" - name: IP Pool API -- description: "Provides details on the IP Pool usage. \n" - name: IP Pool Monitoring API diff --git a/products/sase/api/manage-services-5g/introduction.md b/products/sase/api/manage-services-5g/introduction.md index 8d575174e..7f03aa403 100644 --- a/products/sase/api/manage-services-5g/introduction.md +++ b/products/sase/api/manage-services-5g/introduction.md @@ -1,8 +1,7 @@ --- -id: introduction_5g +id: introduction title: Introduction to SASE 5G Manage Service sidebar_label: SASE 5G Manage Service APIs -slug: /sase/api/manage-services-5g keywords: - SASE - Reference diff --git a/products/sase/api/manage-services-5g/overview.md b/products/sase/api/manage-services-5g/overview.md index a73306fa9..fdc08b311 100644 --- a/products/sase/api/manage-services-5g/overview.md +++ b/products/sase/api/manage-services-5g/overview.md @@ -1,5 +1,5 @@ --- -id: overview_5g +id: overview title: Overview of SASE 5G Manage Service sidebar_label: Overview keywords: diff --git a/products/sase/api/monitor-services-5g/introduction_monitor.md b/products/sase/api/monitor-services-5g/introduction_monitor.md new file mode 100644 index 000000000..a479851f3 --- /dev/null +++ b/products/sase/api/monitor-services-5g/introduction_monitor.md @@ -0,0 +1,16 @@ +--- +id: introduction_monitor +title: Introduction to SASE 5G Monitor Service +sidebar_label: SASE 5G Monitor Service APIs +keywords: + - SASE + - Reference + - API +--- + +The SASE 5G Monitoring APIs provide real-time visibility and technical telemetry across the 5G infrastructure. These interfaces enable administrators to track subscriber scaling, monitor regional registration trends, and audit network throughput. By integrating these monitoring endpoints into centralized dashboards, organizations can identify unauthorized device mappings, respond to security incidents by severity, and ensure that 5G network interconnects maintain optimal performance levels. + + +These APIs use the [common SASE authentication](/sase/docs/getstarted) for service access and authorization. + + diff --git a/products/sase/api/mt-interconnect/Manage/manage-introduction.md b/products/sase/api/mt-interconnect/Manage/manage-introduction.md new file mode 100644 index 000000000..4eb07a458 --- /dev/null +++ b/products/sase/api/mt-interconnect/Manage/manage-introduction.md @@ -0,0 +1,19 @@ +--- +id: manage-introduction +title: Multitenant Interconnect Manage APIs +sidebar_label: Multitenant Interconnect Manage APIs +keywords: + - SASE + - Reference + - API +--- + +The **SP Interconnect Manage** API allows you to configure and manage the lifecycle of your service provider connectivity. + +## Key Management Functions +* **Interconnect Models**: Configure **Shared Interconnects** for multi-tenant egress or **Per-Tenant Interconnects** for isolated child tenant ingress. +* **VlanAttachment Lifecycle**: Provision virtual circuits within specific regions and retrieve **Vlan Pairing Keys** for co-location providers. +* **IP Pool Management**: Manage **IPPools** for traffic routing, including **Bring Your Own IP (BYOIP)** support. +* **Egress Paths**: Define if egress traffic returns to the SP network or uses Prisma Access egress. + +These APIs use the [common SASE authentication](/sase/docs/getstarted) for service access and authorization. diff --git a/products/sase/api/mt-interconnect/Monitor/monitor-introduction.md b/products/sase/api/mt-interconnect/Monitor/monitor-introduction.md new file mode 100644 index 000000000..d15790e82 --- /dev/null +++ b/products/sase/api/mt-interconnect/Monitor/monitor-introduction.md @@ -0,0 +1,19 @@ +--- +id: monitor-introduction +title: Multitenant Interconnect Monitor APIs +sidebar_label: Multitenant Interconnect Monitor APIs +keywords: + - SASE + - Reference + - API +--- + +The **SP Interconnect Monitoring** API provides real-time visibility into the health, performance, and consumption of your infrastructure. + +## Key Monitoring Metrics +* **Interconnect Health**: Monitor operational status across all regions to detect disruptions. +* **VlanAttachment Status**: Track the connectivity state and performance of virtual circuits. +* **IP Pool Usage**: Gain insights into IP address pool consumption to prevent exhaustion. +* **Multi-tenant Visibility**: View monitoring summaries across all tenants to identify regional issues. + +These APIs use the [common SASE authentication](/sase/docs/getstarted) for service access and authorization. diff --git a/products/sase/api/mt-interconnect/introduction.md b/products/sase/api/mt-interconnect/introduction.md new file mode 100644 index 000000000..ec37cd37b --- /dev/null +++ b/products/sase/api/mt-interconnect/introduction.md @@ -0,0 +1,33 @@ +--- +id: introduction +title: Service Provider Interconnect APIs +sidebar_label: Service Provider Interconnect Overview +keywords: + - SASE + - Reference + - API +--- +:::warning Deprecation Notice + +The **Backbone** and **Connection** APIs are now **deprecated** and have been replaced by the **Service Provider (SP) Interconnect** framework. + +**Key Terminology Changes:** +* **Backbone** is now **Interconnect**. +* **Connection** is now **VlanAttachment**. + +**What You Should Do:** +1. **Migrate Endpoints:** Update API calls to the new `/sp-interconnect/` directory structure. +2. **Update Resources:** Align internal logic with the new **SHARED** and **PER_TENANT** types. + +::: + +## Overview +Welcome to the **Strata Cloud Manager Multitenant Service Provider (SP) Interconnect APIs**. + +The SP Interconnect API allows you to use Service Provider Interconnects (e.g., BT, Orange, AT&T) for directing Prisma Access egress traffic. Without SP Interconnect, traffic relies on public cloud backbones like GCP, AWS, and Azure. This framework provides enhanced security, optimized costs, and improved reliability. + +## Key Components +* **Interconnects**: The top-level resource grouping connectivity by region and cloud provider. +* **VlanAttachments**: Virtual circuits (formerly "Connections") that facilitate data flow. +* **Physical VlanAttachments**: Underlying physical infrastructure mapping. +* **IPPools**: Managed IP sets attached directly to an Interconnect. \ No newline at end of file diff --git a/products/sase/api/mt-interconnect/mt-interconnect.md b/products/sase/api/mt-interconnect/mt-interconnect.md deleted file mode 100644 index 15f42b45a..000000000 --- a/products/sase/api/mt-interconnect/mt-interconnect.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -id: mt-interconnect -title: Multitenant Interconnect APIs -sidebar_label: Multitenant Interconnect APIs -slug: /sase/api/mt-interconnect -keywords: - - SASE - - Reference - - API ---- - -Welcome to the Strata Cloud Manager Multitenant Service Provider Interconnect APIs. The Service -Provider (SP) Interconnect API allows you to use Service Provider Backbones like BT, Orange, AT&T, -and more for directing Prisma Access egress traffic. Without the SP Interconnect, Prisma Access -egress traffic relies on public cloud providers like GCP, AWS, and Azure for network backbone -connectivity. The SP Interconnect API offers several benefits, including enhanced security,optimized -network costs, and reliability. You can easily manage traffic routing preferences on a per-SP and -per-Prisma Access location or region basis, ensuring flexibility and efficiency in network -operations. - -These APIs use the [common SASE authentication](/sase/docs/getstarted) for service access and authorization. diff --git a/products/sase/docs/release-notes/changelog.md b/products/sase/docs/release-notes/changelog.md index 3bf669872..dc0c33273 100644 --- a/products/sase/docs/release-notes/changelog.md +++ b/products/sase/docs/release-notes/changelog.md @@ -13,6 +13,7 @@ keywords: | Date | Description | | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| February 2, 2026 | Redesigned the [SP Interconnect APIs](/sase/api/mt-interconnect/introduction.md). | Oct 8, 2025 | Added new APIs to [SASE 5G Manage Services APIs](/sase/api/manage-services-5g/). | July 1, 2025 | Added [Identity Security Posture Management APIs](/sase/api/identity-sspm/). | June 24, 2025 | Added Plugin API to [SaaS Security Posture Management APIs](/sase/api/sspm/). diff --git a/products/sase/sidebars.ts b/products/sase/sidebars.ts index 6d6362306..89c62af35 100644 --- a/products/sase/sidebars.ts +++ b/products/sase/sidebars.ts @@ -299,15 +299,46 @@ module.exports = { "sase/api/mt-notifications/notifications-api", require("./api/mt-notifications/sidebar"), ], - sasemtinterconnect: [ - "sase/api/mt-interconnect/mt-interconnect", - require("./api/mt-interconnect/sidebar"), + + // UNIFIED SP INTERCONNECT SIDEBAR + spinterconnect: [ + // 1. Root Introduction (Must exist at: sase/api/mt-interconnect/introduction.md) + "sase/api/mt-interconnect/introduction", + + // 2. Manage Category + { + type: "category", + label: "Manage", + collapsed: false, + items: [ + // Ensure the ID in manage-introduction.md is exactly "manage-introduction" + "sase/api/mt-interconnect/Manage/manage-introduction", + ...require("./api/mt-interconnect/Manage/sidebar"), + ], + }, + + // 3. Monitor Category + { + type: "category", + label: "Monitor", + collapsed: false, + items: [ + // Ensure the ID in monitor-introduction.md is exactly "monitor-introduction" + "sase/api/mt-interconnect/Monitor/monitor-introduction", + ...require("./api/mt-interconnect/Monitor/sidebar"), + ], + }, ], + manageservices: [ - "sase/api/manage-services-5g/introduction_5g", - "sase/api/manage-services-5g/overview_5g", + "sase/api/manage-services-5g/introduction", + "sase/api/manage-services-5g/overview", require("./api/manage-services-5g/sidebar"), ], + monitorservices: [ + "sase/api/monitor-services-5g/introduction_monitor", + require("./api/monitor-services-5g/sidebar"), + ], configorch: [ "sase/api/config-orch/introduction", "sase/api/config-orch/api-workflow",